Inactive Programs not starting, task manager not starting or freezing.

langsa · 2010/08/16

[Inactive] Programs not starting, task manager not starting or freezing.

So I return, having yet another problem with my computer. This time, my main problem is that programs refuse to load the majority of the time. This includes Firefox, Internet Explorer, Google Chrome, Macromedia Fireworks, Process Explorer, and Task Manager. Here are my DDS logs:

DDS.txt:

DDS (Ver_10-03-17.01) - NTFSx86
Run by langsa at 0:16:13.60 on Tue 08/17/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vistaâ„¢ Business 6.0.6002.2.1252.1.1033.18.2041.695 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\System32\svchost.exe -k Bioscrypt
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\windows\system32\svchost.exe -k rpcss
C:\windows\system32\Ati2evxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\SLsvc.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\windows\system32\AEADISRV.EXE
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\PDF Complete\pdfsvc.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\ThreatFire\TFService.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\Dwm.exe
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\langsa\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Users\langsa\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\langsa\Desktop\dds.scr
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=all&pf=cmnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=all&pf=cmnb
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: BHO_Startup Class: {3134413b-49b4-425c-98a5-893c1f195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "c:\users\langsa\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe "
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [HP Mobile Broadband] c:\swsetup\hpqwwan\HPMobileBroadband.exe /TrayMode
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [File Sanitizer] c:\program files\hewlett-packard\file sanitizer\CoreShredder.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [HPCam_Menu] "c:\program files\hewlett-packard\hp webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\hp webcam" updatewithcreateonce "software\cyberlink\hp webcam\1.0 "
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [RRT-Auto] c:\users\langsa\RRT.exe auto
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download Link Using Mega Manager... - c:\program files\megaupload\mega manager\mm_file.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: DeviceNP - DeviceNP.dll
AppInit_DLLs: c:\windows\system32\apshook.dll c:\windows\system32\avgrsstx.dll c:\windows\system32\apshook.dll c:\windows\system32\apshook.dll c:\windows\system32\apshook.dll c:\windows\system32\APSHook.dll APSHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "

================= FIREFOX ===================

FF - ProfilePath - c:\users\langsa\appdata\roaming\mozilla\firefox\profiles\5gidxkas.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\ksolo\npAVX.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\langsa\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\langsa\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\langsa\appdata\roaming\mozilla\firefox\profiles\5gidxkas.default\extensions\{077a24e9-0db5-435f-9010-5261c53e5925}\plugins\npmabiwebframe.dll
FF - plugin: c:\users\langsa\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\users\langsa\documents\sparkplay media\sparkplayer (beta)\npSparkPlayerNS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-24 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-24 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-24 243024]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-8-7 29736]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-20 179712]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2008-8-6 32256]

=============== Created Last 30 ================

2010-08-17 02:38:21 0 d-sh--w- C:\$RECYCLE.BIN
2010-08-17 02:19:48 0 d-s---w- C:\ComboFix
2010-08-17 02:01:04 98816 ----a-w- c:\windows\sed.exe
2010-08-17 02:01:04 161792 ----a-w- c:\windows\SWREG.exe
2010-08-16 22:37:49 0 d-----w- c:\programdata\AVG Security Toolbar
2010-08-16 22:17:08 6345994 ----a-w- c:\users\langsa\update_fwmx_2004.exe
2010-08-16 22:14:06 1565390 ----a-w- c:\users\langsa\fw402_update.exe
2010-08-16 04:36:12 0 d-----w- c:\windows\system32\xlive
2010-08-16 04:35:33 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-08-16 04:30:36 29268256 ----a-w- c:\users\langsa\gfwlivesetupmin.exe
2010-08-16 03:43:52 14088 ----a-w- c:\windows\system32\drivers\PROCEXP141.SYS
2010-08-16 02:09:05 0 d-----w- c:\programdata\Microsoft Games
2010-08-16 02:06:55 0 d-----w- c:\users\langsa\appdata\roaming\Microsoft Game Studios
2010-08-16 01:01:03 63108 ----a-w- c:\users\langsa\40508_1367080586055_1502888831_30863383_5598580_n.jpg
2010-08-15 01:24:28 85794 ----a-w- c:\users\langsa\46yue45t54.jpg
2010-08-12 13:18:26 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 13:18:26 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 13:18:19 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-12 02:11:32 0 d-----w- c:\users\langsa\appdata\roaming\Megaupload
2010-08-12 02:09:36 0 d-----w- c:\program files\Megaupload
2010-08-12 02:06:34 9005872 ----a-w- c:\users\langsa\megamanager.exe
2010-08-11 05:50:08 0 d-----w- c:\temp\Microsoft Office Enterprise 2007 English
2010-08-11 05:16:21 0 d-----w- C:\Temp
2010-08-11 04:41:14 14951776 ----a-w- c:\users\langsa\word2007-kb974631-fullfile-x86-glb.exe
2010-08-01 02:17:11 16244 ----a-w- c:\windows\system32\rrt_is.wav
2010-08-01 02:17:10 7302 ----a-w- c:\windows\system32\rrt_vf.wav
2010-08-01 02:17:10 7148 ----a-w- c:\windows\system32\rrt_tv.wav
2010-08-01 02:17:10 6282 ----a-w- c:\windows\system32\rrt_tn.wav
2010-08-01 02:04:42 0 d-----w- c:\users\langsa\Process Expl
2010-08-01 02:03:12 440 --sha-r- c:\users\langsa\ntuser.pol
2010-08-01 01:58:41 1729668 ----a-w- c:\users\langsa\ProcessExplorer.zip
2010-07-27 05:10:32 0 d-----w- c:\programdata\NexonUS
2010-07-26 01:56:41 0 d-----w- C:\Nexon
2010-07-26 00:59:47 0 d-----w- c:\programdata\PMB Files
2010-07-26 00:58:25 0 d-----w- c:\program files\Pando Networks
2010-07-19 16:01:37 7518372 ----a-w- c:\users\langsa\01 Doin' Your Mom.m4a
2010-07-18 18:20:33 41979186 ----a-w- c:\users\langsa\100_3372.MOV

==================== Find3M ====================

2010-07-16 13:23:44 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 13:23:38 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 13:22:01 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-04 19:09:32 3103640 ----a-w- c:\users\langsa\spywareblastersetup43.exe
2010-07-04 18:58:51 46899712 ----a-w- c:\users\langsa\zaSetup_92_057_000_en.exe
2010-07-01 21:28:23 574464 ----a-w- c:\users\langsa\OTL.exe
2010-06-29 18:43:46 293376 ----a-w- c:\users\langsa\3jgh10x5.exe
2010-06-29 18:35:47 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-29 18:35:47 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-29 18:35:47 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-29 18:31:11 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-06-29 18:30:56 34651584 ----a-w- c:\users\langsa\sp48843.exe
2010-06-29 18:21:07 13960488 ----a-w- c:\users\langsa\Synaptics_v14_0_3_C_XP32_Vista32_Win7-32_Signed_default.exe
2010-06-29 18:13:19 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-28 21:42:12 15374248 ----a-w- c:\users\langsa\sdstart.exe
2010-06-26 06:05:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37:03 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 04:17:03 922400 ----a-w- c:\users\langsa\jre-6u20-windows-i586-iftw-rv.exe
2010-06-20 23:55:27 71798 ----a-w- c:\users\langsa\JavaRa.zip
2010-06-18 17:31:29 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-15 22:11:47 186624 ----a-w- c:\windows\hpwins23.dat
2010-06-15 20:53:34 15416 ----a-w- c:\windows\system32\HPMDPCoInst10.dll
2010-06-15 20:53:24 26168 ----a-w- c:\windows\system32\hpservice.exe
2010-06-15 20:53:18 15416 ----a-w- c:\windows\system32\accelerometerdll.DLL
2010-06-14 02:56:35 1990728 ----a-w- c:\users\langsa\Install_Facebook_Plug-In_1.0.3.exe
2010-06-11 16:16:20 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15:06 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 04:44:46 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-08 17:35:04 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35:03 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-04 18:08:44 16065852 ----a-w- c:\users\langsa\devrydocuments.zip
2010-06-04 03:03:05 4852120 ----a-w- c:\users\langsa\MsgPlusLive-484.exe
2010-05-27 20:08:17 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 05:50:58 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:58 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-12-16 12:56:57 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-09-02 19:20:48 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-09-02 19:20:48 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-09-02 19:20:48 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-09-02 19:20:48 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-09-27 04:53:44 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009092720090928\index.dat
2009-09-27 04:52:57 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-06-22 09:29:30 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 0:32:07.82 ===============

And the Attach.txt file:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vistaâ„¢ Business
Boot Device: \Device\HarddiskVolume1
Install Date: 8/8/2009 6:43:08 AM
System Uptime: 8/17/2010 12:06:55 AM (0 hours ago)

Motherboard: Hewlett-Packard | | 3074
Processor: Intel(R) Core(TM)2 Duo CPU P7370 @ 2.00GHz | Intel(R) Genuine processor | 2001/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 138 GiB total, 27.225 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.301 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 1 GiB total, 0.964 GiB free.
G: is CDROM (UDF)
H: is CDROM (UDF)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

==== Installed Programs ======================

32 Bit HP CIO Components Installer
6500_E709_eDocs
6500_E709_Help
7-Zip 4.65
AAC Decoder
AbiWord 2.6.8
AbiWord Tools Plugins
Acrobat.com
ActivClient 6.1 x86
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe ConnectNow Add-in
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Adobe Shockwave Player 11.5
Agere Systems HDA Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Audacity 1.3.10 (Unicode)
AuthenTec Fingerprint System
AutoUpdate
AVG Free 9.0
BIOS Configuration for HP ProtectTools
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
CamStudio
CamStudio Lossless Codec v1.4
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Credential Manager for HP ProtectTools
Debut Video Capture Software
Destination Component
Device Access Manager for HP ProtectTools
DeviceDiscovery
DFX for Windows Media Player
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DocMgr
DocProc
Drive Encryption for HP ProtectTools
ESET Online Scanner v3
ESU for Microsoft Vista SP1
Fable - The Lost Chapters
Facebook Plug-In
Fax
File Sanitizer For HP ProtectTools
GIMP 2.6.8
Google Chrome
Google Earth
Google Gmail Notifier
Google Update Helper
GPBaseService2
Guitar and Drum Trainer v4
H.264 Decoder
Halo 2 for Windows Vista
Halo Combat Evolved
Halo Server
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP 3D DriveGuard
HP Active Support Library
HP Common Access Service Library
HP Customer Participation Program 12.0
HP Document Manager 2.0
HP Help and Support
HP Imaging Device Functions 12.0
HP Integrated Module with Bluetooth wireless technology
HP JavaCard for HP ProtectTools
HP Mobile Broadband Setup Utility
HP Officejet 6500 E709 Series
HP Product Detection
HP ProtectTools Security Manager
HP ProtectTools Security Manager Suite
HP Quick Launch Buttons
HP QuickLook 2
HP Smart Web Printing
HP Software Setup 5.00.A.9
HP Solution Center 12.0
HP Total Care Advisor
HP Update
HP User Guides 0136
HP Wallpaper
HP Webcam
HP Webcam Driver
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPProductAssistant
HPSSupply
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi Software
Intel® Matrix Storage Manager
InterVideo WinDVD 8
iPhone Configuration Utility
Java Auto Updater
Java(TM) 6 Update 20
kSolo Recorder
LightScribe System Software
Livestream Procaster
Mabinogi
Macromedia Fireworks MX 2004
Malwarebytes' Anti-Malware
MarketResearch
Marvell Miniport Driver
Mega Manager
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Halo Custom Edition
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MKV Splitter
Mozilla Firefox (3.6.2)
MSVCRT
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyScribe
NCH Toolbox
Network
NirSoft BlueScreenView
OCR Software by I.R.I.S. 12.0
Pando Media Booster
Pcsx2 0.9.6
PDF Complete
Portal
Prism Video Converter
ProductContext
pugclean 1.0
QuickTime
RealPlayer
RealUpgrade 1.0
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Business
Roxio Creator Business v10
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD
Scan
SecondLife (remove only)
SecondLifeBetaViewer (remove only)
Shop for HP Supplies
Skins
SmartWebPrinting
SolutionCenter
Sonic CinePlayer Decoder Pack
SoundMAX
Sparkplayer (Beta)
SPOREâ„¢
SpywareBlaster 4.3
Status
Steam
SUPER © Version 2010.bld.37 (Jan 2, 2010)
Synaptics Pointing Device Driver
System Requirements Lab
Toolbox
TrayApp
Unity Web Player
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
VideoPad Video Editor
VirtualCloneDrive
Vista Default Settings
Visual C++ 8.0 Runtime Setup Package
WebEx
WebReg
Winamp
Winamp Detector Plug-in
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin

==== End Of File ===========================

broni · 2010/08/17

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following.

Now download and run exeHelper.

* Please download exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file ", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

=============================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

langsa · 2010/08/17

I followed all your steps except ComboFix. Every time I run it(I tried three times), it gets as far as "This typically doesn't take more than 10 minutes. However, scan times for badly infected machines may easily double." and then my computer crashes, the screen appearing like this: http://img339.imageshack.us/f/1003342.jpg/

Here are the other logs, though. rkill:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as langsa on 08/17/2010 at 19:06:38.

Processes terminated by Rkill or while it was running:

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Swsetup\HPQWWAN\HPMobileBroadband.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\langsa\AppData\Local\Google\Update\GoogleUpdate.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\WerFault.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\langsa\Desktop\rkill.com
C:\Users\langsa\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe

Rkill completed on 08/17/2010 at 19:07:23.

And exehelper:

exeHelper by Raktor
Build 20100414
Run at 19:15:24 on 08/17/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

broni · 2010/08/17

Delete your Combofix file, download fresh one, but rename combofix.exe to broni.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Run rKill, exehelper and then broni.exe

If it still doesn't work, run all 3 tools from safe mode.

langsa · 2010/08/17

Had to run them in Safe Mode. Rkill came up empty except for itself, exehelper looks no different. Here's the ComboFix log:

ComboFix 10-08-17.02 - langsa 08/17/2010 20:54:23.2.2 - x86 MINIMAL
Microsoft® Windows Vistaâ„¢ Business 6.0.6002.2.1252.1.1033.18.2041.1617 [GMT -4:00]
Running from: c:\users\langsa\Desktop\broni.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\langsa\fwmx2004_702update.exe
c:\users\langsa\MabinogiDownloaderV65R.exe
c:\users\langsa\VeohWebPlayerSetup_eng.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-18 to 2010-08-18 )))))))))))))))))))))))))))))))
.

2010-08-18 01:03 . 2010-08-18 01:03 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-08-18 01:03 . 2010-08-18 01:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-18 01:03 . 2010-08-18 01:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-18 00:52 . 2010-08-18 00:53 -------- d-----w- C:\32788R22FWJFW
2010-08-18 00:40 . 2010-08-18 00:40 -------- d--h--w- c:\windows\PIF
2010-08-16 22:40 . 2010-08-16 22:40 -------- d-----w- c:\users\langsa\AppData\Local\AVG Security Toolbar
2010-08-16 22:37 . 2010-08-16 22:38 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-08-16 22:17 . 2010-08-16 22:17 6345994 ----a-w- c:\users\langsa\update_fwmx_2004.exe
2010-08-16 22:14 . 2010-08-16 22:14 1565390 ----a-w- c:\users\langsa\fw402_update.exe
2010-08-16 04:36 . 2010-08-16 04:36 -------- d-----w- c:\windows\system32\xlive
2010-08-16 04:35 . 2010-08-16 04:59 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-08-16 04:30 . 2010-08-16 04:32 29268256 ----a-w- c:\users\langsa\gfwlivesetupmin.exe
2010-08-16 03:43 . 2010-08-16 03:43 14088 ----a-w- c:\windows\system32\drivers\PROCEXP141.SYS
2010-08-16 02:10 . 2010-08-16 02:10 -------- d-----w- c:\users\langsa\AppData\Local\Microsoft Game Studios
2010-08-16 02:09 . 2010-08-16 02:10 -------- d-----w- c:\programdata\Microsoft Games
2010-08-16 02:06 . 2010-08-16 02:06 -------- d-----w- c:\users\langsa\AppData\Roaming\Microsoft Game Studios
2010-08-12 13:18 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 13:18 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 13:18 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-12 03:29 . 2010-08-12 03:29 -------- d-----w- c:\program files\Microsoft Works
2010-08-12 02:11 . 2010-08-12 02:11 -------- d-----w- c:\users\langsa\AppData\Roaming\Megaupload
2010-08-12 02:09 . 2010-08-12 02:09 -------- d-----w- c:\program files\Megaupload
2010-08-12 02:06 . 2010-08-12 02:06 9005872 ----a-w- c:\users\langsa\megamanager.exe
2010-08-11 23:57 . 2010-08-11 23:57 -------- d-----r- C:\MSOCache
2010-08-11 05:50 . 2010-08-11 05:50 -------- d-----w- c:\temp\Microsoft Office Enterprise 2007 English
2010-08-11 05:16 . 2010-08-11 05:53 -------- d-----w- C:\Temp
2010-08-11 04:41 . 2010-08-11 04:42 14951776 ----a-w- c:\users\langsa\word2007-kb974631-fullfile-x86-glb.exe
2010-08-01 02:04 . 2010-08-02 22:32 -------- d-----w- c:\users\langsa\Process Expl
2010-08-01 01:58 . 2010-08-01 01:59 1729668 ----a-w- c:\users\langsa\ProcessExplorer.zip
2010-07-27 05:10 . 2010-07-27 05:10 98304 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2010-07-27 05:10 . 2010-07-27 05:10 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2010-07-27 05:10 . 2010-07-27 05:10 126976 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2010-07-27 05:10 . 2010-07-27 05:10 401408 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2010-07-27 05:10 . 2010-08-04 03:03 765952 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2010-07-27 05:10 . 2010-07-27 05:12 -------- d-----w- c:\programdata\NexonUS
2010-07-27 05:10 . 2010-07-27 05:10 172032 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2010-07-26 01:56 . 2010-07-26 01:56 -------- d-----w- C:\Nexon
2010-07-26 01:09 . 2010-05-26 21:22 176128 ----a-w- c:\users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\{077a24e9-0db5-435f-9010-5261c53e5925}\plugins\npmabiwebframe.dll
2010-07-26 01:00 . 2010-07-27 03:26 -------- d-----w- c:\users\langsa\AppData\Local\PMB Files
2010-07-26 00:59 . 2010-07-26 03:44 -------- d-----w- c:\programdata\PMB Files
2010-07-26 00:58 . 2010-07-26 00:58 -------- d-----w- c:\program files\Pando Networks
2010-07-20 21:21 . 2010-07-20 21:21 1373536 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-07-20 21:21 . 2010-07-20 21:21 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll
2010-07-20 21:21 . 2010-07-20 21:21 921440 ----a-w- c:\programdata\avg9\update\backup\avgemc.exe
2010-07-20 21:21 . 2010-07-20 21:21 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-18 00:00 . 2010-06-12 04:01 0 ----a-w- c:\users\langsa\AppData\Local\prvlcl.dat
2010-08-17 08:17 . 2009-08-08 10:41 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-17 06:39 . 2010-07-04 19:45 -------- d-----w- c:\program files\SpywareBlaster
2010-08-17 02:29 . 2009-12-14 14:49 1356 ----a-w- c:\users\langsa\AppData\Local\d3d9caps.dat
2010-08-16 02:14 . 2009-08-09 01:45 -------- d-----w- c:\program files\Microsoft Games
2010-08-15 22:33 . 2009-06-22 09:53 -------- d-----w- c:\programdata\Microsoft Help
2010-08-13 22:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-12 12:53 . 2009-08-07 15:02 116032 ----a-w- c:\users\langsa\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-12 03:27 . 2009-06-22 09:57 -------- d-----w- c:\program files\Microsoft.NET
2010-08-12 02:09 . 2009-06-22 09:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-11 04:06 . 2009-06-22 09:51 -------- d-----w- c:\programdata\PDFC
2010-07-16 13:23 . 2009-08-24 16:20 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 13:23 . 2010-07-16 13:23 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 13:22 . 2009-08-24 16:20 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-16 00:31 . 2010-07-12 00:37 -------- d-----w- c:\programdata\NOS
2010-07-12 01:10 . 2010-07-12 01:09 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-12 01:03 . 2010-05-07 17:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-12 01:02 . 2010-07-12 01:01 71680 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-07-10 00:36 . 2010-02-12 03:31 -------- d-----w- c:\program files\Steam
2010-07-10 00:08 . 2010-02-12 03:31 -------- d-----w- c:\program files\Common Files\Steam
2010-07-09 16:38 . 2010-06-04 03:04 -------- d-----w- c:\program files\Messenger Plus! Live
2010-07-07 01:30 . 2010-07-07 01:30 388488 ----a-w- c:\programdata\WebEx\WebEx\500\atasctrl.dll
2010-07-07 01:29 . 2010-07-07 01:29 65536 ----a-w- c:\programdata\WebEx\WebEx\500\wbxcrypt.dll
2010-07-07 01:28 . 2010-07-07 01:28 103736 ----a-w- c:\programdata\WebEx\WebEx\500\atplycli.dll
2010-07-07 01:28 . 2010-07-07 01:28 65536 ----a-w- c:\programdata\WebEx\WebEx\500\atnetext.dll
2010-07-07 01:28 . 2010-07-07 01:28 185224 ----a-w- c:\programdata\WebEx\atgpcext.dll
2010-07-07 01:28 . 2010-07-07 01:28 28472 ----a-w- c:\programdata\WebEx\atgpcdec.dll
2010-07-05 02:55 . 2010-07-02 00:59 -------- d-----w- c:\users\langsa\AppData\Roaming\MyScribe
2010-07-04 19:46 . 2010-07-04 19:46 -------- d-----w- c:\programdata\CheckPoint
2010-07-04 19:09 . 2010-07-04 19:10 3103640 ----a-w- c:\users\langsa\spywareblastersetup43.exe
2010-07-04 18:58 . 2010-07-04 18:58 46899712 ----a-w- c:\users\langsa\zaSetup_92_057_000_en.exe
2010-07-03 22:21 . 2010-06-04 03:05 -------- d-----w- c:\programdata\Messenger Plus!
2010-07-02 13:09 . 2010-06-28 18:08 -------- d-----w- c:\program files\Spyware Doctor
2010-07-02 03:37 . 2010-03-25 20:51 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-02 03:37 . 2010-06-28 17:59 -------- d-----w- c:\programdata\PC Tools
2010-07-02 01:37 . 2010-07-02 01:35 -------- d-----w- c:\users\langsa\AppData\Roaming\Elluminate
2010-07-02 00:31 . 2010-07-02 00:31 1052672 ----a-w- c:\programdata\WebEx\WebEx\925\mac.dll
2010-07-02 00:31 . 2010-07-02 00:31 -------- d-----w- c:\users\langsa\AppData\Roaming\webex
2010-07-01 21:28 . 2010-07-01 21:28 574464 ----a-w- c:\users\langsa\OTL.exe
2010-06-30 04:26 . 2010-06-30 04:26 -------- d-----w- c:\users\langsa\AppData\Roaming\AVG9
2010-06-29 18:43 . 2010-06-29 18:42 293376 ----a-w- c:\users\langsa\3jgh10x5.exe
2010-06-29 18:31 . 2010-06-29 18:31 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-06-29 18:30 . 2010-06-29 18:29 34651584 ----a-w- c:\users\langsa\sp48843.exe
2010-06-29 18:21 . 2010-06-29 18:20 13960488 ----a-w- c:\users\langsa\Synaptics_v14_0_3_C_XP32_Vista32_Win7-32_Signed_default.exe
2010-06-29 18:13 . 2010-06-29 18:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-29 17:52 . 2009-12-14 16:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-28 21:42 . 2010-06-28 21:35 15374248 ----a-w- c:\users\langsa\sdstart.exe
2010-06-28 17:59 . 2010-06-28 17:59 -------- d-----w- c:\program files\ThreatFire
2010-06-26 06:05 . 2010-08-12 13:19 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 13:19 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 13:19 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 13:19 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-12 13:19 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 04:17 . 2010-06-21 04:16 922400 ----a-w- c:\users\langsa\jre-6u20-windows-i586-iftw-rv.exe
2010-06-20 23:55 . 2010-06-20 23:55 71798 ----a-w- c:\users\langsa\JavaRa.zip
2010-06-19 05:21 . 2010-06-19 04:50 -------- d-----w- c:\users\langsa\AppData\Roaming\Hewlett-Packard
2010-06-19 04:51 . 2009-06-22 09:16 -------- d-----w- c:\program files\Hewlett-Packard
2010-06-19 04:45 . 2010-06-19 04:45 -------- d-----w- c:\users\langsa\AppData\Roaming\Intel
2010-06-19 04:40 . 2010-06-19 04:40 -------- d-----w- c:\program files\Cisco
2010-06-19 04:40 . 2010-06-19 04:40 -------- d-----w- c:\program files\Common Files\Intel
2010-06-19 04:40 . 2010-06-19 04:40 -------- d-----w- c:\programdata\Intel
2010-06-19 04:40 . 2009-06-22 09:15 -------- d-----w- c:\program files\Intel
2010-06-18 17:31 . 2010-08-12 13:19 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-15 22:11 . 2010-06-15 21:22 186624 ----a-w- c:\windows\hpwins23.dat
2010-06-15 20:53 . 2010-06-15 20:53 15416 ----a-w- c:\windows\system32\HPMDPCoInst10.dll
2010-06-15 20:53 . 2008-08-27 16:52 25656 ----a-w- c:\windows\system32\drivers\hpdskflt.sys
2010-06-15 20:53 . 2009-07-08 18:48 26168 ----a-w- c:\windows\system32\hpservice.exe
2010-06-15 20:53 . 2009-07-08 18:48 15416 ----a-w- c:\windows\system32\accelerometerdll.DLL
2010-06-15 20:53 . 2010-06-15 20:53 33848 ----a-w- c:\windows\system32\drivers\Accelerometer.sys
2010-06-14 02:56 . 2010-06-14 02:56 50354 ----a-w- c:\users\langsa\AppData\Roaming\Facebook\uninstall.exe
2010-06-14 02:56 . 2010-06-14 02:56 1990728 ----a-w- c:\users\langsa\Install_Facebook_Plug-In_1.0.3.exe
2010-06-11 16:16 . 2010-08-12 13:19 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-12 13:19 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 04:44 . 2010-06-11 04:45 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\users\langsa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-06-08 17:35 . 2010-08-12 13:19 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-12 13:19 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-04 18:08 . 2010-06-04 18:01 16065852 ----a-w- c:\users\langsa\devrydocuments.zip
2010-06-04 03:03 . 2010-06-04 03:02 4852120 ----a-w- c:\users\langsa\MsgPlusLive-484.exe
2010-06-02 13:57 . 2009-08-24 16:20 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-27 20:08 . 2010-08-12 13:19 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-05-26 19:24 . 2010-04-23 18:32 18488 ----a-w- c:\windows\Help\OEM\scripts\HPHC_BUY_BATTERY.exe
2010-05-26 17:06 . 2010-06-08 21:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-08 21:24 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 18:14 . 2009-10-03 06:25 221568 ------w- c:\windows\system32\MpSigStub.exe
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 10:06 . 2010-03-03 04:02 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2010-03-03 04:02 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2010-03-03 04:02 216064 --sh--r- c:\windows\System32\nbDX.dll
2009-06-22 09:29 . 2009-06-22 09:29 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C} "= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 14:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-09 2393376]
"Google Update "= "c:\users\langsa\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-08-13 133104]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-16 186904]
"accrdsub "= "c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-11-28 298536]
"PTHOSTTR "= "c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-02-12 355896]
"CognizanceTS "= "c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-01-28 24848]
"PDF Complete "= "c:\program files\PDF Complete\pdfsty.exe" [2008-08-08 319000]
"HP Mobile Broadband "= "c:\swsetup\HPQWWAN\HPMobileBroadband.exe" [2009-01-09 455224]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"WirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-03-10 506936]
"HP Health Check Scheduler "= "c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"File Sanitizer "= "c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-01-14 11223040]
"QlbCtrl.exe "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-02-18 177720]
"HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-04 61440]
"HPCam_Menu "= "c:\program files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2} "= "c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"VirtualCloneDrive "= "c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-22 202256]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv "= "grpconv -o" [X]

c:\users\langsa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ThreatFire.lnk - c:\program files\ThreatFire\TFGui.exe [2010-6-28 1160464]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-1 789032]
ThreatFire.lnk - c:\program files\ThreatFire\TFGui.exe [2010-6-28 1160464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2008-08-06 22:23 69632 ----a-w- c:\windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2 "=hex(b):f3,d5,07,15,81,25,ca,01

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-16 243024]
R1 RsvLock;RsvLock; [x]
R2 0213001251130747mcinstcleanup;McAfee Application Installer Cleanup (0213001251130747);c:\users\langsa\AppData\Local\Temp\021300~1.EXE [x]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-11-28 185896]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-10-03 1185016]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-20 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-18 135664]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-10-01 256544]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-01-14 77824]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-06-15 26168]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-08-08 777240]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-03-11 29736]
R3 CJJDZH;CJJDZH;c:\users\langsa\AppData\Local\Temp\CJJDZH.exe [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2008-08-06 32256]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2008-08-06 349432]
R3 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2009-02-12 45056]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-04-05 6630912]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-10-15 3042652]
R3 PROCEXP141;PROCEXP141;c:\windows\system32\Drivers\PROCEXP141.SYS [2010-08-16 14088]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-01-14 33552]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-01-14 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-01-14 59664]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Bioscrypt REG_MULTI_SZ ASBroker ASChannel
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
ipripsvc REG_MULTI_SZ iprip
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-09 23:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-18 23:27]

2010-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-18 23:27]

2010-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2841127670-2781909849-4267527183-1004Core.job
- c:\users\langsa\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-13 02:35]

2010-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2841127670-2781909849-4267527183-1004UA.job
- c:\users\langsa\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-13 02:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=all&pf=cmnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=all&pf=cmnb
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
FF - ProfilePath - c:\users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\kSolo\npAVX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\langsa\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\langsa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\{077a24e9-0db5-435f-9010-5261c53e5925}\plugins\npmabiwebframe.dll
FF - plugin: c:\users\langsa\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: c:\users\langsa\Documents\Sparkplay Media\Sparkplayer (Beta)\npSparkPlayerNS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-RRT-Auto - c:\users\langsa\RRT.exe
HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-Adobe ConnectNow Add-in - c:\users\langsa\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\acaddin\acaddin.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-17 21:03
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath "= "c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath "= "c:\windows\system32\GameMon.des -service "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ThreatFire]
"AlternateImagePath "=" "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2841127670-2781909849-4267527183-1004\Software\SecuROM\License information*]
"datasecu "=hex:aa,14,f9,46,6e,99,eb,0e,ae,23,60,67,c9,0b,11,5f,50,c3,d8,f8,a3,
b3,2b,21,08,91,83,1c,e1,ee,a6,c3,82,67,d2,ce,24,3e,54,2e,f6,60,8b,c1,f8,74,\
"rkeysecu "=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1284)
c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
.
Completion time: 2010-08-17 21:05:20
ComboFix-quarantined-files.txt 2010-08-18 01:05

Pre-Run: 32,034,865,152 bytes free
Post-Run: 31,999,860,736 bytes free

- - End Of File - - 17EDBF52D256AA79DE13C538DABC63C1

broni · 2010/08/17

I prefer, if you don't use Italics, please. It's hard on my eyes.

I don't see much here....

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
Driver::
sptd
RsvLock
SafeBoot
SbAlg
SbFsLock
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

langsa · 2010/08/17

Okay, so I tried to do as you said. Computer froze. Restarted in safe mode, tried again. When it finished scanning, an error box popped up. I hit okay, then Combofix restarted my computer. It tried to start back up, but a blue screen flashed for a millisecond and restarted it. Then it made me launch Start-Up Repair. I tried to do it without System Restore, but it still won't start up. Should I use System Restore? I think the last time I created a restore point manually was back in July.

I'm replying on my desktop right now. Help!

broni · 2010/08/17

I'm starting to believe, that we're not dealing here with any infection.

Well, if system restore is the only option to get your computer up and running, go ahead.

langsa · 2010/08/17

Didn't have to do a complete restore, thankfully. And it only took me back to 2:30 today. Thank you, Windows Update.

So what might it be, then?

broni · 2010/08/17

OK. The main question is, if you're still having same issues...

langsa · 2010/08/17

Well, it only happens in certain instances with the internet browsers and task managers. But Fireworks still won't start up(though it acts like it wants to), and Combofix still won't fully run without freezing(outside of Safe Mode).

broni · 2010/08/17

I didn't really see anything malicious in Combofix log, but let's run couple more scans...

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

===============================================================

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

langsa · 2010/08/17

Running the MalwareBytes scan now. In the meantime, here's the MBR log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP ProBook 4710s
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 217):
0x82806000 \SystemRoot\system32\ntkrnlpa.exe
0x82BBF000 \SystemRoot\system32\hal.dll
0x80403000 \SystemRoot\system32\kdcom.dll
0x8040A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047A000 \SystemRoot\system32\PSHED.dll
0x8048B000 \SystemRoot\system32\BOOTVID.dll
0x80493000 \SystemRoot\system32\CLFS.SYS
0x804D4000 \SystemRoot\system32\CI.dll
0x8060A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80689000 \SystemRoot\system32\drivers\acpi.sys
0x806CF000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D8000 \SystemRoot\system32\drivers\fltmgr.sys
0x8070A000 \SystemRoot\system32\drivers\msisadrv.sys
0x80712000 \SystemRoot\system32\drivers\pci.sys
0x80739000 \SystemRoot\system32\drivers\isapnp.sys
0x80748000 \SystemRoot\system32\drivers\mpio.sys
0x80764000 \SystemRoot\System32\drivers\partmgr.sys
0x80773000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80776000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80780000 \SystemRoot\system32\drivers\volmgr.sys
0x8078F000 \SystemRoot\System32\drivers\volmgrx.sys
0x807D9000 \SystemRoot\system32\drivers\intelide.sys
0x807E0000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807EE000 \SystemRoot\system32\drivers\pciide.sys
0x805B4000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x807F5000 \SystemRoot\system32\drivers\aliide.sys
0x80600000 \SystemRoot\system32\drivers\amdide.sys
0x805E1000 \SystemRoot\system32\drivers\cmdide.sys
0x805E9000 \SystemRoot\System32\drivers\mountmgr.sys
0x82E0A000 \SystemRoot\system32\drivers\msdsm.sys
0x82E24000 \SystemRoot\system32\drivers\nvraid.sys
0x82E3F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x82E60000 \SystemRoot\system32\drivers\viaide.sys
0x82E68000 \SystemRoot\system32\drivers\iastor.sys
0x82F42000 \SystemRoot\system32\drivers\iastorv.sys
0x82FE3000 \SystemRoot\system32\drivers\atapi.sys
0x83C0D000 \SystemRoot\system32\drivers\ataport.SYS
0x83C2B000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x83C45000 \SystemRoot\system32\drivers\storport.sys
0x83C86000 \SystemRoot\system32\drivers\hpcisss.sys
0x83C91000 \SystemRoot\system32\drivers\adp94xx.sys
0x83CFB000 \SystemRoot\system32\drivers\adpahci.sys
0x83D47000 \SystemRoot\system32\drivers\adpu160m.sys
0x83D62000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x83D88000 \SystemRoot\system32\drivers\adpu320.sys
0x83DAE000 \SystemRoot\system32\drivers\djsvs.sys
0x83DC2000 \SystemRoot\system32\drivers\arc.sys
0x83DD8000 \SystemRoot\system32\drivers\arcsas.sys
0x83E0B000 \SystemRoot\system32\drivers\elxstor.sys
0x83E9F000 \SystemRoot\system32\drivers\i2omp.sys
0x83EA9000 \SystemRoot\system32\drivers\iirsp.sys
0x83EB9000 \SystemRoot\system32\drivers\iteatapi.sys
0x83EC5000 \SystemRoot\system32\drivers\iteraid.sys
0x83ED1000 \SystemRoot\system32\drivers\lsi_fc.sys
0x83EEB000 \SystemRoot\system32\drivers\lsi_sas.sys
0x83F03000 \SystemRoot\system32\drivers\megasas.sys
0x83F0D000 \SystemRoot\system32\drivers\megasr.sys
0x83FC4000 \SystemRoot\system32\drivers\mraid35x.sys
0x83FCF000 \SystemRoot\system32\drivers\msahci.sys
0x83FD9000 \SystemRoot\system32\drivers\nfrd960.sys
0x83FE7000 \SystemRoot\system32\drivers\nvstor.sys
0x8560E000 \SystemRoot\system32\drivers\ql2300.sys
0x85746000 \SystemRoot\system32\drivers\ql40xx.sys
0x8579B000 \SystemRoot\system32\drivers\sisraid2.sys
0x857A8000 \SystemRoot\system32\drivers\sisraid4.sys
0x857BD000 \SystemRoot\system32\drivers\symc8xx.sys
0x857C9000 \SystemRoot\system32\drivers\sym_hi.sys
0x857D4000 \SystemRoot\system32\drivers\sym_u3.sys
0x8580A000 \SystemRoot\system32\drivers\uliahci.sys
0x85846000 \SystemRoot\system32\drivers\ulsata.sys
0x85867000 \SystemRoot\system32\drivers\ulsata2.sys
0x85893000 \SystemRoot\system32\drivers\vsmraid.sys
0x858B4000 \SystemRoot\System32\Drivers\SbAlg.sys
0x858BF000 \SystemRoot\system32\drivers\fileinfo.sys
0x858CF000 \SystemRoot\System32\Drivers\SbFsLock.sys
0x858D1000 \SystemRoot\system32\drivers\PCTCore.sys
0x8590A000 \SystemRoot\system32\drivers\TfSysMon.sys
0x8591B000 \SystemRoot\system32\drivers\TfFsMon.sys
0x8592C000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x85936000 \SystemRoot\System32\Drivers\ksecdd.sys
0x85A0A000 \SystemRoot\system32\drivers\ndis.sys
0x85B15000 \SystemRoot\system32\drivers\msrpc.sys
0x85B40000 \SystemRoot\system32\drivers\NETIO.SYS
0x85C0A000 \SystemRoot\System32\drivers\tcpip.sys
0x85CF4000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x85E0C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x85F1C000 \SystemRoot\system32\drivers\wd.sys
0x85F24000 \SystemRoot\system32\drivers\volsnap.sys
0x85F5D000 \SystemRoot\System32\Drivers\spldr.sys
0x85F65000 \SystemRoot\system32\drivers\sbp2port.sys
0x85F7A000 \SystemRoot\System32\Drivers\SafeBoot.sys
0x85F93000 \SystemRoot\System32\Drivers\mup.sys
0x85FA2000 \SystemRoot\System32\drivers\ecache.sys
0x85FC9000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x85FD2000 \SystemRoot\system32\drivers\disk.sys
0x85FE3000 \SystemRoot\system32\drivers\crcdisk.sys
0x85E00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x85DE9000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x85B7B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8F60E000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8FA7B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FB1C000 \SystemRoot\System32\drivers\watchdog.sys
0x8FB28000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FBB5000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8FBC0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x85B8A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FE02000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x9045F000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x904AE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x904C1000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x904C6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x904D1000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x90502000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90504000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9050F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x90527000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x90532000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x90536000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x9053F000 \SystemRoot\system32\DRIVERS\serscan.sys
0x90547000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x90576000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90581000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90598000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x905A3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x905C6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x905D5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x905E9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90C06000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x90C8F000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90C9F000 \SystemRoot\system32\DRIVERS\VClone.sys
0x90CAA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90CAC000 \SystemRoot\system32\DRIVERS\ks.sys
0x90CD6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90CE0000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90CED000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90D22000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90D33000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x90D4D000 \SystemRoot\system32\drivers\portcls.sys
0x90D7A000 \SystemRoot\system32\drivers\drmk.sys
0x85B99000 \SystemRoot\system32\drivers\ADIHdAud.sys
0x9560E000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x95734000 \SystemRoot\system32\drivers\modem.sys
0x95741000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x9574E000 \SystemRoot\System32\Drivers\bthport.sys
0x95E0F000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x95FBD000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x95FCA000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x95FD1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x95FDA000 \SystemRoot\System32\Drivers\Null.SYS
0x95FE1000 \SystemRoot\System32\Drivers\Beep.SYS
0x95FF1000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x95E00000 \SystemRoot\System32\drivers\vga.sys
0x957CE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90D9F000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x957EF000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x90DC8000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x96E05000 \SystemRoot\system32\drivers\btwavdt.sys
0x96E78000 \SystemRoot\system32\drivers\btwaudio.sys
0x96EF9000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0x96F03000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x96F06000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x96F16000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x96F1E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x96F26000 \SystemRoot\System32\Drivers\Msfs.SYS
0x96F31000 \SystemRoot\System32\Drivers\Npfs.SYS
0x96F3F000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x96F48000 \SystemRoot\system32\DRIVERS\tdx.sys
0x96F5E000 \SystemRoot\system32\DRIVERS\smb.sys
0x96F72000 \SystemRoot\System32\Drivers\avgtdix.sys
0x96FAC000 \SystemRoot\System32\DRIVERS\netbt.sys
0x859A7000 \SystemRoot\system32\drivers\afd.sys
0x96FDE000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x96FE7000 \SystemRoot\system32\DRIVERS\pacer.sys
0x95600000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90DE2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x96FFD000 \SystemRoot\System32\Drivers\RsvLock.SYS
0x9780F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9784B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x97855000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9787D000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x97882000 \SystemRoot\system32\drivers\csc.sys
0x978DD000 \SystemRoot\System32\Drivers\dfsc.sys
0x978F4000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x978FA000 \SystemRoot\System32\Drivers\avgldx86.sys
0x9792E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x85D0F000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9793B000 \SystemRoot\System32\Drivers\dump_SbHiber.sys
0xA1080000 \SystemRoot\System32\win32k.sys
0x9793C000 \SystemRoot\System32\drivers\Dxapi.sys
0x97946000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA12A0000 \SystemRoot\System32\TSDDD.dll
0xA12C0000 \SystemRoot\System32\cdd.dll
0x97955000 \SystemRoot\system32\drivers\luafv.sys
0xAEA07000 \SystemRoot\system32\drivers\spsys.sys
0xAEAB7000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAEAC7000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xAEAF1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAEAFB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAEB0E000 \SystemRoot\system32\drivers\HTTP.sys
0xAEB7B000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAEB98000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAEBB1000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAEBC6000 \SystemRoot\system32\drivers\mrxdav.sys
0x97970000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9798F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAEBE7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x979C8000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB3401000 \SystemRoot\System32\DRIVERS\srv.sys
0xB3467000 \SystemRoot\system32\drivers\peauth.sys
0xB3545000 \SystemRoot\system32\drivers\regi.sys
0xB3547000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB3551000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB355D000 \??\C:\windows\system32\drivers\TfNetMon.sys
0xB3569000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xB357F000 \SystemRoot\system32\DRIVERS\udfs.sys
0x77540000 \Windows\System32\ntdll.dll

Processes (total 99):
0 System Idle Process
4 System
564 C:\Windows\System32\smss.exe
648 C:\Windows\System32\csrss.exe
712 C:\Windows\System32\wininit.exe
724 C:\Windows\System32\csrss.exe
732 C:\Program Files\AVG\AVG9\avgchsvx.exe
740 C:\Program Files\AVG\AVG9\avgrsx.exe
780 C:\Windows\System32\services.exe
800 C:\Windows\System32\lsass.exe
808 C:\Windows\System32\lsm.exe
904 C:\Program Files\AVG\AVG9\avgcsrvx.exe
940 C:\Windows\System32\winlogon.exe
1196 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\svchost.exe
1292 C:\Program Files\Fingerprint Sensor\AtService.exe
1324 C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
1404 C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
1440 C:\Windows\System32\svchost.exe
1584 C:\Windows\System32\Ati2evxx.exe
1608 C:\Windows\System32\svchost.exe
1664 C:\Windows\System32\svchost.exe
1688 C:\Windows\System32\svchost.exe
1788 C:\Windows\System32\audiodg.exe
1824 C:\Windows\System32\svchost.exe
1852 C:\Windows\System32\SLsvc.exe
1884 C:\Windows\System32\svchost.exe
2024 C:\Windows\System32\Ati2evxx.exe
252 C:\Windows\System32\hpservice.exe
584 C:\Windows\System32\svchost.exe
2036 C:\Windows\System32\taskeng.exe
2056 C:\Windows\System32\spoolsv.exe
2092 C:\Windows\System32\svchost.exe
2100 C:\Windows\System32\wlanext.exe
2316 C:\Program Files\ActivIdentity\ActivClient\accoca.exe
2368 C:\Windows\System32\AEADISRV.EXE
2424 C:\Program Files\LSI SoftModem\agrsmsvc.exe
2452 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
2472 C:\Program Files\AVG\AVG9\avgwdsvc.exe
2492 C:\Program Files\ActivIdentity\ActivClient\acevents.exe
2560 C:\Windows\System32\svchost.exe
2572 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
2792 C:\Windows\System32\svchost.exe
2820 C:\Program Files\AVG\AVG9\avgnsx.exe
2852 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
2892 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2992 C:\Windows\System32\svchost.exe
3064 C:\Program Files\PDF Complete\pdfsvc.exe
3168 C:\Windows\System32\svchost.exe
3240 C:\Windows\System32\svchost.exe
3312 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
3344 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
3392 C:\Windows\System32\svchost.exe
3432 C:\Program Files\ThreatFire\TFService.exe
3496 C:\Windows\System32\svchost.exe
3524 C:\Windows\System32\SearchIndexer.exe
3564 C:\Program Files\AVG\AVG9\avgemc.exe
3744 C:\Program Files\AVG\AVG9\avgcsrvx.exe
3760 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1544 C:\Windows\System32\dwm.exe
4044 C:\Windows\System32\svchost.exe
3056 C:\Windows\explorer.exe
3796 C:\Windows\System32\taskeng.exe
4700 C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
4780 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
1860 C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
2908 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
4520 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3020 C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
4820 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3804 C:\Program Files\Google\Gmail Notifier\gnotify.exe
5572 C:\Program Files\AVG\AVG9\avgtray.exe
5272 C:\Program Files\Analog Devices\Core\smax4pnp.exe
5348 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
5652 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
4804 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
4680 C:\Program Files\Common Files\Java\Java Update\jusched.exe
5640 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
5768 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
5864 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
5800 C:\Windows\System32\wbem\unsecapp.exe
3864 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3000 C:\Windows\System32\wbem\WmiPrvSE.exe
2968 C:\Users\langsa\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
4268 C:\Program Files\ThreatFire\TFTray.exe
4192 C:\Program Files\ActivIdentity\ActivClient\acevents.exe
5504 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
6060 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
1564 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
604 C:\Windows\System32\svchost.exe
4792 C:\Program Files\Mozilla Firefox\firefox.exe
6048 C:\Program Files\Windows Live\Contacts\wlcomm.exe
7348 C:\Windows\System32\wuauclt.exe
6240 C:\Windows\System32\msiexec.exe
6740 C:\Windows\System32\msiexec.exe
5600 C:\Windows\System32\SearchProtocolHost.exe
6992 C:\Windows\System32\SearchFilterHost.exe
4760 <unknown>
8148 C:\Users\langsa\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000022`c3200000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000022`83100000 (FAT32)

PhysicalDrive0 Model Number: FUJITSUMHZ2160BHG2, Rev: 8909

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

broni · 2010/08/17

This one looks good

langsa · 2010/08/17

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4443

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

8/18/2010 12:45:04 AM
mbam-log-2010-08-18 (00-45-04).txt

Scan type: Quick scan
Objects scanned: 147052
Time elapsed: 44 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rrt-auto (Autorun.RRT) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

broni · 2010/08/17

Delete your Combofix file, download fresh one and post the log.
If necessary, run rKill first.
If necessary, run both from safe mode.
No exehelper needed.

langsa · 2010/08/18

I was able to run Rkill normally, but ComboFix froze my computer again. Was able to run both in Safe Mode. However, Rkill picked things up in normal mode that it didn't see in Safe Mode. Rkill w/o Safe Mode:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as langsa on 08/18/2010 at 1:24:00.

Processes terminated by Rkill or while it was running:

C:\Users\langsa\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\Users\langsa\Desktop\rkill.com

Rkill completed on 08/18/2010 at 1:24:43.

==================================

And ComboFix log in Safe Mode:

ComboFix 10-08-17.03 - langsa 08/18/2010 1:54.2.2 - x86 NETWORK
Microsoft® Windows Vistaâ„¢ Business 6.0.6002.2.1252.1.1033.18.2041.1516 [GMT -4:00]
Running from: c:\users\langsa\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-07-18 to 2010-08-18 )))))))))))))))))))))))))))))))
.

2010-08-18 06:04 . 2010-08-18 06:04 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-08-18 06:04 . 2010-08-18 06:04 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-18 06:04 . 2010-08-18 06:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-18 05:53 . 2010-08-18 05:53 -------- d-----w- C:\32788R22FWJFW
2010-08-18 01:57 . 2010-08-18 02:09 -------- d-----w- C:\broni17340b
2010-08-18 01:05 . 2010-08-18 02:09 -------- d-----w- c:\users\langsa\AppData\Local\temp(19)
2010-08-18 01:04 . 2010-08-18 01:04 -------- d-----w- C:\$RECYCLE(0).BIN
2010-08-18 00:53 . 2010-08-18 01:05 -------- d-----w- C:\broni
2010-08-18 00:40 . 2010-08-18 00:40 -------- d--h--w- c:\windows\PIF
2010-08-16 22:40 . 2010-08-16 22:40 -------- d-----w- c:\users\langsa\AppData\Local\AVG Security Toolbar
2010-08-16 22:37 . 2010-08-16 22:38 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-08-16 22:17 . 2010-08-16 22:17 6345994 ----a-w- c:\users\langsa\update_fwmx_2004.exe
2010-08-16 22:14 . 2010-08-16 22:14 1565390 ----a-w- c:\users\langsa\fw402_update.exe
2010-08-16 04:36 . 2010-08-16 04:36 -------- d-----w- c:\windows\system32\xlive
2010-08-16 04:35 . 2010-08-16 04:59 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-08-16 04:30 . 2010-08-16 04:32 29268256 ----a-w- c:\users\langsa\gfwlivesetupmin.exe
2010-08-16 03:43 . 2010-08-16 03:43 14088 ----a-w- c:\windows\system32\drivers\PROCEXP141.SYS
2010-08-16 02:10 . 2010-08-16 02:10 -------- d-----w- c:\users\langsa\AppData\Local\Microsoft Game Studios
2010-08-16 02:09 . 2010-08-16 02:10 -------- d-----w- c:\programdata\Microsoft Games
2010-08-16 02:06 . 2010-08-16 02:06 -------- d-----w- c:\users\langsa\AppData\Roaming\Microsoft Game Studios
2010-08-12 13:18 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 13:18 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 13:18 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-12 03:29 . 2010-08-12 03:29 -------- d-----w- c:\program files\Microsoft Works
2010-08-12 02:11 . 2010-08-12 02:11 -------- d-----w- c:\users\langsa\AppData\Roaming\Megaupload
2010-08-12 02:09 . 2010-08-12 02:09 -------- d-----w- c:\program files\Megaupload
2010-08-12 02:06 . 2010-08-12 02:06 9005872 ----a-w- c:\users\langsa\megamanager.exe
2010-08-11 23:57 . 2010-08-11 23:57 -------- d-----r- C:\MSOCache
2010-08-11 05:50 . 2010-08-11 05:50 -------- d-----w- c:\temp\Microsoft Office Enterprise 2007 English
2010-08-11 05:16 . 2010-08-11 05:53 -------- d-----w- C:\Temp
2010-08-11 04:41 . 2010-08-11 04:42 14951776 ----a-w- c:\users\langsa\word2007-kb974631-fullfile-x86-glb.exe
2010-08-01 02:04 . 2010-08-02 22:32 -------- d-----w- c:\users\langsa\Process Expl
2010-08-01 01:58 . 2010-08-01 01:59 1729668 ----a-w- c:\users\langsa\ProcessExplorer.zip
2010-07-27 05:10 . 2010-07-27 05:10 98304 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2010-07-27 05:10 . 2010-07-27 05:10 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2010-07-27 05:10 . 2010-07-27 05:10 126976 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2010-07-27 05:10 . 2010-07-27 05:10 401408 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2010-07-27 05:10 . 2010-08-04 03:03 765952 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2010-07-27 05:10 . 2010-07-27 05:12 -------- d-----w- c:\programdata\NexonUS
2010-07-27 05:10 . 2010-07-27 05:10 172032 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2010-07-26 01:56 . 2010-07-26 01:56 -------- d-----w- C:\Nexon
2010-07-26 01:09 . 2010-05-26 21:22 176128 ----a-w- c:\users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\{077a24e9-0db5-435f-9010-5261c53e5925}\plugins\npmabiwebframe.dll
2010-07-26 01:00 . 2010-07-27 03:26 -------- d-----w- c:\users\langsa\AppData\Local\PMB Files
2010-07-26 00:59 . 2010-07-26 03:44 -------- d-----w- c:\programdata\PMB Files
2010-07-26 00:58 . 2010-07-26 00:58 -------- d-----w- c:\program files\Pando Networks
2010-07-20 21:21 . 2010-07-20 21:21 1373536 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-07-20 21:21 . 2010-07-20 21:21 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll
2010-07-20 21:21 . 2010-07-20 21:21 921440 ----a-w- c:\programdata\avg9\update\backup\avgemc.exe
2010-07-20 21:21 . 2010-07-20 21:21 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-18 05:30 . 2010-06-12 04:01 0 ----a-w- c:\users\langsa\AppData\Local\prvlcl.dat
2010-08-18 05:08 . 2009-06-22 09:51 -------- d-----w- c:\programdata\PDFC
2010-08-18 04:51 . 2009-08-08 10:41 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-17 06:39 . 2010-07-04 19:45 -------- d-----w- c:\program files\SpywareBlaster
2010-08-17 02:29 . 2009-12-14 14:49 1356 ----a-w- c:\users\langsa\AppData\Local\d3d9caps.dat
2010-08-16 02:14 . 2009-08-09 01:45 -------- d-----w- c:\program files\Microsoft Games
2010-08-15 22:33 . 2009-06-22 09:53 -------- d-----w- c:\programdata\Microsoft Help
2010-08-13 22:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-12 12:53 . 2009-08-07 15:02 116032 ----a-w- c:\users\langsa\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-12 03:27 . 2009-06-22 09:57 -------- d-----w- c:\program files\Microsoft.NET
2010-08-12 02:09 . 2009-06-22 09:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-16 13:23 . 2009-08-24 16:20 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 13:23 . 2010-07-16 13:23 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 13:22 . 2009-08-24 16:20 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-16 00:31 . 2010-07-12 00:37 -------- d-----w- c:\programdata\NOS
2010-07-12 01:10 . 2010-07-12 01:09 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-12 01:03 . 2010-05-07 17:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-12 01:02 . 2010-07-12 01:01 71680 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-07-10 00:36 . 2010-02-12 03:31 -------- d-----w- c:\program files\Steam
2010-07-10 00:08 . 2010-02-12 03:31 -------- d-----w- c:\program files\Common Files\Steam
2010-07-09 16:38 . 2010-06-04 03:04 -------- d-----w- c:\program files\Messenger Plus! Live
2010-07-07 01:30 . 2010-07-07 01:30 388488 ----a-w- c:\programdata\WebEx\WebEx\500\atasctrl.dll
2010-07-07 01:29 . 2010-07-07 01:29 65536 ----a-w- c:\programdata\WebEx\WebEx\500\wbxcrypt.dll
2010-07-07 01:28 . 2010-07-07 01:28 103736 ----a-w- c:\programdata\WebEx\WebEx\500\atplycli.dll
2010-07-07 01:28 . 2010-07-07 01:28 65536 ----a-w- c:\programdata\WebEx\WebEx\500\atnetext.dll
2010-07-07 01:28 . 2010-07-07 01:28 185224 ----a-w- c:\programdata\WebEx\atgpcext.dll
2010-07-07 01:28 . 2010-07-07 01:28 28472 ----a-w- c:\programdata\WebEx\atgpcdec.dll
2010-07-05 02:55 . 2010-07-02 00:59 -------- d-----w- c:\users\langsa\AppData\Roaming\MyScribe
2010-07-04 19:46 . 2010-07-04 19:46 -------- d-----w- c:\programdata\CheckPoint
2010-07-04 19:09 . 2010-07-04 19:10 3103640 ----a-w- c:\users\langsa\spywareblastersetup43.exe
2010-07-04 18:58 . 2010-07-04 18:58 46899712 ----a-w- c:\users\langsa\zaSetup_92_057_000_en.exe
2010-07-03 22:21 . 2010-06-04 03:05 -------- d-----w- c:\programdata\Messenger Plus!
2010-07-02 13:09 . 2010-06-28 18:08 -------- d-----w- c:\program files\Spyware Doctor
2010-07-02 03:37 . 2010-03-25 20:51 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-02 03:37 . 2010-06-28 17:59 -------- d-----w- c:\programdata\PC Tools
2010-07-02 01:37 . 2010-07-02 01:35 -------- d-----w- c:\users\langsa\AppData\Roaming\Elluminate
2010-07-02 00:31 . 2010-07-02 00:31 1052672 ----a-w- c:\programdata\WebEx\WebEx\925\mac.dll
2010-07-02 00:31 . 2010-07-02 00:31 -------- d-----w- c:\users\langsa\AppData\Roaming\webex
2010-07-01 21:28 . 2010-07-01 21:28 574464 ----a-w- c:\users\langsa\OTL.exe
2010-06-30 04:26 . 2010-06-30 04:26 -------- d-----w- c:\users\langsa\AppData\Roaming\AVG9
2010-06-29 18:43 . 2010-06-29 18:42 293376 ----a-w- c:\users\langsa\3jgh10x5.exe
2010-06-29 18:31 . 2010-06-29 18:31 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-06-29 18:30 . 2010-06-29 18:29 34651584 ----a-w- c:\users\langsa\sp48843.exe
2010-06-29 18:21 . 2010-06-29 18:20 13960488 ----a-w- c:\users\langsa\Synaptics_v14_0_3_C_XP32_Vista32_Win7-32_Signed_default.exe
2010-06-29 18:13 . 2010-06-29 18:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-29 17:52 . 2009-12-14 16:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-28 21:42 . 2010-06-28 21:35 15374248 ----a-w- c:\users\langsa\sdstart.exe
2010-06-28 17:59 . 2010-06-28 17:59 -------- d-----w- c:\program files\ThreatFire
2010-06-26 06:05 . 2010-08-12 13:19 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 13:19 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 13:19 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 13:19 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-12 13:19 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 04:17 . 2010-06-21 04:16 922400 ----a-w- c:\users\langsa\jre-6u20-windows-i586-iftw-rv.exe
2010-06-20 23:55 . 2010-06-20 23:55 71798 ----a-w- c:\users\langsa\JavaRa.zip
2010-06-18 17:31 . 2010-08-12 13:19 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-15 22:11 . 2010-06-15 21:22 186624 ----a-w- c:\windows\hpwins23.dat
2010-06-15 20:53 . 2010-06-15 20:53 15416 ----a-w- c:\windows\system32\HPMDPCoInst10.dll
2010-06-15 20:53 . 2008-08-27 16:52 25656 ----a-w- c:\windows\system32\drivers\hpdskflt.sys
2010-06-15 20:53 . 2009-07-08 18:48 26168 ----a-w- c:\windows\system32\hpservice.exe
2010-06-15 20:53 . 2009-07-08 18:48 15416 ----a-w- c:\windows\system32\accelerometerdll.DLL
2010-06-15 20:53 . 2010-06-15 20:53 33848 ----a-w- c:\windows\system32\drivers\Accelerometer.sys
2010-06-14 02:56 . 2010-06-14 02:56 50354 ----a-w- c:\users\langsa\AppData\Roaming\Facebook\uninstall.exe
2010-06-14 02:56 . 2010-06-14 02:56 1990728 ----a-w- c:\users\langsa\Install_Facebook_Plug-In_1.0.3.exe
2010-06-11 16:16 . 2010-08-12 13:19 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-12 13:19 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 04:44 . 2010-06-11 04:45 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\users\langsa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-06-08 17:35 . 2010-08-12 13:19 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-12 13:19 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-04 18:08 . 2010-06-04 18:01 16065852 ----a-w- c:\users\langsa\devrydocuments.zip
2010-06-04 03:03 . 2010-06-04 03:02 4852120 ----a-w- c:\users\langsa\MsgPlusLive-484.exe
2010-06-02 13:57 . 2009-08-24 16:20 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-27 20:08 . 2010-08-12 13:19 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-05-26 19:24 . 2010-04-23 18:32 18488 ----a-w- c:\windows\Help\OEM\scripts\HPHC_BUY_BATTERY.exe
2010-05-26 17:06 . 2010-06-08 21:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-08 21:24 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 18:14 . 2009-10-03 06:25 221568 ------w- c:\windows\system32\MpSigStub.exe
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 10:06 . 2010-03-03 04:02 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2010-03-03 04:02 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2010-03-03 04:02 216064 --sh--r- c:\windows\System32\nbDX.dll
2009-06-22 09:29 . 2009-06-22 09:29 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C} "= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 14:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-09 2393376]
"Google Update "= "c:\users\langsa\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-08-13 133104]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-16 186904]
"accrdsub "= "c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-11-28 298536]
"PTHOSTTR "= "c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-02-12 355896]
"CognizanceTS "= "c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-01-28 24848]
"PDF Complete "= "c:\program files\PDF Complete\pdfsty.exe" [2008-08-08 319000]
"HP Mobile Broadband "= "c:\swsetup\HPQWWAN\HPMobileBroadband.exe" [2009-01-09 455224]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"WirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-03-10 506936]
"HP Health Check Scheduler "= "c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"File Sanitizer "= "c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-01-14 11223040]
"QlbCtrl.exe "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-02-18 177720]
"HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-04 61440]
"HPCam_Menu "= "c:\program files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2} "= "c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"VirtualCloneDrive "= "c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-22 202256]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv "= "grpconv -o" [X]

c:\users\langsa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ThreatFire.lnk - c:\program files\ThreatFire\TFGui.exe [2010-6-28 1160464]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-1 789032]
ThreatFire.lnk - c:\program files\ThreatFire\TFGui.exe [2010-6-28 1160464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2008-08-06 22:23 69632 ----a-w- c:\windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\System32\APSHook.dll c:\windows\System32\avgrsstx.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2 "=hex(b):f3,d5,07,15,81,25,ca,01

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-01-14 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-01-14 59664]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]
R1 RsvLock;RsvLock; [x]
R2 0213001251130747mcinstcleanup;McAfee Application Installer Cleanup (0213001251130747);c:\users\langsa\AppData\Local\Temp\021300~1.EXE [x]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-11-28 185896]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-10-03 1185016]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-20 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-18 135664]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-10-01 256544]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-01-14 77824]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-06-15 26168]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-08-08 777240]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-03-11 29736]
R3 CJJDZH;CJJDZH;c:\users\langsa\AppData\Local\Temp\CJJDZH.exe [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2008-08-06 32256]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2008-08-06 349432]
R3 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2009-02-12 45056]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-10-15 3042652]
R3 PROCEXP141;PROCEXP141;c:\windows\system32\Drivers\PROCEXP141.SYS [2010-08-16 14088]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-01-14 33552]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-16 243024]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-04-05 6630912]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Bioscrypt REG_MULTI_SZ ASBroker ASChannel
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
ipripsvc REG_MULTI_SZ iprip
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-09 23:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-18 23:27]

2010-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-18 23:27]

2010-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2841127670-2781909849-4267527183-1004Core.job
- c:\users\langsa\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-13 02:35]

2010-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2841127670-2781909849-4267527183-1004UA.job
- c:\users\langsa\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-13 02:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=all&pf=cmnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=all&pf=cmnb
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
FF - ProfilePath - c:\users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\kSolo\npAVX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\langsa\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\langsa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\langsa\AppData\Roaming\Mozilla\Firefox\Profiles\5gidxkas.default\extensions\{077a24e9-0db5-435f-9010-5261c53e5925}\plugins\npmabiwebframe.dll
FF - plugin: c:\users\langsa\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: c:\users\langsa\Documents\Sparkplay Media\Sparkplayer (Beta)\npSparkPlayerNS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-18 02:04
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath "= "c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath "= "c:\windows\system32\GameMon.des -service "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ThreatFire]
"AlternateImagePath "=" "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2841127670-2781909849-4267527183-1004\Software\SecuROM\License information*]
"datasecu "=hex:aa,14,f9,46,6e,99,eb,0e,ae,23,60,67,c9,0b,11,5f,50,c3,d8,f8,a3,
b3,2b,21,08,91,83,1c,e1,ee,a6,c3,82,67,d2,ce,24,3e,54,2e,f6,60,8b,c1,f8,74,\
"rkeysecu "=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1784)
c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
.
Completion time: 2010-08-18 02:06:47
ComboFix-quarantined-files.txt 2010-08-18 06:06
ComboFix2.txt 2010-08-18 01:05

Pre-Run: 32,935,116,800 bytes free
Post-Run: 32,866,750,464 bytes free

- - End Of File - - 37E4A3D43FCFF7F6ABBDF661DE31DFDC

broni · 2010/08/18

Run Combofix listed below in Safe Mode. You may want to rKill first again.

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\users\langsa\AppData\Local\Temp\CJJDZH.exe

Driver::
sptd
RsvLock
0213001251130747mcinstcleanup
CJJDZH
SafeBoot
SbAlg
SbFsLock
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

langsa · 2010/08/18

Had to use System Restore again. What else can I do?

broni · 2010/08/18

Is this your only computer?

Log in or Sign up

Inactive Programs not starting, task manager not starting or freezing.

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Programs not starting, task manager not starting or freezing.

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

broni Moderator Malware Analyst

langsa Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches