Browsers Not Responding

[Clinity]

Whenever I try opening more than one tab in a browser, an error will show up stating that "BROWSER_NAME_HERE has stopped working". Restarting my computer usually alleviates the problem for about half an hour, but then it starts up again.

Before running ERUNT and DDS, I scanned my computer with AVG Free, and found several tracking cookies, but nothing else.

Here's my DDS log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Hurley at 0:26:39.67 on 20/09/2010
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.1015.248 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Hurley\Desktop\dds.com
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\users\hurley\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &??????? ? Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 74.208.105.171 gs.apple.com

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-19 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-19 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-19 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-19 308136]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l260x86.sys [2008-10-16 29184]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-8-16 21504]
R3 netr28;D-Link 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\Dnetr28.sys [2010-8-16 611328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-9-19 431432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-09-20 03:43:05 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-20 03:43:01 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-20 03:42:41 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-20 03:42:22 0 d-----w- c:\windows\system32\drivers\Avg
2010-09-20 03:42:17 0 d-----w- c:\programdata\AVG Security Toolbar
2010-09-19 22:56:05 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2010-09-19 22:56:05 797184 ----a-w- c:\windows\system32\FntCache.dll
2010-09-19 22:56:05 680960 ----a-w- c:\windows\system32\d2d1.dll
2010-09-19 22:56:05 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2010-09-19 22:56:05 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2010-09-19 22:56:05 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-09-19 22:56:05 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-09-19 22:56:05 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-09-19 22:56:05 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2010-09-19 22:56:05 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-09-19 22:56:05 1174528 ----a-w- c:\windows\system32\d3d10warp.dll
2010-09-19 22:56:05 1068032 ----a-w- c:\windows\system32\DWrite.dll
2010-09-19 22:19:21 0 d-----w- c:\program files\Feedback Tool
2010-09-17 23:55:11 0 d-----w- c:\program files\iPod
2010-09-17 03:37:29 0 d-----w- c:\users\hurley\appdata\roaming\Softland
2010-09-17 03:36:57 7549 ----a-w- c:\windows\system32\novap7.ctm
2010-09-17 03:36:57 23368 ----a-w- c:\windows\system32\novamnp7.dll
2010-09-17 03:36:57 20808 ----a-w- c:\windows\system32\novamip7.dll
2010-09-17 03:36:42 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-09-17 03:36:36 0 d-----w- c:\program files\Softland
2010-09-16 07:06:24 172 ----a-w- c:\windows\system32\MRT.INI
2010-09-16 05:20:48 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-16 05:20:25 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-16 05:19:12 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-16 05:18:32 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-15 16:13:20 0 d--h--w- C:\$AVG
2010-09-15 01:58:42 0 d-----w- c:\program files\iPod(76)
2010-09-15 01:58:37 0 d-----w- c:\program files\iTunes(77)
2010-09-15 01:28:59 0 d-----w- c:\program files\AVG
2010-09-15 01:28:42 0 d-----w- c:\programdata\avg9
2010-09-15 00:10:51 0 d-----w- c:\users\hurley\appdata\roaming\BitDefender
2010-09-15 00:10:50 0 d-----w- c:\programdata\BitDefender
2010-09-15 00:10:50 0 d-----w- c:\program files\BitDefender
2010-09-15 00:04:33 0 d-----w- c:\program files\common files\BitDefender
2010-09-11 20:59:25 0 d-----w- c:\program files\DAMN NFO Viewer
2010-09-11 20:32:30 0 d-----w- c:\users\hurley\appdata\roaming\Lionhead Studios
2010-09-11 18:53:46 0 d-----w- c:\program files\Amazon
2010-09-11 15:20:47 0 d-----w- c:\users\hurley\appdata\roaming\Mattel
2010-09-11 15:16:33 0 d-----w- c:\program files\Mattel
2010-09-11 05:29:52 0 d-sh--w- c:\windows\ftpcache
2010-09-11 05:06:55 0 d-----w- c:\programdata\Lionhead Studios
2010-09-11 05:06:55 0 d-----w- c:\program files\Lionhead Studios
2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 08:26:44 0 d-----w- c:\users\hurley\appdata\roaming\blg
2010-09-07 08:26:44 0 d-----w- c:\programdata\blg
2010-09-07 03:45:46 0 d-----w- c:\users\hurley\appdata\roaming\Gamelab
2010-09-06 19:03:40 0 d-----w- c:\programdata\Trymedia
2010-09-06 19:03:40 0 d-----w- c:\programdata\Sandlot Games
2010-09-06 04:18:32 0 d-----w- c:\programdata\TEMP
2010-09-06 04:18:32 0 d-----w- c:\programdata\PlayFirst
2010-09-06 04:15:22 0 d-----w- c:\program files\Games
2010-09-05 06:34:10 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-05 06:34:10 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-09-05 06:33:24 0 d-----w- c:\program files\iTunes
2010-09-05 04:49:33 0 d-----w- c:\program files\Notepad2
2010-09-04 20:46:20 0 d-----w- c:\users\hurley\appdata\roaming\Foxit Software
2010-09-04 20:46:00 0 d-----w- c:\program files\Foxit Software
2010-09-02 04:11:40 0 d-----w- c:\users\hurley\appdata\roaming\Final Draft
2010-09-02 02:21:02 4169728 ----a-r- c:\windows\system32\cdintf400.dll
2010-09-02 02:20:26 0 d-----w- c:\program files\Final Draft Tagger
2010-09-02 02:20:25 0 d-----w- c:\programdata\Final Draft
2010-09-02 02:20:15 0 d-----w- c:\program files\Final Draft 8
2010-09-02 02:18:10 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-09-01 18:27:55 0 d-----w- c:\program files\MSECache
2010-09-01 18:12:34 0 d-----w- c:\windows\PCHEALTH
2010-09-01 18:08:39 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-09-01 18:07:26 0 d-----w- c:\windows\SHELLNEW
2010-09-01 07:05:35 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-09-01 06:49:31 0 d-----w- c:\program files\DAEMON Tools Lite
2010-09-01 06:10:34 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-01 06:09:12 0 d-----w- c:\users\hurley\appdata\roaming\DAEMON Tools Lite
2010-09-01 06:09:09 0 d-----w- c:\programdata\DAEMON Tools Lite
2010-09-01 05:40:58 0 d-----w- c:\programdata\Microsoft Help
2010-08-27 01:52:15 0 d-----w- c:\programdata\regid.1986-12.com.adobe
2010-08-26 22:48:54 884 ----a-w- c:\users\hurley\.recently-used.xbel
2010-08-26 22:48:45 0 d-----w- c:\users\hurley\.thumbnails
2010-08-26 22:41:46 0 d-----w- c:\users\hurley\.gimp-2.6
2010-08-26 22:39:28 0 d-----w- c:\program files\GIMP-2.0
2010-08-25 04:59:23 0 d-----w- c:\program files\CurrPorts
2010-08-24 23:30:13 0 d-----w- c:\programdata\RegInOut
2010-08-24 23:30:06 0 d-----w- c:\windows\RegInOut
2010-08-24 19:08:39 0 d-----w- c:\programdata\Adobe
2010-08-24 16:50:03 101564805 ----a-w- c:\windows\MEMORY.DMP
2010-08-24 16:03:28 0 d-----w- c:\programdata\WindowsSearch
2010-08-23 05:26:48 0 d-----w- c:\programdata\Electronic Arts
2010-08-23 05:09:25 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-08-21 23:52:03 0 d-----w- c:\program files\Fox
2010-08-21 23:51:53 306688 ----a-w- c:\windows\IsUninst.exe

==================== Find3M ====================

2010-09-20 03:25:08 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-09-20 03:25:08 86016 ----a-w- c:\windows\inf\infstor.dat
2010-09-20 03:25:08 51200 ----a-w- c:\windows\inf\infpub.dat
2010-09-16 21:41:32 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-09-16 05:49:59 68316 ----a-w- c:\windows\fonts\BauTF-Regular.otf
2010-09-16 05:48:59 90008 ----a-w- c:\windows\fonts\Airbrake-RoundedOblique.ttf
2010-09-16 05:47:52 12986 ----a-w- c:\windows\fonts\MorganSnPi-Bold.PFB
2010-09-16 05:46:58 33411 ----a-w- c:\windows\fonts\GINGER-L.PFB
2010-09-16 05:46:58 2120 ----a-w- c:\windows\fonts\GINGER-I.pfm
2010-09-16 05:46:53 4008 ----a-w- c:\windows\fonts\Parable-BoldItalic.pfm
2010-09-16 05:46:53 31891 ----a-w- c:\windows\fonts\Parable-BoldItalicExpert.PFB
2010-09-01 04:46:36 1355264 ----a-w- c:\windows\system32\jscript9.dll
2010-09-01 04:44:24 1122304 ----a-w- c:\windows\system32\wininet.dll
2010-09-01 04:44:06 424960 ----a-w- c:\windows\system32\vbscript.dll
2010-09-01 04:43:22 23552 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-01 04:43:12 72704 ----a-w- c:\windows\system32\SetDepNx.exe
2010-09-01 04:43:12 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-01 04:43:12 114176 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-01 04:43:10 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2010-09-01 04:43:10 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2010-09-01 04:42:58 51200 ----a-w- c:\windows\system32\admparse.dll
2010-09-01 04:42:54 75264 ----a-w- c:\windows\system32\iesetup.dll
2010-09-01 04:42:48 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2010-09-01 04:42:42 150016 ----a-w- c:\windows\system32\iexpress.exe
2010-09-01 04:42:42 149504 ----a-w- c:\windows\system32\wextract.exe
2010-09-01 04:42:20 33280 ----a-w- c:\windows\system32\imgutil.dll
2010-09-01 04:42:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2010-09-01 04:42:12 11264 ----a-w- c:\windows\system32\mshta.exe
2010-09-01 04:41:46 160768 ----a-w- c:\windows\system32\msls31.dll
2010-08-24 16:43:54 108888 ----a-w- c:\windows\fonts\Miama.ttf
2010-08-18 23:10:20 76928 ----a-w- c:\windows\fonts\expressway rg.ttf
2010-08-18 05:21:39 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-08-18 05:20:32 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-08-17 22:55:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-08-17 22:37:06 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-08-17 16:55:56 87608 ----a-w- c:\users\hurley\appdata\roaming\inst.exe
2010-08-17 16:55:56 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-08-17 16:55:56 47360 ----a-w- c:\users\hurley\appdata\roaming\pcouffin.sys
2010-08-17 06:18:43 174 --sha-w- c:\program files\desktop.ini
2010-08-17 05:41:51 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-08-17 05:41:39 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-08-16 21:18:45 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-08-16 21:16:23 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-08-16 21:16:23 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-08-16 21:16:23 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-08-16 20:50:28 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-08-16 20:50:27 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-08-16 20:50:27 23552 ----a-w- c:\windows\system32\lpk.dll
2010-08-16 20:50:27 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-08-16 20:44:49 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-08-16 20:44:49 272896 ----a-w- c:\windows\system32\polstore.dll
2010-08-16 20:40:57 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-16 20:34:52 17920 ----a-w- c:\windows\system32\netevent.dll
2010-08-16 20:34:51 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-08-16 20:34:51 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-08-16 20:34:51 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-08-16 20:34:51 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-08-16 20:34:51 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-08-16 20:34:51 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-08-16 20:34:51 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-08-16 20:34:51 10240 ----a-w- c:\windows\system32\finger.exe
2010-08-16 20:28:01 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-08-16 20:27:59 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-08-16 20:27:59 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-08-16 20:27:59 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-08-16 20:27:59 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-08-16 20:27:59 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-08-16 20:27:56 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-08-16 20:26:13 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-08-16 20:26:12 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-08-16 20:26:11 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-08-16 20:24:36 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-08-16 20:22:47 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-08-16 20:22:47 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-08-16 20:22:46 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-08-16 20:19:12 98816 ----a-w- c:\windows\system32\mfps.dll
2010-08-16 20:19:12 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-08-16 20:19:12 2868224 ----a-w- c:\windows\system32\mf.dll
2010-08-16 20:19:11 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-08-16 20:19:11 2048 ----a-w- c:\windows\system32\mferror.dll
2010-08-16 20:10:29 71680 ----a-w- c:\windows\system32\atl.dll
2010-08-16 19:59:30 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-08-16 19:58:08 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-08-16 19:58:08 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-08-16 19:58:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-08-16 19:38:06 623616 ----a-w- c:\windows\system32\localspl.dll
2010-08-16 19:29:18 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-08-16 19:27:50 72704 ----a-w- c:\windows\system32\secur32.dll
2010-08-16 19:27:50 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-08-16 19:27:50 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-08-16 19:27:50 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-08-16 19:27:49 9728 ----a-w- c:\windows\system32\lsass.exe
2010-08-16 19:27:49 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-08-16 19:22:59 3104768 ----a-w- c:\windows\system32\NlsData0046.dll
2010-08-16 19:11:00 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-08-16 19:04:40 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-08-16 19:04:40 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-08-16 19:04:39 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-08-16 19:04:39 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-08-16 18:55:46 98304 ----a-w- c:\windows\system32\cabview.dll

============= FINISH: 0:29:15.22 ===============

The required file is also attached.

[Jack&Jill]

Hello and welcome to Safer Networking.

I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.

Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.

[Clinity]

I have read your post. Thank you for assessing my situation.
I have subscribed to the thread, and will be patient as you come up with a solution.

Oh, and just in case, I have uninstalled all P2P programs on my computer, which included uTorrent and jDownloader.

[Jack&Jill]

Hello Clinity ,

Welcome to Safer Networking. I am Jack&Jill, and I will be helping you out.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.

• Please observe and follow these Forum Rules.
• Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
• Please read the instructions carefully and follow them closely, in the order they are presented to you.
• If you have any doubts or problems during the fix, please stop and ask.
• All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
• Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
• Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
• Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
• If you do not reply within 3 days, this topic will be closed.

If you are agreeable to the above, then everything should go smoothly . We may begin.

--------------------

Is this a business computer?

--------------------

Remove P2P software

• IMPORTANT: I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
  
  µTorrent
  
  
• Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
• Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
• Go to Control Panel > Add/Remove Programs and uninstall the P2P program(s) listed above (in red).
• Please remove them before we continue with fixing your computer.

Please post a new Attach.txt.

--------------------

Validate Windows

• Please download MGADiag.exe from Microsoft and save it to a convenient location. Click here.
• Double click on MGADiag.exe to run it.
• Click Continue.
• The program will run. It takes a while to finish the diagnosis, please be patient.
• Once done, click on Copy.
• Open Notepad and paste the contents in. Save this file and post it in your next reply.

--------------------

Check for additional security risks

• Please download CKScanner© by askey127 and save to your desktop. Click here.
• Double click on CKScanner.exe and click Search For Files.
• After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, click OK.
• Post the contents of ckfiles.txt in your reply, it is located on your desktop.

--------------------

Please download Rootkit Unhooker and save it to your desktop. Click here.

• Double click RKUnhookerLE.exe to run it.
• Click the Report tab, then click Scan.
• Ensure the following are checked (ticked):
  
  • Drivers
  • Stealth Code
  • Files
  • Code Hooks
• Uncheck the rest, then click OK. An initial scan will be performed.
• When prompted to Select Disks for Scan, make sure C:\ is checked and click OK.
• Wait until the scanner is done, then click on File at the pull down menu, followed by Save Report.
• Save the report somewhere you can find it. Click Close to exit.
• Copy the entire contents of the report and paste it in your next reply.

You may get a warning about parasite detection. Please click OK to continue.

--------------------

Please post back:
1. the answer to my question about your computer
2. new Attach.txt (you need to rerun DDS)
3. MGADiag result
4. CKScanner log
5. Rookit Unhooker result

[Clinity]

No, this is not a business computer. It's a home computer.

--------------------

A new Attach.txt is attached in zip format.

--------------------

MGADiag.txt is attached as well.

--------------------

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----

--------------------

I wasn't able to get a result from the Rootkit Unhooker.

Every time I try to run a scan, it gives me the same error:

"Sorry, but unhandled exception has occured
Program will be terminated
Exception code : 0xC0000005
Instruction address : 0x77C82E47
Attempt to write at address : 0x032EFE78"

[Jack&Jill]

Hello Clinity ,

Please post the logs that I request by copy and pasting the contents here, not attach the files.

--------------------

The Microsoft Office Enterprise 2007 on your computer is a non-genuine copy. It was installed with an invalid Volume Licensing Key (VLK) generated by a pirating software. VLKs are only available to corporations, education entities and government agencies.
A VL Product Key is non-transferable to individuals. Here is some information about this situation.

Please read the fourth post of the Forum Rules .

Note:
We do not support the use of illegal Pirated/Warez/Cracked software.

If seeking help in our Malware removal forum please know that users who have programs obtained by such methods will be asked to remove them, since our help could otherwise be seen as aiding copyright violations. Aside from the legalities be aware malware authors prey on users looking to circumvent a software's protection mechanisms. There is a high risk of infection involved in downloading and running crack codes.

If you still want help, please remove the illegal items from your computer, and if you still need the softwares, get legal ones from legitimate sources.
If you advised that the illegal softwares have been removed and I find it otherwise (the tools we use can and will detect them), then I will have no choice but to have this topic closed.
If there are more such new findings after this, the topic will also be closed.

You may return to the seller to demand for a replacement with a genuine copy or get a full refund. Have a read here to see if you qualify for Genuince Office Offer. As an alternative, you can also try OpenOffice.

[Clinity]

Here's a new Attach.txt:

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 16/08/2010 12:15:07 PM
System Uptime: 22/09/2010 5:38:41 PM (48 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5GC-MX/1333
Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz | LGA 775 | 1800/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 59.982 GiB free.
D: is CDROM ()
E: is Removable
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP121: 14/09/2010 7:03:04 PM - Installed Opera 10.62.
RP151: 16/09/2010 12:49:01 AM - Restore Operation

==== Installed Programs ======================

Adobe AIR
Adobe Community Help
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Media Player
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
Bonjour
ConvertXtoDVD 4.1.2.336
Cool & Quiet
Croc 2
EA Download Manager
ERUNT 1.1j
Feedback Tool
Final Draft
Foxit Reader
GIMP 2.6.10
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 15
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MobileMe Control Panel
novaPDF Professional Desktop 7.2 printer
Opera 10.62
QuickTime
Safari
Supple - Episode 2 (remove only)
The Sims™ 3
Trillian
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VLC media player 1.1.4
WinRAR archiver

==== Event Viewer Messages From Past Week ========

24/09/2010 6:13:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
24/09/2010 1:43:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
24/09/2010 1:43:34 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
24/09/2010 1:43:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
22/09/2010 5:35:37 PM, Error: EventLog [6008] - The previous system shutdown at 5:34:39 PM on 22/09/2010 was unexpected.
20/09/2010 12:21:57 AM, Error: EventLog [6008] - The previous system shutdown at 12:20:03 AM on 20/09/2010 was unexpected.
19/09/2010 6:03:17 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
18/09/2010 12:03:42 PM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.
17/09/2010 7:52:50 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================

--------------------

Here's the new MGADiag result:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-CYGXP-PXFXP-P4YM3
Windows Product Key Hash: PCDmI0G/xsCkD8JRfe/Vpk1EMr4=
Windows Product ID: 89572-OEM-7300972-96464
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.0.6002.2.00010300.2.0.002
ID: {EAE275B0-EE4A-4165-A299-6161B3B874A1}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Basic
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.100608-0458
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Opera\opera.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\uxtheme.dll[6.0.6001.18000], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\browseui.dll[6.0.6000.16386], Hr = 0x800b0100

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{EAE275B0-EE4A-4165-A299-6161B3B874A1}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.002</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-P4YM3</PKey><PID>89572-OEM-7300972-96464</PID><PIDType>3</PIDType><SID>S-1-5-21-434098278-49066985-2103770490</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0310 </Version><SMBIOSVersion major="2" minor="4"/><Date>20071224000000.000000+000</Date></BIOS><HWID>23323507018400EA</HWID><UserLCID>1009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6002.18005
Name: Windows(TM) Vista, HomeBasic edition
Description: Windows Operating System - Vista, OEM_COA_NSLP channel
Activation ID: bb4c2c10-dc0d-4ce6-8824-ee71ddb63c07
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89572-00146-009-796464-02-4105-6000.0000-2282010
Installation ID: 017553288272343306950972606651591762510573670171006663
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: P4YM3
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: OgAAAAIABAABAAEAAgABAAAAAwABAAEAnJ8SrDYOU1GYk1r/qnZI5JKF4PmN7/L0XvEsYXKWrFYqhQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC A_M_I_ OEMAPIC
FACP A_M_I_ OEMFACP
HPET A_M_I_ OEMHPET
MCFG A_M_I_ OEMMCFG
OEMB A_M_I_ AMI_OEM

[Jack&Jill]

Hello Clinity ,

I want you to retry Rootkit Unhooker but with the following steps prior to it. In fact from now onwards, you must run all the tools using this method.

For Windows Vista or Windows 7, please use right click and select Run as administrator instead of double click to run all the tools I ask you to, or they may not work properly.

If you get the log, please post back here and skip the following steps. Otherwise, please continue below.

--------------------

Please close all programs and do not run any others before and during the GMER scan. Do not use the computer for anything else until after the scan is completed.

Please download GMER and save it to your desktop. Click here.

• Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running GMER. They may cause the computer to freeze.
• If you need help to disable your protection programs see here and here.
• Double click the .exe file. If asked to allow the gmer driver file with a sys extension to load, please consent.
• If it gives you a warning about rootkit activity and asks if you want to run scan, click on No.
• In the right panel, you will see several boxes that have been checked (ticked).
  
  • Uncheck IAT/EAT
  • Uncheck All other Drives/Partitions except C:\ (leave C:\ checked)
  • Uncheck Show All (don't miss this one)
• Then click the Scan button and wait for it to finish.
• Once done, click on the Save... button and save it as "Gmer.txt" at a convenient location. Post the contents of that report.
• Enable back your security softwares as soon as you completed the GMER steps.
  Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.

If you are having problems running this version of GMER, please try running GMER in Safe Mode. You can get into Safe Mode using the F8 key during the startup of your computer after a reboot.

--------------------

Please post back:
1. the Rootkit Unhooker log, or
2. GMER result

[Clinity]

Here's the GMER log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-25 04:04:49
Windows 6.0.6002 Service Pack 2
Running: xrnbr3go.exe; Driver: C:\Users\Hurley\AppData\Local\Temp\uxryrpod.sys


---- System - GMER 1.0.15 ----

INT 0x52 ? 83940BF8
INT 0x62 ? 83940BF8
INT 0x72 ? 83940BF8
INT 0x82 ? 85581BF8
INT 0x93 ? 85581BF8
INT 0xA3 ? 85581BF8

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spdg.sys The system cannot find the path specified. !
.rsrc C:\Windows\system32\drivers\atapi.sys entry point in ".rsrc" section [0x82A79024]
.text USBPORT.SYS!DllUnload 8AFBF41B 5 Bytes JMP 855811D8
.text auveq6cl.SYS 86398000 22 Bytes [82, 03, E1, 81, 6C, 02, E1, ...]
.text auveq6cl.SYS 86398017 181 Bytes [00, 32, 47, 99, 82, 3D, 45, ...]
.text auveq6cl.SYS 863980CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
.text auveq6cl.SYS 863980DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text auveq6cl.SYS 863980E7 714 Bytes [00, F0, 0E, 00, 00, 00, 00, ...]
.text ...

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 847001F8
Device \Driver\volmgr \Device\VolMgrControl 839421F8
Device \Driver\sptd \Device\249176770 spdg.sys
Device \Driver\netbt \Device\NetBT_Tcpip_{C64BE831-1E4C-44DB-9969-2256F41C8347} 85F3D1F8
Device \Driver\usbuhci \Device\USBPDO-0 843091F8
Device \Driver\PCI_PNP8762 \Device\00000045 spdg.sys
Device \Driver\usbuhci \Device\USBPDO-1 843091F8
Device \Driver\usbuhci \Device\USBPDO-2 843091F8
Device \Driver\usbuhci \Device\USBPDO-3 843091F8
Device \Driver\usbehci \Device\USBPDO-4 8557E1F8

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\volmgr \Device\HarddiskVolume1 839421F8
Device \Driver\cdrom \Device\CdRom0 8571B500
Device \Driver\cdrom \Device\CdRom1 8571B500
Device \Driver\atapi \Device\Ide\IdePort0 846FF1F8
Device \Driver\atapi \Device\Ide\IdePort1 846FF1F8
Device \Driver\atapi \Device\Ide\IdePort2 846FF1F8
Device \Driver\atapi \Device\Ide\IdePort3 846FF1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-4 846FF1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 85F3D1F8
Device \Driver\Smb \Device\NetbiosSmb 85F391F8
Device \Driver\iScsiPrt \Device\RaidPort0 856ED1F8

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\netbt \Device\NetBT_Tcpip_{C8C21490-2519-4451-9F83-32A28D5317A6} 85F3D1F8
Device \Driver\usbuhci \Device\USBFDO-0 843091F8
Device \Driver\usbuhci \Device\USBFDO-1 843091F8
Device \Driver\usbuhci \Device\USBFDO-2 843091F8
Device \Driver\usbuhci \Device\USBFDO-3 843091F8
Device \Driver\usbehci \Device\USBFDO-4 8557E1F8
Device \Driver\auveq6cl \Device\Scsi\auveq6cl1Port5Path0Target0Lun0 858BA1F8
Device \Driver\auveq6cl \Device\Scsi\auveq6cl1 858BA1F8
Device \FileSystem\cdfs \Cdfs 857191F8
Device -> \Driver\atapi \Device\Harddisk0\DR0 847BE618

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7B 0xFC 0x2A 0x23 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x13 0x9E 0xFF 0xB7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x58 0x18 0xC8 0xCF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x72 0x19 0xD3 0x59 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x13 0x9E 0xFF 0xB7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x58 0x18 0xC8 0xCF ...

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

[Jack&Jill]

Hello Clinity ,

For Windows Vista or Seven, please use right click and select Run as administrator instead of double click to run all the tools I ask you to, or they may not work properly.

Please download ComboFix© by sUBs from one of the links below and save it to your desktop.

Link 1
Link 2

Do not mouse click on ComboFix while it is running. That may cause it to stall. ComboFix is a powerful tool and must not be used without supervision.

Run ComboFix

• Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running ComboFix. They will interfere and may cause unexpected results.
• If you need help to disable your protection programs see here and here.
• Double click on ComboFix.exe and follow the prompts.
• When finished, a log will be produced as C:\ComboFix.txt. Please post this log in your next reply.
• If you lose Internet connection after running ComboFix, right click on the network icon at the system tray and select Repair, or you can reboot the computer.
• Enable back your security softwares as soon as you completed the ComboFix steps.

A detailed step by step tutorial to run ComboFix can be found here if you need help.

--------------------

Please post back:
1. the ComboFix log