Request for malware removal assistance

[maine]

OK,
here is the combofix log! Thank you

ComboFix 10-01-14.02 - Mary Kate 01/19/2010  16:04:57.5.1 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.1.1033.18.958.448 [GMT -5:00]
Running from: c:\users\Mary Kate\Downloads\ComboFix.exe
Command switches used :: c:\users\Mary Kate\Desktop\CFScript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((   Files Created from 2009-12-19 to 2010-01-19  )))))))))))))))))))))))))))))))
.

2010-01-19 21:18 . 2010-01-19 21:27   --------   d-----w-   c:\users\Mary Kate\AppData\Local\temp
2010-01-19 21:18 . 2010-01-19 21:18   --------   d-----w-   c:\users\Sega\AppData\Local\temp
2010-01-19 21:18 . 2010-01-19 21:18   --------   d-----w-   c:\users\Public\AppData\Local\temp
2010-01-19 21:18 . 2010-01-19 21:18   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-01-19 21:18 . 2010-01-19 21:18   --------   d-----w-   c:\users\Guest\AppData\Local\temp
2010-01-19 21:02 . 2010-01-19 21:02   --------   d-----w-   C:\32788R22FWJFW
2010-01-19 02:49 . 2010-01-19 02:49   --------   d-----w-   c:\program files\ESET
2010-01-13 03:53 . 2010-01-13 03:53   --------   d-----w-   c:\windows\system32\config\systemprofile\{1d30e7a1-2a41-43cc-b339-46892ab7ddfd}
2010-01-12 23:50 . 2009-10-19 14:42   156672   ----a-w-   c:\windows\system32\t2embed.dll
2010-01-12 23:50 . 2009-10-19 14:39   24064   ----a-w-   c:\windows\system32\lpk.dll
2010-01-12 23:50 . 2009-10-19 14:37   72704   ----a-w-   c:\windows\system32\fontsub.dll
2010-01-12 23:50 . 2009-10-19 14:37   10240   ----a-w-   c:\windows\system32\dciman32.dll
2010-01-12 23:50 . 2009-10-19 14:36   34304   ----a-w-   c:\windows\system32\atmlib.dll
2010-01-12 23:50 . 2009-10-19 11:45   289792   ----a-w-   c:\windows\system32\atmfd.dll
2010-01-12 22:59 . 2010-01-12 22:59   --------   d-----w-   c:\users\Mary Kate\AppData\Local\{6BAF7A6F-C530-45D9-9789-ECFAF9BFDDF2}
2010-01-11 18:09 . 2010-01-11 18:10   --------   d-----w-   c:\users\Mary Kate\AppData\Local\{A8FFFAA9-FE10-424E-A3EB-69CCF85B4075}
2010-01-10 23:05 . 2007-08-29 03:06   542720   ----a-w-   c:\windows\system32\sysmain.dll
2010-01-10 23:04 . 2007-09-11 02:20   356864   ----a-w-   c:\windows\system32\MediaMetadataHandler.dll
2010-01-10 23:04 . 2009-08-31 15:16   428032   ----a-w-   c:\windows\system32\EncDec.dll
2010-01-10 23:04 . 2009-08-31 15:21   292352   ----a-w-   c:\windows\system32\psisdecd.dll
2010-01-10 23:04 . 2009-08-31 15:17   1244672   ----a-w-   c:\windows\system32\mcmde.dll
2010-01-10 23:04 . 2007-10-26 11:14   211000   ----a-w-   c:\windows\system32\drivers\volsnap.sys
2010-01-10 23:04 . 2008-01-19 05:08   109624   ----a-w-   c:\windows\system32\drivers\ataport.sys
2010-01-10 23:04 . 2008-01-19 05:07   45112   ----a-w-   c:\windows\system32\drivers\pciidex.sys
2010-01-10 23:04 . 2008-01-19 05:06   21560   ----a-w-   c:\windows\system32\drivers\atapi.sys
2010-01-10 23:04 . 2008-01-19 05:06   15928   ----a-w-   c:\windows\system32\drivers\pciide.sys
2010-01-10 23:04 . 2008-01-19 03:06   154624   ----a-w-   c:\windows\system32\drivers\nwifi.sys
2010-01-10 23:04 . 2008-10-21 05:16   1645568   ----a-w-   c:\windows\system32\connect.dll
2010-01-10 23:02 . 2009-08-29 03:41   1686528   ----a-w-   c:\windows\system32\gameux.dll
2010-01-10 23:02 . 2009-08-29 03:40   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2010-01-10 23:02 . 2009-08-28 23:31   4247552   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-10 22:58 . 2007-01-26 03:00   974336   ----a-w-   c:\windows\system32\crypt32.dll
2010-01-10 22:56 . 2009-09-10 15:29   311296   ----a-w-   c:\windows\system32\unregmp2.exe
2010-01-10 22:56 . 2009-09-10 17:39   7680   ----a-w-   c:\windows\system32\spwmp.dll
2010-01-10 22:55 . 2009-09-10 17:40   4096   ----a-w-   c:\windows\system32\dxmasf.dll
2010-01-10 22:55 . 2009-09-10 15:29   8147968   ----a-w-   c:\windows\system32\wmploc.DLL
2010-01-10 22:01 . 2010-01-10 22:01   --------   d-----w-   c:\users\Mary Kate\AppData\Local\{C6E8522D-C5C1-4F4B-89A5-77A2C5760C1F}
2010-01-10 18:58 . 2010-01-10 18:58   --------   d-----w-   c:\users\Mary Kate\AppData\Local\{9E06EAA5-533A-4F87-B916-9597182D73BE}
2010-01-10 12:49 . 2010-01-10 12:49   --------   d-----w-   c:\users\Mary Kate\AppData\Local\{2FADB93F-5DB7-4BD9-A96D-E633F27F0DDF}
2010-01-10 06:36 . 2010-01-10 06:36   --------   d-----w-   c:\users\Mary Kate\AppData\Local\{0B3977F2-E717-4456-BD6B-947A79D1F1E8}
2010-01-10 03:34 . 2010-01-10 03:34   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2010-01-10 03:33 . 2010-01-10 03:34   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-01-10 03:33 . 2010-01-10 03:33   --------   d-----w-   c:\users\Mary Kate\AppData\Roaming\SUPERAntiSpyware.com
2010-01-10 03:31 . 2010-01-10 03:31   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-01-09 23:53 . 2010-01-09 23:53   --------   d-----w-   c:\users\Mary Kate\AppData\Local\{478113E6-71FE-4C2A-AEC3-0AD2E4930CD7}
2010-01-09 21:09 . 2010-01-09 21:09   --------   d-----w-   c:\users\Mary Kate\AppData\Local\{9B2F4782-907F-4245-B4EA-2B37CE798041}
2010-01-09 17:38 . 2010-01-09 17:38   --------   d-----w-   c:\users\Mary Kate\AppData\Local\{F5FF984D-C90C-488B-B3E8-5FB4C604CA40}
2010-01-09 17:13 . 2010-01-09 17:13   --------   d-----w-   c:\users\Mary Kate\AppData\Roaming\Malwarebytes
2010-01-09 17:13 . 2010-01-07 21:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-09 17:12 . 2010-01-09 17:12   --------   d-----w-   c:\programdata\Malwarebytes
2010-01-09 17:12 . 2010-01-09 17:13   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-01-09 17:12 . 2010-01-07 21:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-01-09 16:20 . 2010-01-09 16:20   --------   d-----w-   c:\users\Mary Kate\AppData\Local\{11C626D8-64DD-4B50-BE50-F6A91DD40781}
2010-01-09 16:08 . 2010-01-09 16:07   411368   ----a-w-   c:\windows\system32\deploytk.dll
2010-01-09 14:39 . 2010-01-09 14:39   --------   d-----w-   c:\users\Mary Kate\AppData\Local\{223AC774-2053-4D95-A2BA-19D17C2633F8}
2010-01-08 15:30 . 2010-01-08 15:30   --------   d-----w-   c:\users\Mary Kate\AppData\Local\{63F192F2-6498-43DF-B8A6-A4F8D2DE063C}
2010-01-07 22:29 . 2010-01-07 22:29   --------   d-----w-   c:\users\Mary Kate\AppData\Local\{2188F2C8-523D-42AB-BA98-DA8275A137E1}
2010-01-07 16:30 . 2010-01-07 22:21   --------   d-----w-   c:\program files\Windows Live Safety Center
2010-01-07 01:39 . 2010-01-07 01:39   --------   d-----w-   c:\users\Mary Kate\AppData\Local\{8B0F77DB-0DB8-4628-9DF8-C434ACC6443F}
2010-01-06 17:43 . 2010-01-06 18:09   --------   d-----w-   c:\users\Mary Kate\AppData\Local\ElevatedDiagnostics
2010-01-06 17:38 . 2010-01-06 17:38   --------   d-----w-   c:\program files\Microsoft ATS
2010-01-04 04:49 . 2010-01-04 04:49   --------   d-----w-   c:\users\Mary Kate\AppData\Local\{17F531F5-BD41-438B-805F-EAD27BE2352D}
2010-01-03 04:16 . 2010-01-12 22:59   0   ----a-w-   c:\users\Mary Kate\AppData\Local\Tkuki.bin
2010-01-03 04:16 . 2010-01-11 23:01   120   ----a-w-   c:\users\Mary Kate\AppData\Local\Amupova.dat
2010-01-03 01:33 . 2010-01-03 01:33   --------   d-----w-   c:\program files\Belkin
2010-01-03 01:32 . 2010-01-09 17:37   --------   d-----w-   c:\windows\{D9FAE986-A4C1-4A2D-8B20-60F92F4222AD}

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 21:00 . 2009-12-03 02:50   --------   d-----w-   c:\program files\Trend Micro
2010-01-19 20:03 . 2007-05-28 01:12   25515   ----a-w-   c:\users\Mary Kate\AppData\Roaming\nvModes.dat
2010-01-14 16:12 . 2009-10-02 20:48   181120   ------w-   c:\windows\system32\MpSigStub.exe
2010-01-13 15:44 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2010-01-11 17:59 . 2006-11-02 12:37   --------   d-----w-   c:\program files\Windows Calendar
2010-01-11 17:58 . 2006-11-02 12:37   --------   d-----w-   c:\program files\Windows Defender
2010-01-10 02:46 . 2007-06-04 21:59   --------   d-----w-   c:\programdata\Viewpoint
2010-01-09 16:07 . 2007-01-19 01:10   --------   d-----w-   c:\program files\Java
2010-01-07 22:31 . 2007-05-27 15:11   92456   ----a-w-   c:\users\Mary Kate\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-03 01:34 . 2007-01-19 00:10   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-12-20 00:21 . 2009-12-20 00:20   --------   d-----w-   c:\users\Mary Kate\AppData\Roaming\GTek
2009-12-19 00:49 . 2008-11-04 03:46   1356   ----a-w-   c:\users\Mary Kate\AppData\Local\d3d9caps.dat
2009-12-13 15:18 . 2007-06-04 20:40   20274   ----a-w-   c:\users\Mary Kate\AppData\Roaming\wklnhst.dat
2009-12-12 23:30 . 2009-12-12 22:34   --------   d-----w-   c:\programdata\Lavasoft
2009-12-12 22:35 . 2009-12-12 22:17   --------   dc-h--w-   c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2009-12-12 22:34 . 2009-12-12 22:34   --------   d-----w-   c:\program files\Lavasoft
2009-12-11 02:17 . 2009-12-11 02:17   --------   dc----w-   c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-11 01:30 . 2009-12-11 01:30   --------   d-----w-   c:\programdata\AVP 2009
2009-12-03 02:34 . 2008-08-28 17:17   --------   d-----w-   c:\programdata\avg8
2009-12-02 13:19 . 2009-12-12 23:30   64288   ----a-w-   c:\windows\system32\drivers\Lbd.sys
2009-12-02 13:19 . 2009-12-13 07:34   15880   ----a-w-   c:\windows\system32\lsdelete.exe
2009-11-09 13:34 . 2009-12-11 03:12   24064   ----a-w-   c:\windows\system32\nshhttp.dll
2009-11-09 13:30 . 2009-12-11 03:11   31232   ----a-w-   c:\windows\system32\httpapi.dll
2009-11-09 11:17 . 2009-12-11 03:11   396800   ----a-w-   c:\windows\system32\drivers\http.sys
2009-10-29 07:59 . 2009-12-02 04:41   2048   ----a-w-   c:\windows\system32\tzres.dll
2009-10-27 15:05 . 2009-12-11 02:35   832512   ----a-w-   c:\windows\system32\wininet.dll
2009-10-27 15:01 . 2009-12-11 02:35   56320   ----a-w-   c:\windows\system32\iesetup.dll
2009-10-27 15:01 . 2009-12-11 02:35   78336   ----a-w-   c:\windows\system32\ieencode.dll
2009-10-27 14:59 . 2009-12-11 02:35   72704   ----a-w-   c:\windows\system32\admparse.dll
2009-10-27 12:27 . 2009-12-11 02:35   26624   ----a-w-   c:\windows\system32\ieUnatt.exe
2009-10-27 10:56 . 2009-12-11 02:35   48128   ----a-w-   c:\windows\system32\mshtmler.dll
2007-06-28 20:43 . 2007-06-28 20:43   774144   ----a-w-   c:\program files\RngInterstitial.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-15 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-01-17 1006264]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-27 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-27 7757824]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-03 167936]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
"KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe [2007-1-18 34520]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 02:16   39792   ----a-w-   c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
2007-04-03 13:54   753664   ----a-w-   c:\windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-06-02 15:13   267048   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 14:50   413696   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-01-19 01:11   77824   ----a-w-   c:\program files\Java\jre1.6.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-06-15 23:11   185896   ----a-w-   c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2009-09-04 17:16   158448   ----a-w-   c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [12/12/2009 6:30 PM 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [4/5/2007 10:29 AM 208896]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [3/22/2007 6:04 PM 9728]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 8:19 AM 1181328]
R2 MSSQL$CSSQL05;SQL Server (CSSQL05);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2/10/2007 3:29 AM 29178224]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [1/29/2007 8:56 PM 451072]
S3 rcmirror;rcmirror;c:\windows\System32\drivers\rcmirror.sys [12/14/2007 12:48 PM 5120]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\System32\drivers\TM_CFW.sys [4/20/2007 5:44 PM 307984]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Mary Kate\AppData\Roaming\Mozilla\Firefox\Profiles\8eegdjyd.default\
FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll
FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\ChemDraw\NPCDP32.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\users\Mary Kate\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\users\Mary Kate\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 16:25
Windows 6.0.6000  NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\System32\rundll32.exe
c:\program files\Mouse Driver\KMConfig.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Mouse Driver\KMProcess.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Zune\ZuneNss.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\lpremove.exe
c:\windows\system32\lpksetup.exe
.
**************************************************************************
.
Completion time: 2010-01-19  16:42:02 - machine was rebooted
ComboFix-quarantined-files.txt  2010-01-19 21:41
ComboFix2.txt  2010-01-14 23:27
ComboFix3.txt  2010-01-14 22:25
ComboFix4.txt  2010-01-13 17:42
ComboFix5.txt  2010-01-19 21:02

Pre-Run: 34,275,840,000 bytes free
Post-Run: 34,208,948,224 bytes free

- - End Of File - - 2190D2E7CF078A1962618EFEA1D5FC2A

[SuperDave]

Download GMER Rootkit Detector and save it your desktop.
 
* Extract it to your desktop and double-click GMER.exe
* Make sure all of the boxes on the right of the screen are checked, EXCEPT for "Show All".
* Click the Rootkit tab and then Scan.
* Don't check the Show All box while scanning in progress!
* When scanning is finished click Copy.
* This copies the log to clipboard
* Post the log in your reply.

[maine]

Hi, I tried doing the gmer rootkit scan twice.  Both times I got the crash dump blue screen after more than an hour.  It said: page_fault_nonpage_area

[SuperDave]

That's about the third time that has happened. I'll have to check what's wrong with the program. I'll be back.

[maine]

OK, thank you

[SuperDave]

Try running this before the GMer Rootkit scan to see if it makes any difference. BTW, I tried Gmer on my computer. It ran ok but I stopped it in mid-scan. When I tried to save the log, it froze my computer.

Download DeFogger by jpshortstuffand save it to your desktop.
 
* Double click DeFogger.exe to run the tool.
* The application window will appear.
* Click the Disable button to disable your CD Emulation drivers
* Click Yes to continue.
* A 'Finished!' message will appear.
* Click OK.
* DeFogger will now ask to reboot the machine...click OK.
 
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
 
Do not re-enable these drivers until otherwise instructed.

To re-enable your Emulation drivers, double click DeFogger to run the tool.

* The application window will appear.
* Click the Re-enable button to re-enable your CD Emulation drivers.
* Click Yes to continue.
* A 'Finished!' message will appear.
* Click OK
* DeFogger will now ask to reboot the machine, click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

[maine]

Sadly, that did not work.  I followed the defogger steps, but when I ran gmer, I got the blue screen again.
Page_fault_in_nonpaged_area
0x00000050 (0x8C800000B, 0x00000000, 0x9583oF60, 0x00000000)
Thanks

[SuperDave]

Ok. Follow the directions to re-enable your emulation drivers as described in the previous post. I'll check this out further and be back when I have more information.

[maine]

OK!

[SuperDave]

How is your computer working now? Any redirects?

[maine]

I've been the internet pretty frequently over the last couple of days and have not stumbled across any redirects, which is great. I've also noticed a couple other minor problems I was having have disappeared. 

[SuperDave]

Ok. If there are no other issues we'll do some clean-up. You can uninstall HJT, delete Defogger, Gmer Rootkit detector and ESET. You can keep SAS and MBAM. Update them and run them about once a week depending on your internet activity.
-----------------------------------------------------------------------------------------------------------------------
* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.
-------------------------------------------------------------------------------------------------
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
----------------------------------------------------------------------------------------------------------
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
Safe Surfing!

[maine]

OK, thanks a lot for all of your help!!