OK - here's the problem:

Withing maybe 90 seconds of my computer (32-bit vista) turning on and logging in and everything, two windows pop up. The first says that the "Services and Controller app has stopped working" and then the other says "You are about to be logged off" at the top and then "Windows has encountered a critical error and will restart automatically in one minute. Please save your work now."

Then, sure enough, after a minute, the computer restarts. I can't seem to figure out if there's a specific trigger for it, but I know it happens shortly after booting. Right now it's running fine in safe mode, but other than that I don't know what to do. I've run Malwarebytes' Anti-Malware which cleared some of the other junk on my computer, but left this. Also, google links redirect me to various ad sites.


DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by Ganusch at 19:56:14.72 on Tue 06/30/2009
Internet Explorer: 7.0.6000.16386
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3070.2631 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
E:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Ganusch\Downloads\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Module Loader] c:\program files\creative\shared files\module loader\DLLML.exe -StartUpRun
mRun: [Adobe Acrobat Speed Launcher] "e:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "e:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - e:\program files\wlan111t.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Backward &Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: PCANotify - PCANotify.dll
AppInit_DLLs: acaptuser32.dll

============= SERVICES / DRIVERS ===============

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-30 108552]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2007-11-21 569344]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-30 327688]
S1 sysdrv;sysdrv;c:\program files\sys\sys.sys [2009-6-29 9344]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-30 298776]
S2 sys;sys;c:\windows\system32\svchost.exe -k sys [2006-11-2 22016]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-18 24652]
S3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;c:\windows\microsoft.net\framework\v4.0.20506\mscorsvw.exe [2009-5-6 104272]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-1-1 79360]
S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNIMP50.sys [2008-12-17 21504]
S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNISP50.sys [2008-12-17 20480]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2009-4-15 802176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-6-29 38160]
S3 WG111T;NETGEAR WG111T USB2.0 Wireless Card Service;c:\windows\system32\drivers\WG111Tv.sys [2008-12-17 870400]

=============== Created Last 30 ================

2009-06-30 19:44 0 a------- c:\windows\system32\commonpriv.log.lock
2009-06-30 19:40 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-30 19:40 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-30 19:40 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-06-30 19:40 <DIR> --d----- c:\programdata\AVG Security Toolbar
2009-06-30 19:40 <DIR> --d----- c:\progra~2\AVG Security Toolbar
2009-06-30 19:39 <DIR> --d----- c:\programdata\avg8
2009-06-30 19:39 <DIR> --d----- c:\progra~2\avg8
2009-06-30 19:36 <DIR> --d----- c:\program files\AVG
2009-06-29 23:05 <DIR> --d----- c:\program files\Trend Micro
2009-06-29 22:58 <DIR> --d----- C:\VundoFix Backups
2009-06-29 21:48 2 a------- c:\windows\0101120101465749.dat
2009-06-29 19:39 <DIR> --d----- c:\users\ganusch\appdata\roaming\Malwarebytes
2009-06-29 19:39 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-29 19:39 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-29 19:39 <DIR> --d----- c:\programdata\Malwarebytes
2009-06-29 19:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-29 19:39 <DIR> --d----- c:\progra~2\Malwarebytes
2009-06-29 18:48 831 a------- c:\windows\system32\critical_warning.html
2009-06-29 18:48 2 a------- c:\windows\010112010146118114.dat
2009-06-29 18:48 40,960 a------- C:\poykfa.exe
2009-06-29 18:48 9,216 a------- C:\chfyosn.exe
2009-06-29 18:41 <DIR> --d----- c:\program files\sys
2009-06-28 22:13 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-06-28 22:13 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-06-28 22:13 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-06-23 18:45 <DIR> --d----- c:\programdata\AOL Downloads
2009-06-17 17:35 1 ----h--- c:\windows\jmmark2.dat
2009-06-14 02:08 <DIR> --d----- c:\programdata\Steam
2009-06-14 02:08 <DIR> --d----- c:\progra~2\Steam
2009-06-14 02:08 <DIR> --d----- c:\programdata\PopCap Games
2009-06-14 02:08 <DIR> --d----- c:\progra~2\PopCap Games
2009-06-08 15:31 <DIR> --d----- c:\programdata\Codemasters
2009-06-08 15:31 <DIR> --d----- c:\progra~2\Codemasters
2009-06-08 13:09 <DIR> --d----- c:\programdata\Electronic Arts
2009-06-08 13:09 <DIR> --d----- c:\progra~2\Electronic Arts
2009-06-08 13:06 1,828 a------- c:\windows\system32\ealregsnapshot1.reg
2009-06-08 12:40 69 a------- c:\windows\NeroDigital.ini
2009-06-03 20:32 447,752 a----r-- c:\windows\system32\vp6vfw.dll
2009-06-03 20:32 <DIR> --d----- c:\program files\Microsoft WSE
2009-06-02 09:49 <DIR> --dsh--- C:\found.000

==================== Find3M ====================

2009-06-02 20:13 86,016 a------- c:\windows\inf\infstor.dat
2009-06-02 20:13 51,200 a------- c:\windows\inf\infpub.dat
2009-06-02 20:13 86,016 a------- c:\windows\inf\infstrng.dat
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-28 19:28 1,083,720 a------- c:\windows\system32\dfshim.dll
2009-05-28 19:28 404,320 a------- c:\windows\system32\PresentationHost.exe
2009-05-28 19:28 291,152 a------- c:\windows\system32\mscoree.dll
2009-05-28 19:28 76,648 a------- c:\windows\system32\PresentationHostProxy.dll
2009-05-06 11:29 17,744 a------- c:\windows\system32\aspnet_counters.dll
2009-05-06 09:08 103,304 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0400.dll
2009-04-20 17:25 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-04-20 17:25 110,592 a------- c:\windows\system32\OpenAL32.dll
2006-11-02 08:50 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 06:32 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 19:56:23.63 ===============

Hi, ganusch

Welcome.

Please read and follow all these instructions very carefully.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   -----------------------------------------------------------
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
     
     -----------------------------------------------------------
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
   -----------------------------------------------------------
   • Copy the entire contents of the Quote Box below to Notepad.
   • Name the file as CFScript.txt
   • Change the Save as Type to All Files
   • and Save it on the desktop
   QUOTE
   Collect::
   c:\windows\system32\critical_warning.html
   c:\windows\0101120101465749.dat
   C:\poykfa.exe
   C:\chfyosn.exe
   c:\windows\jmmark2.dat
   c:\windows\system32\vp6vfw.dll
   
   DirLook::
   c:\program files\sys
   
   Driver::
   sys
   
   
   
   
   Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe.
   
4. If you receive a message that Combofix has detected the presence of rootkit activity and needs to reboot, kindly write down on paper the list of files present in the message before continuing, and post it in your next reply.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt" along with a new DDS log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Additionally, when CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

• Ensure you are connected to the internet and click OK on the message box.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.

Hm OK well I did all that (thank you for your promptness by the way) and it seemed like Combofix was working but after it did its reboot and was getting ready to make its log the "Services and Controller app has stopped working" window popped up and Combofix said "Problem 1726" before 60 seconds was up and the computer restarted.

Here's another DDS:

DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by Ganusch at 23:06:17.45 on Tue 06/30/2009
Internet Explorer: 7.0.6000.16386
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3070.2639 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
E:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Ganusch\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Module Loader] c:\program files\creative\shared files\module loader\DLLML.exe -StartUpRun
mRun: [Adobe Acrobat Speed Launcher] "e:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "e:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - e:\program files\wlan111t.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Backward &Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: PCANotify - PCANotify.dll
AppInit_DLLs: c:\windows\system32\acaptuser32.dll c:\windows\system32\avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-30 108552]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2007-11-21 569344]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-30 327688]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-30 298776]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-18 24652]
S3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;c:\windows\microsoft.net\framework\v4.0.20506\mscorsvw.exe [2009-5-6 104272]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-1-1 79360]
S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNIMP50.sys [2008-12-17 21504]
S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNISP50.sys [2008-12-17 20480]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2009-4-15 802176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-6-29 38160]
S3 WG111T;NETGEAR WG111T USB2.0 Wireless Card Service;c:\windows\system32\drivers\WG111Tv.sys [2008-12-17 870400]

=============== Created Last 30 ================

2009-06-30 22:50 161,792 a------- c:\windows\SWREG.exe
2009-06-30 22:50 155,136 a------- c:\windows\PEV.exe
2009-06-30 22:50 98,816 a------- c:\windows\sed.exe
2009-06-30 22:50 320,000 a------- c:\windows\system32\CF27506.exe
2009-06-30 22:50 <DIR> --ds---- C:\ComboFix
2009-06-30 21:01 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-30 21:01 <DIR> --d----- c:\programdata\AVG Security Toolbar
2009-06-30 21:01 <DIR> --d----- c:\progra~2\AVG Security Toolbar
2009-06-30 19:44 0 a------- c:\windows\system32\commonpriv.log.lock
2009-06-30 19:40 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-30 19:40 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-30 19:40 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-06-30 19:39 <DIR> --d----- c:\programdata\avg8
2009-06-30 19:39 <DIR> --d----- c:\progra~2\avg8
2009-06-30 19:36 <DIR> --d----- c:\program files\AVG
2009-06-29 23:05 <DIR> --d----- c:\program files\Trend Micro
2009-06-29 22:58 <DIR> --d----- C:\VundoFix Backups
2009-06-29 19:39 <DIR> --d----- c:\users\ganusch\appdata\roaming\Malwarebytes
2009-06-29 19:39 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-29 19:39 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-29 19:39 <DIR> --d----- c:\programdata\Malwarebytes
2009-06-29 19:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-29 19:39 <DIR> --d----- c:\progra~2\Malwarebytes
2009-06-28 22:13 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-06-28 22:13 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-06-28 22:13 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-06-23 18:45 <DIR> --d----- c:\programdata\AOL Downloads
2009-06-14 02:08 <DIR> --d----- c:\programdata\Steam
2009-06-14 02:08 <DIR> --d----- c:\progra~2\Steam
2009-06-14 02:08 <DIR> --d----- c:\programdata\PopCap Games
2009-06-14 02:08 <DIR> --d----- c:\progra~2\PopCap Games
2009-06-08 15:31 <DIR> --d----- c:\programdata\Codemasters
2009-06-08 15:31 <DIR> --d----- c:\progra~2\Codemasters
2009-06-08 13:09 <DIR> --d----- c:\programdata\Electronic Arts
2009-06-08 13:09 <DIR> --d----- c:\progra~2\Electronic Arts
2009-06-08 13:06 1,828 a------- c:\windows\system32\ealregsnapshot1.reg
2009-06-08 12:40 69 a------- c:\windows\NeroDigital.ini
2009-06-03 20:32 <DIR> --d----- c:\program files\Microsoft WSE
2009-06-02 09:49 <DIR> --dsh--- C:\found.000

==================== Find3M ====================

2009-06-02 20:13 86,016 a------- c:\windows\inf\infstor.dat
2009-06-02 20:13 51,200 a------- c:\windows\inf\infpub.dat
2009-06-02 20:13 86,016 a------- c:\windows\inf\infstrng.dat
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-28 19:28 1,083,720 a------- c:\windows\system32\dfshim.dll
2009-05-28 19:28 404,320 a------- c:\windows\system32\PresentationHost.exe
2009-05-28 19:28 291,152 a------- c:\windows\system32\mscoree.dll
2009-05-28 19:28 76,648 a------- c:\windows\system32\PresentationHostProxy.dll
2009-05-06 11:29 17,744 a------- c:\windows\system32\aspnet_counters.dll
2009-05-06 09:08 103,304 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0400.dll
2009-04-20 17:25 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-04-20 17:25 110,592 a------- c:\windows\system32\OpenAL32.dll
2006-11-02 08:50 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 06:32 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 23:06:28.43 ===============

EDIT 2 Nevermind no luck with that still got the same Services and Controller app error
EDIT: Just ran Combofix again except rebooted into safe mode and it gave me this log:

ComboFix 09-06-29.07 - Ganusch 06/30/2009 23:17.2 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3070.2649 [GMT -4:00]
Running from: c:\users\Ganusch\Desktop\ComboFix.exe
Command switches used :: c:\users\Ganusch\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\bt.log
C:\chfyosn.exe
C:\poykfa.exe
c:\program files\sys\sys.dll
c:\program files\sys\sys.sys
c:\windows\010112010146118114.dat
c:\windows\0101120101465749.dat
c:\windows\jmmark2.dat
c:\windows\system32\critical_warning.html
c:\windows\system32\vp6vfw.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PODMENADRV
-------\Legacy_SYSDRV
-------\Service_sys
-------\Service_sysdrv


((((((((((((((((((((((((( Files Created from 2009-06-01 to 2009-07-01 )))))))))))))))))))))))))))))))
.

2009-07-01 03:22 . 2009-07-01 03:23 -------- d-----w- c:\users\Ganusch\AppData\Local\temp
2009-07-01 01:19 . 2009-07-01 01:19 -------- d-----w- c:\users\Ganusch\AppData\Local\AVG Security Toolbar
2009-07-01 01:01 . 2009-07-01 01:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-01 01:01 . 2009-07-01 01:01 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-06-30 23:40 . 2009-06-30 23:40 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-30 23:40 . 2009-06-30 23:40 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-30 23:40 . 2009-06-30 23:43 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-30 23:40 . 2009-06-30 23:40 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-30 23:39 . 2009-07-01 03:15 -------- d-----w- c:\programdata\avg8
2009-06-30 23:36 . 2009-06-30 23:36 -------- d-----w- c:\program files\AVG
2009-06-30 03:11 . 2009-06-30 03:11 -------- d-----w- c:\users\Ganusch\AppData\Local\Adobe
2009-06-30 03:11 . 2009-06-30 03:11 -------- d-----w- c:\users\Ganusch\AppData\Local\AOL
2009-06-30 03:05 . 2009-06-30 03:05 -------- d-----w- c:\program files\Trend Micro
2009-06-30 02:58 . 2009-06-30 02:58 -------- d-----w- C:\VundoFix Backups
2009-06-29 23:39 . 2009-06-29 23:39 -------- d-----w- c:\users\Ganusch\AppData\Roaming\Malwarebytes
2009-06-29 23:39 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-29 23:39 . 2009-06-29 23:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-29 23:39 . 2009-06-29 23:39 -------- d-----w- c:\programdata\Malwarebytes
2009-06-29 23:39 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-29 02:13 . 2009-06-29 02:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-29 02:13 . 2009-06-29 02:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-23 22:45 . 2009-06-23 22:45 -------- d-----w- c:\programdata\AOL Downloads
2009-06-14 06:08 . 2009-06-14 06:08 -------- d-----w- c:\programdata\Steam
2009-06-14 06:08 . 2009-06-14 06:20 -------- d-----w- c:\programdata\PopCap Games
2009-06-08 20:57 . 2009-06-08 20:57 -------- d-----w- c:\program files\Electronic Arts
2009-06-08 20:54 . 2009-06-08 20:54 758088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-08 19:31 . 2009-06-08 19:31 -------- d-----w- c:\programdata\Codemasters
2009-06-08 19:16 . 2009-06-08 19:16 -------- d-----w- c:\users\Ganusch\AppData\Local\Criterion Games
2009-06-08 17:09 . 2009-06-08 17:09 -------- d-----w- c:\programdata\Electronic Arts
2009-06-08 17:06 . 2009-06-08 17:06 1828 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-06-04 00:32 . 2009-06-04 00:32 10134 ----a-r- c:\users\Ganusch\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-04 00:32 . 2009-06-04 00:32 -------- d-----w- c:\program files\Microsoft WSE
2009-06-03 00:14 . 2009-06-03 00:15 -------- d-----w- c:\program files\QuickTime
2009-06-03 00:08 . 2009-06-03 00:08 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-02 13:49 . 2009-06-02 13:49 -------- d-sh--w- C:\found.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 00:25 . 2008-12-17 05:51 2032 ----a-w- c:\users\Ganusch\AppData\Local\d3d9caps.dat
2009-06-30 02:37 . 2009-01-04 04:21 -------- d-----w- c:\users\Ganusch\AppData\Roaming\Ventrilo
2009-06-30 02:37 . 2009-01-18 04:19 -------- d-----w- c:\program files\AIM6
2009-06-30 02:31 . 2008-12-18 00:07 -------- d-----w- c:\users\Ganusch\AppData\Roaming\uTorrent
2009-06-23 22:46 . 2009-01-18 04:20 -------- d-----w- c:\programdata\Viewpoint
2009-06-14 06:08 . 2009-05-25 02:43 17 ----a-w- c:\windows\popcinfo.dat
2009-06-13 19:26 . 2009-04-22 03:09 -------- d-----w- c:\program files\Curse
2009-06-11 16:31 . 2009-05-28 02:13 -------- d-----w- c:\program files\Armory Viewer
2009-06-08 17:06 . 2008-12-17 23:45 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-04 00:18 . 2008-12-17 23:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-03 18:45 . 2008-12-23 16:43 -------- d-----w- c:\programdata\Apple
2009-06-03 00:15 . 2008-12-23 16:45 -------- d-----w- c:\program files\iPod
2009-06-03 00:15 . 2008-12-23 16:43 -------- d-----w- c:\program files\Common Files\Apple
2009-05-30 04:02 . 2009-05-30 04:02 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2009-05-30 04:01 . 2009-05-30 04:01 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-29 17:36 . 2009-05-29 17:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 17:36 . 2009-05-29 17:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-28 23:28 . 2009-05-28 23:28 76648 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-05-28 23:28 . 2009-05-28 23:28 404320 ----a-w- c:\windows\system32\PresentationHost.exe
2009-05-28 23:28 . 2009-05-28 23:28 291152 ----a-w- c:\windows\system32\mscoree.dll
2009-05-28 23:28 . 2009-05-28 23:28 1083720 ----a-w- c:\windows\system32\dfshim.dll
2009-05-28 02:24 . 2009-05-28 02:24 -------- d-----w- c:\program files\7-Zip
2009-05-28 02:21 . 2009-05-28 02:21 -------- dc-h--w- c:\programdata\{BE672698-4DAC-4C83-9056-C07C3170F628}
2009-05-28 02:16 . 2009-05-28 02:16 -------- d-----w- c:\users\Ganusch\AppData\Roaming\Stardock
2009-05-28 02:16 . 2009-05-28 02:16 -------- dc-h--w- c:\programdata\{EA77F737-0FEA-4800-BD99-D6AF1051C7A9}
2009-05-28 02:15 . 2009-05-28 02:15 -------- d-----w- c:\program files\Stardock
2009-05-28 02:15 . 2009-05-28 02:15 -------- d-----w- c:\programdata\Stardock
2009-05-28 02:02 . 2009-05-28 02:02 -------- d-----w- c:\program files\QuickSFV
2009-05-26 20:29 . 2009-05-26 01:48 -------- d-----w- c:\program files\Braid
2009-05-26 02:06 . 2009-05-26 02:04 -------- d-----w- c:\users\Ganusch\AppData\Roaming\Braid
2009-05-22 21:12 . 2009-05-22 21:05 -------- d-----w- c:\programdata\Symantec
2009-05-22 21:07 . 2009-05-22 21:07 -------- d-----w- c:\users\Ganusch\AppData\Roaming\Symantec
2009-05-22 21:07 . 2009-05-22 21:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-22 21:05 . 2009-05-22 21:05 -------- d-----w- c:\program files\Symantec
2009-05-19 05:36 . 2009-06-17 23:36 2884832 ----a-w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\vwpt.exe
2009-05-19 05:36 . 2009-06-17 23:36 28 ----a-w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unregister.bat
2009-05-19 05:36 . 2009-06-17 23:36 1484856 ----a-w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\toolbar.exe
2009-05-19 05:36 . 2009-06-17 23:36 25 ----a-w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\register.bat
2009-05-19 05:36 . 2009-06-17 23:36 97072 ----a-w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\bsetutil.exe
2009-05-19 05:36 . 2009-06-17 23:36 142040 ----a-w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\alsetup.exe
2009-05-19 05:36 . 2009-06-17 23:36 30512 ----a-w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\Uninstaller.exe
2009-05-19 05:36 . 2009-06-17 23:36 111920 ----a-w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLSearch.dll
2009-05-12 21:30 . 2009-01-01 22:22 -------- d-----w- c:\program files\Steam
2009-05-06 15:29 . 2009-05-06 15:29 17744 ----a-w- c:\windows\system32\aspnet_counters.dll
2009-05-06 13:08 . 2009-05-06 13:08 103304 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0400.dll
2009-04-20 21:44 . 2009-04-20 21:38 33916984 ----a-w- c:\programdata\Creative\Software Update\cache\Creative Karaoke Player 2.11.01__\KLOK_PCAPP_LB_2_11_01.exe
2009-04-20 21:38 . 2009-04-20 21:32 37406376 ----a-w- c:\programdata\Creative\Software Update\cache\Creative MediaSource 5 Player_Organizer 5.25.02__\CMS5_PCAPP_LB_5_25_02.exe
2009-04-20 21:32 . 2009-04-20 21:31 8512328 ----a-w- c:\programdata\Creative\Software Update\cache\Creative ALchemy 1.25.10__\ALMY_PCVTAPP_LB_1_25_10.exe
2009-04-20 21:31 . 2009-04-20 21:29 12846328 ----a-w- c:\programdata\Creative\Software Update\cache\Creative WaveStudio 7.11.00__\WAVESTD_PCAPP_LB_7_11_00.exe
2009-04-20 21:25 . 2009-04-20 21:25 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-04-20 21:25 . 2009-04-20 21:25 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-04-12 18:08 . 2009-04-12 18:08 97566 ----a-r- c:\users\Ganusch\AppData\Roaming\Microsoft\Installer\{A8E95F3D-9BAC-49F9-BDF2-9381FE8B18D0}\_DE67C36D91BB1DA0ADD71F.exe
2009-04-12 18:08 . 2009-04-12 18:08 97566 ----a-r- c:\users\Ganusch\AppData\Roaming\Microsoft\Installer\{A8E95F3D-9BAC-49F9-BDF2-9381FE8B18D0}\_6FEFF9B68218417F98F549.exe
2009-04-12 18:08 . 2009-04-12 18:08 97566 ----a-r- c:\users\Ganusch\AppData\Roaming\Microsoft\Installer\{A8E95F3D-9BAC-49F9-BDF2-9381FE8B18D0}\_3A9E43E8F3C1436F43338B.exe
2009-04-12 16:37 . 2009-04-12 16:37 279172 ----a-w- c:\programdata\eSellerate\eWebClient.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\sys ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-21 136600]
"Module Loader"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 57344]
"Adobe Acrobat Speed Launcher"="e:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="e:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"Creative SB Monitoring Utility"="sbavmon.dll" - c:\windows\System32\SBAVMon.dll [2008-12-01 94720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111T Smart Wizard.lnk - e:\program files\wlan111t.exe [2008-12-17 995328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2007-04-27 16:10 18744 ----a-w- c:\windows\System32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0"
"UpdatesDisableNotify"="0"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CFB249DD-8910-4838-86E9-E16C404B1F87}"= UDP:e:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{6E23229C-2C84-4AE0-AE12-143474F81C51}"= TCP:e:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{AA9A710D-E813-4918-94CC-C7C69D53E428}"= UDP:e:\program files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{B2F0C67F-A9EA-4BEF-8E61-8593CC220B65}"= TCP:e:\program files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{85CC76A9-A348-4A8A-B294-A69F636324ED}"= UDP:e:\program files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{E2BAA817-98A3-42DC-AE39-FA633C9BD338}"= TCP:e:\program files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{C4CF58AF-BDBD-4660-9113-B0DC9B916EA4}"= UDP:e:\program files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{1B970B06-ADC2-4451-9CE2-3849F49B2CCD}"= TCP:e:\program files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"TCP Query User{FB65E769-41FB-4AB9-AD66-D1D5A22F0DF0}e:\\program files\\left 4 dead\\left4dead.exe"= UDP:e:\program files\left 4 dead\left4dead.exe:left4dead
"UDP Query User{2C00B68B-BEF5-4B10-916F-2D5299EF1D46}e:\\program files\\left 4 dead\\left4dead.exe"= TCP:e:\program files\left 4 dead\left4dead.exe:left4dead
"TCP Query User{303AD123-6717-4368-9FF1-3CD3CEA2BD37}e:\\torrentzzz\\utorrent\\utorrent.exe"= UDP:e:\torrentzzz\utorrent\utorrent.exe:µTorrent
"UDP Query User{3984ABA1-B9E8-4D33-BCF8-D01D6969660D}e:\\torrentzzz\\utorrent\\utorrent.exe"= TCP:e:\torrentzzz\utorrent\utorrent.exe:µTorrent
"TCP Query User{B0A6E84B-C47F-4BB0-B627-9282BCE53615}c:\\users\\ganusch\\desktop\\utorrent.exe"= UDP:c:\users\ganusch\desktop\utorrent.exe:utorrent.exe
"UDP Query User{112B8AAA-7449-48BD-B9D3-2A069928B280}c:\\users\\ganusch\\desktop\\utorrent.exe"= TCP:c:\users\ganusch\desktop\utorrent.exe:utorrent.exe
"{A04E56AC-EEE9-4472-88F8-042A0D553C5A}"= UDP:c:\program files\Steam\Steam.exe:Steam
"{50EA3AE5-8811-4C61-B0F3-D635EFF25FDC}"= TCP:c:\program files\Steam\Steam.exe:Steam
"{C7C69132-2666-4569-986D-B77D8DCE395C}"= UDP:e:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{AA32B478-1F73-4A13-B0E3-83BCFD9997CB}"= TCP:e:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"TCP Query User{452CEFC1-29B8-4B7B-B6B4-1DFEAA72D363}e:\\program files\\world of warcraft\\repair.exe"= UDP:e:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{F59F85C6-08FB-4AAA-A459-EA437E6112B9}e:\\program files\\world of warcraft\\repair.exe"= TCP:e:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"{AAEADDE7-2282-48E4-8E99-2DA46236C0D0}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{C781BAE1-69D5-41D8-B677-E7CAB7FCBCAC}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{7C1E0854-0B78-41BB-824B-FD66CF715525}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{4CD8E694-3837-4FD0-94B0-F56B4D9CFA70}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{0B5FFECB-4613-45B4-A2D1-F9EC7217C024}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\srcds.exe:Left 4 Dead Dedicated Server
"{37F349D2-D593-4714-A706-39F6A8F9997B}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\srcds.exe:Left 4 Dead Dedicated Server
"TCP Query User{DA7C1867-2FB0-4F52-BEB1-66F5ACCE2486}c:\\program files\\tortun\\gui.exe"= UDP:c:\program files\tortun\gui.exe:gui
"UDP Query User{A07F1029-F13A-4BA9-B2B7-96DAE2404838}c:\\program files\\tortun\\gui.exe"= TCP:c:\program files\tortun\gui.exe:gui
"{4654D13F-369A-4B90-9385-29500532BEC6}"= UDP:c:\program files\VoipCheapCom\VoipCheapCom.exe:VoipCheapCom
"{A6BCD7D3-CB48-4D91-A9D7-EEC87C644017}"= TCP:c:\program files\VoipCheapCom\VoipCheapCom.exe:VoipCheapCom
"TCP Query User{E9168266-94B6-4D12-B16F-B629C110CFDD}c:\\world of warcraft\\launcher.exe"= UDP:c:\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{24B17653-8F47-4496-A10F-B7304737BACE}c:\\world of warcraft\\launcher.exe"= TCP:c:\world of warcraft\launcher.exe:Blizzard Launcher
"{C6CFD223-813D-4B7F-A16C-D07A04C5E7D4}"= UDP:c:\world of warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{F23D824F-1B9E-41F0-9936-75FAF7256168}"= TCP:c:\world of warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{2FB30041-5D9E-484C-AC44-E8D8775B3303}"= UDP:3724:Blizzard Downloader: 3724
"{98B0CB75-FF00-4DE6-92FC-EAA1882E549E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6593966A-C143-467E-9ACF-3049BFB4BF2B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{17D9D137-A7EA-4994-A33D-590B57151126}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:Blizzard Downloader
"{BF02F749-CA7D-455B-8794-171A0DC459A8}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{F9D094B3-3C9A-47AB-AA7F-7F45E3A255A0}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client
"{2FA49C95-4335-44B5-83DB-ED712918BD15}"= UDP:c:\users\Ganusch\AppData\LocalLow\Dyyno Receiver\DPPM.exe:Dyyno Plugin Receiver
"{4FB578C8-2F31-4853-BF05-23568F01C0B6}"= TCP:c:\users\Ganusch\AppData\LocalLow\Dyyno Receiver\DPPM.exe:Dyyno Plugin Receiver
"{2B729C21-6500-4708-89D7-B308FB85BB17}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enUS-downloader.exe:Blizzard Downloader
"{D56104C1-FCC8-469B-B90D-99819E66F154}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enUS-downloader.exe:Blizzard Downloader
"{9B6C1152-1A13-4982-83B4-8F052EA49161}"= UDP:e:\program files\Symantec\pcAnywhere\awhost32.exe:pcAnywhere Host
"{BCE94115-8EB1-42F6-BDB7-3553D088ADF6}"= TCP:e:\program files\Symantec\pcAnywhere\awhost32.exe:pcAnywhere Host
"{992F660B-FE7A-4104-A80A-DDCED4DDA753}"= UDP:e:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"{E3191753-839B-415C-89DF-99C315B42F77}"= TCP:e:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"{2B2BB8A5-BCE3-4D47-98D3-C864BBBFF3A4}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe:Blizzard Downloader
"{EE572BAA-4FAC-4BBC-8D31-A56C0BEF53C1}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe:Blizzard Downloader
"{571939E3-1B42-4774-B894-0EABF458F6DD}"= UDP:e:\program files\iTunes\iTunes.exe:iTunes
"{DC4AFB94-5F2C-4696-8CC1-C3B4874A7A40}"= TCP:e:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{8BA88F5E-2D50-40C3-8ED2-40ACC19830DE}e:\\program files\\grid\\grid.exe"= UDP:e:\program files\grid\grid.exe:GRID Executable
"UDP Query User{1BE73953-60C5-4C50-9B5A-5FB2E9F532D7}e:\\program files\\grid\\grid.exe"= TCP:e:\program files\grid\grid.exe:GRID Executable
"{495931A0-F6CA-403D-817D-3F918A2BF453}"= UDP:c:\program files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout™ Paradise The Ultimate Box
"{185AA5B8-62A1-44C3-BC31-D6107E99A58E}"= TCP:c:\program files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout™ Paradise The Ultimate Box
"{FD32FDFC-3793-46F2-A854-F0E12E3FDB83}"= UDP:c:\program files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout™ Paradise The Ultimate Box
"{9182712B-4342-4BE5-831B-CA92CA42047A}"= TCP:c:\program files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout™ Paradise The Ultimate Box
"{2DA0A955-9D7A-4BE0-9FF7-260389AA45D0}"= UDP:c:\program files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe:Burnout™ Paradise The Ultimate Box
"{3D85A6E0-C735-4FDA-A13F-1B2E8110CB31}"= TCP:c:\program files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe:Burnout™ Paradise The Ultimate Box
"{91414C65-04CF-473D-9983-5595C2EDBF76}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{FC14A3FC-43CC-4213-BE2D-27C7EB0767A9}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [6/30/2009 7:40 PM 108552]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr28u.sys [11/21/2007 3:35 AM 569344]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [6/30/2009 7:40 PM 327688]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/18/2009 12:20 AM 24652]
S3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;c:\windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe [5/6/2009 9:08 AM 104272]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [1/1/2009 1:34 PM 79360]
S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\System32\drivers\DNIMP50.sys [12/17/2008 7:36 PM 21504]
S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\System32\drivers\DNISP50.sys [12/17/2008 7:36 PM 20480]
S3 ksaud;Creative USB Audio Driver;c:\windows\System32\drivers\ksaud.sys [4/15/2009 4:18 PM 802176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [6/29/2009 7:39 PM 38160]
S3 WG111T;NETGEAR WG111T USB2.0 Wireless Card Service;c:\windows\System32\drivers\WG111Tv.sys [12/17/2008 7:36 PM 870400]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
- - - - ORPHANS REMOVED - - - -

BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
HKLM-RunOnce-<NO NAME> - (no file)


.
------- Supplementary Scan -------
.
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 23:23
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1682151744-824349937-1028286411-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{73CA219F-6E2B-D6E1-875A-C6BE2B3ABB66}*]
"bbffdpbobphkjempjpoabfccpjelgkghbfel"=hex:61,62,6d,62,6b,6b,63,62,62,68,6b,66,
66,68,6e,67,61,64,61,69,67,6b,6b,6d,70,65,6f,6f,69,6a,6e,6d,69,6d,00,76
"abffdpbobphkjempjphcahbpkjhgenighk"=hex:61,62,68,63,6b,6a,70,68,65,69,63,70,
67,69,66,68,6d,67,6b,66,67,70,6e,6c,6d,61,6d,6a,67,64,63,6f,68,6a,00,76
.
Completion time: 2009-07-01 23:24
ComboFix-quarantined-files.txt 2009-07-01 03:23

Pre-Run: 24,150,081,536 bytes free
Post-Run: 24,098,639,872 bytes free

289
Upload was successful

Hi, ganusch

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure the following is checked.
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply.

Upgrading Java:

• Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 14.
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u14-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u14-windows-i586.exe and select "Run as an Administrator.")

Also let me know of any difference in performance?

I can't uninstall/install Java because I can't use Windows Installer in safe mode, and I can't run un-safe mode for long enough before it crashes. Performance hasn't really changed; I still get the Services and Controller app error and the automatic restart notification. The only new thing is just now I got a popup with "AcroDist.exe has stopped working." So whatever that means...

Can you please post a screenshot of those errors for me.

• You can do this by pressing the PrintScreen key.
• Then go to Start > All Programs > Accessories > Paint
• In Paint, go up to Edit > Paste
• Then Go up to File > Save As. Click the drop-down box to change the "Save As Type" to "JPEG", name it what you want, and save it where you want.
• Then click Add Reply in this topic.
• Click the Browse button.
• Locate the file you just saved, click on it, then click Open.
• Click Add This Attachment.