Inactive Issues w/google searches getting redirected

[igneous]

Here are my log files, any help in letting me know what to do would be deeply appreciated...
1. mbam.log
2. gmer.log
3. attach.txt
4. DDS.txt




Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5406

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/27/2010 9:16:43 PM
mbam-log-2010-12-27 (21-16-43).txt

Scan type: Quick scan
Objects scanned: 140026
Time elapsed: 3 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{E4BCA08E-97A8-2A48-535A-EEAEABEBB426} (Trojan.Tracur.S) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4BCA08E-97A8-2A48-535A-EEAEABEBB426} (Trojan.Tracur.S) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E4BCA08E-97A8-2A48-535A-EEAEABEBB426} (Trojan.Tracur.S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RTHDBPL (Trojan.Agent) -> Value: RTHDBPL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dskquouiwow.exe (Trojan.TracurW.Gen) -> Value: dskquouiwow.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur.S) -> Bad: (C:\ProgramData\api-ms-win-core-interlocked-l1-1-032.dll) Good: () -> Quarantined and deleted successfully.

Folders Infected:
c:\programdata\146591905 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
c:\programdata\api-ms-win-core-interlocked-l1-1-032.dll (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\programdata\asycfilt32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\A3E4.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\Windows\System32\asycfilt32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\Windows\System32\migisol32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\Windows\System32\020000007109f9931076c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\020000007109f9931076o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\020000007109f9931076p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\020000007109f9931076s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\gnuhashes.ini (Trojan.Tracur) -> Quarantined and deleted successfully.

 

[crunchie]

Hi and welcome to TechSpot forums .

====

You have only posted the MBA-M log.

Please post the others.

 

[igneous]

Yes, the other 3 are on my home pc (it's the one with issues). I'll reply to original and post other logs tonite....Thanks and happy holidays!

 

[igneous]

the rest (labeled)

(gmer):

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-27 22:00:18
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD3200AAJS-00RYA0 rev.12.01B01
Running: rw3jzlp6.exe; Driver: C:\Users\bday\AppData\Local\Temp\kxldqpob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E8A599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EAEF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74122494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74105624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741056E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7412250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74118573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74114D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [741150CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [741151A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [741166D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [741182CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74118819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7411907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7411E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74114C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000043 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

(ATTACH.txt):

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/5/2010 10:49:46 PM
System Uptime: 12/27/2010 9:31:50 PM (1 hours ago)

Motherboard: Intel Corporation | | D945GCCRG1
Processor: Genuine Intel(R) CPU 2140 @ 1.60GHz | LGA 775 | 1600/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 288 GiB total, 137.38 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.504 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB MS Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#920321111113&3#
Manufacturer: Generic
Name: J:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#920321111113&3#
Service: WUDFRd

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB SD Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#920321111113&0#
Manufacturer: Generic
Name: G:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#920321111113&0#
Service: WUDFRd

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB SM Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#920321111113&2#
Manufacturer: Generic
Name: I:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#920321111113&2#
Service: WUDFRd

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB CF Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#920321111113&1#
Manufacturer: Generic
Name: H:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#920321111113&1#
Service: WUDFRd

==== System Restore Points ===================

RP13: 10/27/2010 3:00:12 AM - Windows Update
RP14: 10/28/2010 3:00:11 AM - Windows Update
RP15: 11/4/2010 9:22:42 PM - Scheduled Checkpoint
RP16: 11/10/2010 9:02:53 PM - Windows Update
RP17: 11/17/2010 11:02:07 PM - Scheduled Checkpoint
RP18: 11/25/2010 3:00:25 AM - Windows Update
RP19: 12/1/2010 8:14:25 PM - Removed AVG Free 8.5
RP20: 12/1/2010 8:19:06 PM - Removed AVG Free 8.5
RP21: 12/1/2010 8:31:24 PM - Installed AVG Free 8.5
RP22: 12/8/2010 11:44:59 PM - Scheduled Checkpoint
RP23: 12/9/2010 11:27:44 PM - Removed Ask Toolbar.
RP25: 12/10/2010 4:34:11 PM - Configured NETGEAR MA111v2 802.11b Wireless USB Adapter
RP26: 12/10/2010 4:34:55 PM - Removed Ask Toolbar.
RP27: 12/27/2010 12:27:36 PM - Scheduled Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Auslogics Disk Defrag
AVG Free 8.5
Avira AntiVir Personal - Free Antivirus
Belarc Advisor 8.1
Bing Bar
Bonjour
BPD_Scan
BPDSoftware
Browser Address Error Redirector
BufferChm
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.4
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities WFT-E1/E2/E3 Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Creative Memories Memory Manager 2
Creative Memories StoryBook Creator Plus
Digital Media Reader
EOS USB WIA Driver
eSupportQFolder
Eusing Free Registry Cleaner
Fax
Gateway Connect
Gateway Recovery Center Installer
Google Chrome
HP Photosmart Essential
HP Solution Center 8.0
HPProductAssistant
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) SE Runtime Environment 6 Update 1
LoudMo Contextual Ad Assistant
Magical Jelly Bean KeyFinder
Malwarebytes' Anti-Malware
Memory Manager Shared Components Update
Microsoft .NET Framework 4 Client Profile
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Money 2006
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Move Media Player
Mozilla Firefox (3.5.9)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Napster Burn Engine
NETGEAR MA111v2 802.11b Wireless USB Adapter
NETGEAR WG311v3 PCI Adapter
Norton Security Scan
Photodex Presenter
Pivot Stickfigure Animator
Power2Go 5.0
PS2 Multimedia Keyboard Driver
QuickTime
Realtek High Definition Audio Driver
Scan
ShotOnline International
Soft Data Fax Modem with SmartCP
SolutionCenter
SopCast 3.2.4
Spybot - Search & Destroy
System Requirements Lab
Toolbox
U3Launcher
Veetle TV 0.9.18
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
vShare Plugin
WebReg
Win7codecs
Windows 7 Upgrade Advisor
World of Warcraft
XnView 1.91.6

==== Event Viewer Messages From Past Week ========

12/27/2010 9:43:54 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy7.
12/27/2010 9:43:52 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy6.
12/27/2010 9:43:51 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy5.
12/27/2010 9:43:49 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy4.
12/27/2010 9:43:48 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy2.
12/27/2010 9:43:46 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy1.
12/27/2010 9:33:51 PM, Error: Service Control Manager [7023] - The HP CUE DeviceDiscovery Service service terminated with the following error: %%-2147467259
12/27/2010 9:33:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
12/27/2010 9:33:49 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
12/27/2010 9:32:23 PM, Error: Service Control Manager [7001] - The AVG Free8 E-mail Scanner service depends on the AVG Free8 WatchDog service which failed to start because of the following error: The service has returned a service-specific error code.
12/27/2010 9:32:22 PM, Error: Service Control Manager [7024] - The AVG Free8 WatchDog service terminated with service-specific error %%-536805315.
12/27/2010 9:32:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x82ea4efe, 0xafdb8a44, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122710-25771-01.
12/27/2010 9:31:54 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
12/27/2010 1:32:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
12/27/2010 1:31:53 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/27/2010 1:31:34 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================
(DDS.txt):



DDS (Ver_10-12-12.02) - NTFSx86
Run by bday at 22:02:28.68 on Mon 12/27/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2037.895 [GMT -6:00]

AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wuauclt.exe
C:\Users\bday\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bday\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bday\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\bday\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = about:blank
uSearch Page = about:blank
uStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5464
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5464
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = about:blank
mSearchAssistant = about:blank
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\search toolbar\tbhelper.dll
mURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\search toolbar\tbhelper.dll
BHO: {02305016-e4cc-4eaa-8458-569ff11bff67} - c:\windows\system32\api-ms-win-core-interlocked-l1-1-032.dll
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\search toolbar\tbcore3.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} - c:\program files\search toolbar\tbcore3.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\bday\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [CHotkey] zHotkey.exe
mRun: [ModPS2] ModPS2Key.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ShowWnd] ShowWnd.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ma111c~1.lnk - c:\program files\netgear\ma111v2 usb adapter\MA111v2.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311v3\wlancfg5.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83}
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0}
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7}
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\bday\appdata\roaming\mozilla\firefox\profiles\b3089tn5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://bing.zugo.com/?cfg=2-76-0-TcDj
FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=
FF - component: c:\users\bday\appdata\roaming\mozilla\firefox\profiles\b3089tn5.default\extensions\{896642e4-c556-4ed3-85d1-9ac431603e7d}\components\Engine.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\users\bday\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\bday\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\bday\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\users\bday\appdata\roaming\mozilla\plugins\npPxPlay.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: LoudMo Contextual Ad Assistant: {f2935609-24e8-14ec-f6b8-35a27d6c1004} - c:\program files\mozilla firefox\extensions\{f2935609-24e8-14ec-f6b8-35a27d6c1004}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XUL Cache: {483f8f2c-2cf1-408c-9ecf-46dffff018d1} - %profile%\extensions\{483f8f2c-2cf1-408c-9ecf-46dffff018d1}

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-1 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-8 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-8 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-30 108552]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-9 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-9 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-9 61960]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\program files\avg\avg8\avgemc.exe --> c:\program files\avg\avg8\avgemc.exe [?]
S2 avg8wd;AVG Free8 WatchDog;c:\program files\avg\avg8\avgwdsvc.exe --> c:\program files\avg\avg8\avgwdsvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-7 1343400]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; [x]

=============== Created Last 30 ================

2010-12-27 19:33:26 -------- d-----w- c:\program files\iPod
2010-12-27 19:33:22 -------- d-----w- c:\program files\iTunes
2010-12-27 19:31:25 -------- d-----w- c:\program files\Bonjour
2010-12-27 18:04:29 176488 ----a-w- c:\progra~2\microsoft\windows\sqm\manifest\Sqm10136.bin
2010-12-11 05:51:38 -------- d-----w- c:\users\bday\appdata\roaming\PC Tools
2010-12-11 05:51:38 -------- d-----w- c:\program files\PC Tools Security
2010-12-11 05:51:38 -------- d-----w- c:\program files\common files\PC Tools
2010-12-11 05:48:17 -------- d-----w- c:\progra~2\PC Tools
2010-12-11 04:56:23 -------- d-----w- c:\progra~2\MFAData
2010-12-09 03:05:28 -------- d-----w- c:\program files\Trend Micro
2010-11-30 22:56:23 -------- d-sh--w- c:\progra~2\SysWoW32
2010-11-30 22:56:06 -------- d-sh--w- c:\progra~2\C767B469B60C99B79819980C0727220D
2010-11-30 22:56:04 203776 --sh--w- c:\progra~2\unrar.exe
2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-10-07 18:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 18:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 18:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-10 03:45:21 44089904 ----a-w- c:\program files\avira_antivir_personal_en.exe
2010-05-06 03:51:23 7966432 ----a-w- c:\program files\runalyz-1.6.1.24.exe
2010-04-03 23:01:55 11048840 ----a-w- c:\program files\veetle-0.9.17.exe

============= FINISH: 22:03:18.45 ===============

Thanks for taking time to help. Please let me know next steps.

 

[crunchie]

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply.
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

 

[igneous]

combofix:

ComboFix 10-12-28.01 - bday 12/28/2010 19:46:37.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2037.1117 [GMT -6:00]
Running from: c:\users\bday\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\feed.txt
c:\program files\RegGenie
c:\program files\RegGenie\Backups\40085.8343557176
c:\program files\RegGenie\RegGenie.ini
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\tbcore3.dll
c:\program files\Search Toolbar\tbhelper.dll
c:\program files\Search Toolbar\uninstall.exe
c:\program files\Search Toolbar\update.exe
c:\programdata\SysWoW32
c:\programdata\SysWoW32\_u1624567196v0
c:\programdata\SysWoW32\_u1624567196v1
c:\programdata\SysWoW32\_u1624567196v2
c:\programdata\SysWoW32\_u1624567196v3
c:\programdata\SysWoW32\mu1624567196v4.kwd
c:\programdata\SysWoW32\mu1624567196v5.kwd
c:\programdata\SysWoW32\mu1624567196v6.kwd
c:\programdata\SysWoW32\mu1624567196v7.kwd
c:\programdata\SysWoW32\wu1624567196v0
c:\programdata\SysWoW32\wu1624567196v0.kwd
c:\programdata\SysWoW32\wu1624567196v1
c:\programdata\SysWoW32\wu1624567196v1.kwd
c:\programdata\SysWoW32\wu1624567196v2
c:\programdata\SysWoW32\wu1624567196v2.kwd
c:\programdata\SysWoW32\wu1624567196v3
c:\programdata\SysWoW32\wu1624567196v3.kwd
c:\programdata\unrar.exe
c:\programdata\windows
c:\users\bday\AppData\Roaming\Mozilla\Firefox\Profiles\b3089tn5.default\extensions\{483f8f2c-2cf1-408c-9ecf-46dffff018d1}
c:\users\bday\AppData\Roaming\Mozilla\Firefox\Profiles\b3089tn5.default\extensions\{483f8f2c-2cf1-408c-9ecf-46dffff018d1}\chrome.manifest
c:\users\bday\AppData\Roaming\Mozilla\Firefox\Profiles\b3089tn5.default\extensions\{483f8f2c-2cf1-408c-9ecf-46dffff018d1}\chrome\xulcache.jar
c:\users\bday\AppData\Roaming\Mozilla\Firefox\Profiles\b3089tn5.default\extensions\{483f8f2c-2cf1-408c-9ecf-46dffff018d1}\defaults\preferences\xulcache.js
c:\users\bday\AppData\Roaming\Mozilla\Firefox\Profiles\b3089tn5.default\extensions\{483f8f2c-2cf1-408c-9ecf-46dffff018d1}\install.rdf
c:\windows\system32\BSTIEPrintCtl1.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-29 )))))))))))))))))))))))))))))))
.

2010-12-29 01:53 . 2010-12-29 01:53 -------- d-----w- c:\users\bday\AppData\Local\temp
2010-12-29 01:53 . 2010-12-29 01:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-29 01:43 . 2010-12-29 01:44 -------- d-----w- C:\32788R22FWJFW
2010-12-27 19:33 . 2010-12-27 19:33 -------- d-----w- c:\program files\iPod
2010-12-27 19:33 . 2010-12-27 19:33 -------- d-----w- c:\program files\iTunes
2010-12-27 19:31 . 2010-12-27 19:31 -------- d-----w- c:\program files\Bonjour
2010-12-27 18:04 . 2010-12-27 18:04 176488 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10136.bin
2010-12-27 17:49 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-27 17:48 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-27 17:45 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-27 17:45 . 2010-11-02 04:40 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-12-27 17:45 . 2010-11-02 04:39 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-27 17:45 . 2010-11-02 04:40 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-27 17:45 . 2010-11-02 04:34 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-12-27 17:45 . 2010-11-02 04:34 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-12-27 17:41 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-27 17:41 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-27 17:41 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-27 17:41 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-27 17:41 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-12-27 17:38 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-11 05:51 . 2010-12-27 18:59 -------- d-----w- c:\program files\PC Tools Security
2010-12-11 05:51 . 2010-12-27 18:59 -------- d-----w- c:\program files\Common Files\PC Tools
2010-12-11 05:51 . 2010-12-11 05:51 -------- d-----w- c:\users\bday\AppData\Roaming\PC Tools
2010-12-11 05:48 . 2010-12-27 18:59 -------- d-----w- c:\programdata\PC Tools
2010-12-11 04:56 . 2010-12-11 04:56 -------- d-----w- c:\programdata\MFAData
2010-12-09 03:05 . 2010-12-09 03:05 -------- d-----w- c:\program files\Trend Micro
2010-11-30 22:56 . 2010-12-27 17:35 -------- d-sh--w- c:\programdata\C767B469B60C99B79819980C0727220D
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-27 17:34 . 2010-05-10 03:49 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-21 00:09 . 2010-05-22 23:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2010-05-22 23:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-22 23:11 . 2010-05-10 03:49 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-07 18:23 . 2010-10-07 18:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 18:23 . 2010-10-07 18:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 18:23 . 2010-10-07 18:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-10 03:45 . 2010-05-10 03:44 44089904 ----a-w- c:\program files\avira_antivir_personal_en.exe
2010-05-06 03:51 . 2010-05-06 03:51 7966432 ----a-w- c:\program files\runalyz-1.6.1.24.exe
2010-04-03 23:01 . 2010-04-03 23:01 11048840 ----a-w- c:\program files\veetle-0.9.17.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"Google Update"="c:\users\bday\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-11 133104]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-15 524632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"CHotkey"="zHotkey.exe" [2006-11-07 547840]
"ModPS2"="ModPS2Key.exe" [2006-11-07 53248]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]
"ShowWnd"="ShowWnd.exe" [2005-01-27 36864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MA111 Configuration Utility.lnk - c:\program files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe [2004-5-28 421888]
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2007-3-5 1679360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKLM\~\startupfolder\C:^Users^bday^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LaunchU3.exe.lnk]
backup=c:\windows\pss\LaunchU3.exe.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^bday^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-08-30 721904]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\program files\AVG\AVG8\avgemc.exe [x]
R2 avg8wd;AVG Free8 WatchDog;c:\program files\AVG\AVG8\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-15 1029456]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-04-28 3436784]
R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-07 1343400]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-06-01 64160]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-23 335240]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-11 108552]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-05 135336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-12-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 23:35]

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-617309455-594879788-2053407963-1000Core(36).job
- c:\users\bday\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-11 04:21]

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-617309455-594879788-2053407963-1000Core.job
- c:\users\bday\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-11 04:21]

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-617309455-594879788-2053407963-1000UA(37).job
- c:\users\bday\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-11 04:21]

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-617309455-594879788-2053407963-1000UA.job
- c:\users\bday\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-11 04:21]

2010-12-29 c:\windows\Tasks\Norton Security Scan for bday.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-24 16:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5464
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\bday\AppData\Roaming\Mozilla\Firefox\Profiles\b3089tn5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://bing.zugo.com/?cfg=2-76-0-TcDj
FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: LoudMo Contextual Ad Assistant: {f2935609-24e8-14ec-f6b8-35a27d6c1004} - c:\program files\Mozilla Firefox\extensions\{f2935609-24e8-14ec-f6b8-35a27d6c1004}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -

BHO-{02305016-E4CC-4EAA-8458-569FF11BFF67} - c:\windows\system32\api-ms-win-core-interlocked-l1-1-032.dll
Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll
WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
AddRemove-AVG8Uninstall - c:\program files\AVG\AVG8\setup.exe
AddRemove-{AB8BDDBF-7965-4476-B9BC-ED8DFD603AA8} - c:\program files\HP\Digital Imaging\{AB8BDDBF-7965-4476-B9BC-ED8DFD603AA8}\setup\hpzscr01.exe



[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-12-28 19:55:35
ComboFix-quarantined-files.txt 2010-12-29 01:55

Pre-Run: 146,247,413,760 bytes free
Post-Run: 146,168,020,992 bytes free

- - End Of File - - DCB60F1BCD9A4C1ED6E5F6404CED3570

 

[crunchie]

How are things now?

==

You are running more than one anti-virus program. You need to uninstall any extras over and above the one AV as they will cause problems running together on the PC.
Another option is to prevent the extra AV's from starting with Windows and use it/them as an on-demand scanner.

==

Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

c:\program files\avira_antivir_personal_en.exe
c:\program files\runalyz-1.6.1.24.exe
c:\program files\veetle-0.9.17.exe