Welcome to TechSpot, torc. I'll try and help you sort this out.
There is one entry in HijackThis that I'd like to address:
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/&s=zbz9iGppTJ3HqhEhD7ww4ypU3KY
This port is used by the Google Desktop's buil-in HTTP server. That port is opened and used by the Google desktop indexing software.
The next entry is overridding this:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
I'd like you to disable the Google Server, then try the system. Leave the second entry for now.
Please temporarily disable the Real Time Proterction:
Spybot Search & Destroy TeaTimer
- Right click the TeaTimer icon in the system Tray
- Then click Exit Spybot-S&D Resident
- (One you are clean you can restart TeaTimer by going to C:\Program Files\Spybot - Search & Destroy, and double clicking on TeaTimer.exe
Following that:
Please download ComboFix
HERE:
- With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
- Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
- Run Combo-Fix.exe and follow the prompts.
(Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
- Wait for the scan to be completed.
- If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Follow with new scan with HijackThis>
paste the new log into your next reply.
Attach the Combofix report in next reply.