Hey,

My computer, running on Windows 7, re-directs to random websites whenever I am on Google. I have run Spybot search and destroy numerous times and it has found and taken care of other problems with the computer. However no matter how many times I run Spybot the Google re-direct problem does not go away. My computer is also running a wee bit slower than normal.

Any help would be great, thanks.

Here is my DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Marlin at 19:55:42 on 2012-02-12
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.1689 [GMT -7:00]
.
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.1.0.19\InstStub.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Freecorder\FLVSrvc.exe
C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352&r=17360810z616p0445v1k5r4551s216
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352&r=17360810z616p0445v1k5r4551s216
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352&r=17360810z616p0445v1k5r4551s216
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352&r=17360810z616p0445v1k5r4551s216
mWinlogon: Userinit=userinit.exe
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll

So, the DDS log I posted first isn't complete for some reason. Here is the full DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Marlin at 21:10:25 on 2012-02-12
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.1666 [GMT -7:00]
.
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.1.0.19\InstStub.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Freecorder\FLVSrvc.exe
C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352&r=17360810z616p0445v1k5r4551s216
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352&r=17360810z616p0445v1k5r4551s216
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352&r=17360810z616p0445v1k5r4551s216
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352&r=17360810z616p0445v1k5r4551s216
mWinlogon: Userinit=userinit.exe
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun: [DATAMNGR] C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
StartupFolder: C:\Users\Marlin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1 75.75.76.76 75.75.75.75
TCP: Interfaces\{F2D23429-C71E-400B-8437-B82424892032} : DhcpNameServer = 192.168.2.1 75.75.76.76 75.75.75.75
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
BHO-X64: MediaBar: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
BHO-X64: MediaBar - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: UrlHelper Class: {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
TB-X64: MediaBar: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun-x64: [DATAMNGR] C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
AppInit_DLLs-X64: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Marlin\AppData\Roaming\Mozilla\Firefox\Profiles\pue8nhd9.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - component: C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe [2010-4-14 126392]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-6 1153368]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-4-14 243232]
R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-1-23 909152]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-27 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-27 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-01-22 22:22:21 -------- d-----w- C:\Users\Marlin\AppData\Local\ApplicationHistory
.
==================== Find3M ====================
.
.
============= FINISH: 21:19:15.55 ===============

:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR


A couple of points before we begin, you have two antivirus programs running, they will conflict with each other and severely hamper system performance, with Antivirus programs, more is not better, you should have just one, keep it updated and run regular scans. Your call but you need to go into Programs and Features in the Control Panel and uninstall one of them.


Bearshare, any form of File Sharing is dangerous, your downloading that file from and unknown source and most contain some sort of malicious code , if you keep using programs like this you will continue to infect your syste.


Uninstall Bearshare and one AV and post a new DDS log please

You can tell by the DDS log I am assuming but just in case; I uninstalled bearshare and spybot


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Marlin at 16:08:55 on 2012-02-20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2374 [GMT -7:00]
.
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.1.0.19\InstStub.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Freecorder\FLVSrvc.exe
C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352&r=17360810z616p0445v1k5r4551s216
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352&r=17360810z616p0445v1k5r4551s216
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352&r=17360810z616p0445v1k5r4551s216
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352&r=17360810z616p0445v1k5r4551s216
mWinlogon: Userinit=userinit.exe
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun: [DATAMNGR] C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
StartupFolder: C:\Users\Marlin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1 75.75.76.76 75.75.75.75
TCP: Interfaces\{F2D23429-C71E-400B-8437-B82424892032} : DhcpNameServer = 192.168.2.1 75.75.76.76 75.75.75.75
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
BHO-X64: MediaBar: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
BHO-X64: MediaBar - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: UrlHelper Class: {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
TB-X64: MediaBar: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun-x64: [DATAMNGR] C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
AppInit_DLLs-X64: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Marlin\AppData\Roaming\Mozilla\Firefox\Profiles\pue8nhd9.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - component: C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe [2010-4-14 126392]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-4-14 243232]
R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-1-23 909152]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-27 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-27 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-20 23:04:13 -------- d-----w- C:\Users\Marlin\AppData\Local\PackageAware
2012-01-22 22:22:21 -------- d-----w- C:\Users\Marlin\AppData\Local\ApplicationHistory
.
==================== Find3M ====================
.
.
============= FINISH: 16:18:22.62 ===============

Hi,

Spybot is not an Anti Virus program, there was no need to uninstall it, my bad I should have been a bit more clear in my instructions, you have Norton Internet Security and AVG Free Anti Virus, you need to uninstall one of them, my choice would be to uninstall AVG. I still see Bearshare installed, we can deal with this later.


Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png

Hey,

No need to be sorry, upon re-reading your post I don't know why I uninstalled Spybot, it's my fault, I wasn't reading carefully. Let me know if there is anything else I should uninstall and what not.

Thanks for the help.

aswMBR version 0.9.9.1618 Copyright(c) 2011 AVAST Software
Run date: 2012-02-20 18:48:41
-----------------------------
18:48:41.682 OS Version: Windows x64 6.1.7600
18:48:41.683 Number of processors: 2 586 0x602
18:48:41.684 ComputerName: IAN-PC UserName: Marlin
18:48:43.774 Initialize success
18:49:44.084 AVAST engine defs: 12022002
18:50:48.670 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000059
18:50:48.676 Disk 0 Vendor: ST350041 CC44 Size: 476940MB BusType: 3
18:50:48.693 Disk 0 MBR read successfully
18:50:48.700 Disk 0 MBR scan
18:50:48.712 Disk 0 Windows 7 default MBR code
18:50:48.724 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 18432 MB offset 2048
18:50:48.743 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 37750784
18:50:48.761 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 458406 MB offset 37955584
18:50:48.771 Service scanning
18:51:09.132 Modules scanning
18:51:09.150 Disk 0 trace - called modules:
18:51:09.188 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004616334]<<storport.sys hal.dll nvstor64.sys
18:51:09.199 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045fa060]
18:51:09.554 3 CLASSPNP.SYS[fffff8800197d43f] -> nt!IofCallDriver -> [0xfffffa80044b5c90]
18:51:09.566 5 ACPI.sys[fffff88000f30781] -> nt!IofCallDriver -> \Device\00000059[0xfffffa800428d140]
18:51:09.576 \Driver\nvstor64[0xfffffa80042b98c0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004616334
18:51:18.695 AVAST engine scan C:\Windows
18:51:21.330 AVAST engine scan C:\Windows\system32
18:54:45.497 AVAST engine scan C:\Windows\system32\drivers
18:55:00.105 AVAST engine scan C:\Users\Marlin
19:05:11.560 AVAST engine scan C:\ProgramData
19:13:51.707 Scan finished successfully
19:17:57.208 Disk 0 MBR has been saved successfully to "C:\Users\Marlin\Desktop\MBR.dat"
19:17:57.214 The log file has been saved successfully to "C:\Users\Marlin\Desktop\aswMBR.txt"

Lets check your Master Boot Record


What I would like you to do is to go to Start > Control Panel > Administrative Tools > Computer Management > Then in the left pane click on Disk Management. When it opens expand it to fill the screen, then press Alt. Prnt Scrn , then go to your image editor , Paint will be fine if this is all you have and paste it in, save it to your desktop and then attach it in your next reply.




Download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

Hey,

Here they are:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: eMachines
BIOS Manufacturer: American Megatrends, Inc.
System Manufacturer: eMachines
System Product Name: EL1352
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 152):
0x02C00000 \SystemRoot\system32\ntoskrnl.exe
0x031DC000 \SystemRoot\system32\hal.dll
0x00BA8000 \SystemRoot\system32\kdcom.dll
0x00C56000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C63000 \SystemRoot\system32\PSHED.dll
0x00C77000 \SystemRoot\system32\CLFS.SYS
0x00CD5000 \SystemRoot\system32\CI.dll
0x00EF4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F98000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00FA7000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00E00000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00E09000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E13000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E46000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E53000 \SystemRoot\System32\drivers\partmgr.sys
0x00E68000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E7D000 \SystemRoot\System32\drivers\volmgrx.sys
0x00ED9000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00EE0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00D95000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DAF000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00DB8000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00C00000 \SystemRoot\system32\DRIVERS\nvstor64.sys
0x0104A000 \SystemRoot\system32\DRIVERS\storport.sys
0x010AC000 \SystemRoot\system32\drivers\amdxata.sys
0x010B7000 \SystemRoot\system32\drivers\fltmgr.sys
0x01103000 \SystemRoot\system32\drivers\fileinfo.sys
0x0121F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01117000 \SystemRoot\System32\Drivers\msrpc.sys
0x013C1000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01175000 \SystemRoot\System32\Drivers\cng.sys
0x013DB000 \SystemRoot\System32\drivers\pcw.sys
0x013EC000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01465000 \SystemRoot\system32\drivers\ndis.sys
0x01557000 \SystemRoot\system32\drivers\NETIO.SYS
0x015B7000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01602000 \SystemRoot\System32\drivers\tcpip.sys
0x01400000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01813000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0185F000 \SystemRoot\System32\Drivers\spldr.sys
0x01867000 \SystemRoot\System32\drivers\rdyboost.sys
0x018A1000 \SystemRoot\System32\Drivers\mup.sys
0x018B3000 \SystemRoot\System32\drivers\hwpolicy.sys
0x018BC000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x018F6000 \SystemRoot\system32\DRIVERS\disk.sys
0x0190C000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0193C000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
0x01948000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x019BC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x019E6000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
0x03CA9000 \SystemRoot\system32\drivers\NISx64\1101000.013\SRTSP64.SYS
0x03D2F000 \SystemRoot\system32\drivers\NISx64\1101000.013\SRTSPX64.SYS
0x03E1B000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100208.002\EX64.SYS
0x03FC8000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100208.002\ENG64.SYS
0x03FE8000 \SystemRoot\System32\Drivers\Null.SYS
0x03FF1000 \SystemRoot\System32\Drivers\Beep.SYS
0x03E00000 \SystemRoot\System32\drivers\vga.sys
0x03D43000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03D68000 \SystemRoot\System32\drivers\watchdog.sys
0x03E0E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03D78000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03D81000 \SystemRoot\system32\drivers\rdprefmp.sys
0x03D8A000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03D95000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03DA6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03DC4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03C00000 \SystemRoot\system32\DRIVERS\avgtdia.sys
0x03C60000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04054000 \SystemRoot\system32\drivers\afd.sys
0x040DD000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x040E6000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0410C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0411B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04136000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0414A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0419B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x041A7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x041B2000 \SystemRoot\System32\drivers\discache.sys
0x041C1000 \SystemRoot\System32\Drivers\dfsc.sys
0x041DF000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04000000 \SystemRoot\system32\DRIVERS\avgldx64.sys
0x03DD1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0144A000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x041F0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04049000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x042DC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04332000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04343000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04367000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
0x043B9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0FEC0000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x10BD7000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x044D7000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04400000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04446000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x0444F000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x0445F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04475000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04499000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x044A5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x045CB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x10BD9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x045E6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0FE00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x044D4000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0FE0F000 \SystemRoot\system32\DRIVERS\ks.sys
0x0FE52000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0FE64000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x043C6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04A97000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04CC0000 \SystemRoot\system32\drivers\portcls.sys
0x04CFD000 \SystemRoot\system32\drivers\drmk.sys
0x04D1F000 \SystemRoot\system32\drivers\ksthunk.sys
0x04D25000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04D42000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04D44000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x04D52000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04D6B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04D74000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x04D82000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x04D8F000 \SystemRoot\system32\drivers\USBSTOR.SYS
0x04DAA000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04DB8000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x04A00000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x04A3F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00010000 \SystemRoot\System32\win32k.sys
0x04A52000 \SystemRoot\System32\drivers\Dxapi.sys
0x04A5E000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00530000 \SystemRoot\System32\TSDDD.dll
0x00680000 \SystemRoot\System32\cdd.dll
0x04A6C000 \SystemRoot\system32\drivers\luafv.sys
0x04DC2000 \SystemRoot\system32\drivers\WudfPf.sys
0x04DE3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x043DB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x04200000 \SystemRoot\system32\drivers\HTTP.sys
0x01952000 \SystemRoot\system32\DRIVERS\bowser.sys
0x01970000 \SystemRoot\System32\drivers\mpsdrv.sys
0x01988000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06096000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x060E4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06107000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0x06112000 \SystemRoot\system32\drivers\peauth.sys
0x061B8000 \SystemRoot\System32\Drivers\secdrv.SYS
0x061C3000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06000000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06012000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x0686A000 \SystemRoot\System32\DRIVERS\srv2.sys
0x068D1000 \SystemRoot\System32\DRIVERS\srv.sys
0x06966000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x77370000 \Windows\System32\ntdll.dll
0x48060000 \Windows\System32\smss.exe
0xFF690000 \Windows\System32\apisetschema.dll

Processes (total 67):
0 System Idle Process
4 System
280 C:\Windows\System32\smss.exe
384 C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
420 C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
636 csrss.exe
696 C:\Windows\System32\wininit.exe
708 csrss.exe
772 C:\Windows\System32\services.exe
788 C:\Windows\System32\winlogon.exe
816 C:\Windows\System32\lsass.exe
824 C:\Windows\System32\lsm.exe
960 C:\Windows\System32\svchost.exe
112 C:\Windows\System32\nvvsvc.exe
376 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\svchost.exe
596 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1184 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\svchost.exe
1304 C:\Windows\System32\nvvsvc.exe
1528 C:\Windows\System32\spoolsv.exe
1560 C:\Windows\System32\svchost.exe
1652 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1720 C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
1740 C:\Program Files\Bonjour\mDNSResponder.exe
1780 C:\Windows\System32\svchost.exe
1808 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
1876 C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
1916 C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
1980 C:\Windows\System32\svchost.exe
1124 C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
1596 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
1772 C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
1332 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2148 C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
2388 C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
2672 WUDFHost.exe
2252 C:\Program Files\Windows Media Player\wmpnetwk.exe
2336 C:\Windows\System32\SearchIndexer.exe
3108 C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.1.0.19\InstStub.exe
3188 C:\Windows\System32\dwm.exe
3228 C:\Windows\explorer.exe
3476 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3484 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3516 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
3724 C:\Windows\System32\taskhost.exe
3824 C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
3864 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3888 C:\Program Files (x86)\Freecorder\FLVSrvc.exe
3900 C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
3952 C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUI.exe
3964 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
4020 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4084 C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
3200 C:\Program Files (x86)\AVG Secure Search\vprot.exe
380 C:\Program Files\iPod\bin\iPodService.exe
4408 C:\Windows\System32\svchost.exe
4060 C:\Windows\System32\wuauclt.exe
5112 C:\Windows\System32\audiodg.exe
2912 C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
3996 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3912 C:\Windows\System32\SearchProtocolHost.exe
4572 C:\Windows\System32\SearchFilterHost.exe
4952 C:\Users\Marlin\Downloads\MBRCheck.exe
3392 C:\Windows\System32\conhost.exe
2952 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000004`86500000 (NTFS)

PhysicalDrive0 Model Number: ST3500418AS, Rev: CC44

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!




Thanks

Thanks for posting back that info for me, it looks like your Master Boot Record may be infected, what I need from you is an offline dump of your MBR so we can analyse it to be certain. Your going to need a usb thumb drive for this


xPUD

We will need a USB stick and access to an uninfected machine.

We need to prepare the USB stick. It is not absolutely essential that it is formatted, but it may help if it is:

Insert your USB drive ino the uninfected machine.
Click on Start > My Computer > right click your USB drive > choose Format > Quick format.


Next

Download both http://sourceforge.net/projects/unetbootin/files/UNetbootin/Custom/unetbootin-xpud-windows-387.exe/download and http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of the uninfected machine.
Make sure you have the formatted USB stick in the uninfected system.
Double click on the unetbootin-xpud-windows-387.exe that you just downloaded.
Press Run and then OK.
Select the DiskImage option then click the browse button located on the right side of the textbox field.
Browse to and select the xpud-0.9.2.iso file you downloaded.
Verify the correct drive letter is selected for your USB device then click OK.
It will install a little bootable OS on your USB device
After it has completed do not choose to reboot the clean computer, simply close the installer.


Next

Use the clean computer to download dumpit from the following link: http://noahdfear.net/downloads/dumpit
Once dumpit is downloaded save it to the USB stick.


Next

Take the USB to the infected computer and boot with it.
The computer must be set to boot from the USB (as soon as BIOS is loaded tap F12 and choose to boot from the USB drive).
A Welcome to xPUD screen will appear.
Press File.
Expand mnt.
sda1,2...usually corresponds to your HDD.
sdb1 is likely your USB drive.
Click on the folder that represents your USB drive (sdb1 ?).
Confirm that you see dumpit that you downloaded there.
Double click on dumpit.
Once completed, a file called mbr.zip will be saved to the USB drive.
Take the USB drive back to the uninfected system and attach the mbr.zip in your next reply.



If you encounter any diffuculties just let me know.

Hi,

How are you coming along ? If you look at the Disk Management picture that I asked you to attach, do you see the 1MB partition, its an infected partition that malware created and made it active, so when you boot up your system it uses the infected partition to boot your system and then the malware is active. We just cant delete it or your compute wont boot, thats why I am asking for an offline dump of your MBR so we can make the legit partition active and then we can remove the infected one, hope this makes sense to you.

Hey,

I ran into a problem when trying to download 'dumpit.' The link given sends me to this page http://noahdfear.net/downloads/dumpit

Also, your explanation for what is happening to my computer does make sense, thank you. And thank you for all the help thus far.

You need to use the Firefox browser for any xPud downloads as Internet Explorer is messing with those downloads

http://www.mozilla.org/en-US/firefox/new/



Basically it looks like malware has altered your Master Boot Record, a lot of this going around lately

Hey,
So it might be me just making a mistake but I believe I have downloaded everything you asked me too on my flash drive. When I plug it into the infected computer I tap F12 and it takes me to the boot menu in which I find "USB:USB Flash Disk" After I press enter it takes me to a black screen with a flashing "_" on the top left corner. Take your time in responding.

Thanks

Try redownloading both these files to your usb drive using Firefox , if its says the file is present do you want to replace it say yes

Download both http://sourceforge.net/projects/unetbootin/files/UNetbootin/Custom/unetbootin-xpud-windows-387.exe/download and http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of the uninfected machine.

Then try booting from it again


We may have to reset your bios to boot from the usb drive, what make and model of computer is this

xPud may not work on your system, where going to use Puppy Linux

Make sure you use Firefox for the downloads

We'll use a CD that we will make bootable. We also need a USB flashdrive that has some space on it. We will not be changing any of the data on the usb device just using it for a file.


Save these files to your Desktop

Download Latest Puppy Linux ISO (http://distro.ibiblio.org/pub/linux/distributions/puppylinux/puppy-5.2.8/lupu-528.iso) (i.e.: lupu-528.iso)
Download BurnCDCC ISO Burning Software (http://api.viglink.com/api/click?format=go&key=bf4adfcbb328b51c165afd7f95bfc060&loc=http%3A%2F%2Fwww.geekstogo.com%2Fforum%2Ftopic%2F274691-use-puppy-linux-live-cd-to-recover-your-data%2F&v=1&libid=1320722667197&out=http%3A%2F%2Fwww.terabyteunlimited.com)


Open BurnCDCC and Extract All files to to it's own folder
Double Click BurnCDCC
Click Browse and navigate to the Puppy Linux ISO file you just downloaded
click on it and click Open
IMPORTANT: Adjust the speed bar to CD: 4x DVD: 1x
Click Start
Your CD Burner Tray will open automatically
Insert a blank CD and close the tray
Click OK
The CD should eject when finished.

You can save these instructions to a notepad on your usb device. Once you have mounted the drives you should be able view them by clicking on them.

Please note commands used with this tool are case sensitive and must be typed exactly as shown.


To use the CD


Insert the CD and restart the computer
When the computer first starts please press the key indicated on the screen to enter the bios or setup.
Make the necessary changes to make the CD first in the boot order
Save the changes and exit the bios/setup
Your computer will restart and boot from the Puppy Linux Live CD



Set your language, time. etc preferences and continue
Click the Mount Icon located at the top left of your desktop (should be 3rd from the left top row)
A Window will open, click mount for each drive listed
if you have a USB Flash Drive connected it's usually automatically mounted upon boot, but click the "usbdrv" tab and make sure it is mounted.


In the lower left you will see some icons with a green light on them. Click on the one that represents your usb device.
right click on a blank space in the window that opens
highlight Window
Click Terminal here
in the window that opens type the following line and hit enter

dd if=/dev/sda of=mbr.bin bs=512 count=1

(note there is a space after dd and a space after sda and a space after bin and a space after 512)

After it has finished a file will be located on your USB drive named mbr.bin
click menu
highlight shutdown
click reboot
use the arrow key to select Do not save
hit enter
remove the CD before the computer restarts and allow the computer to boot


Please zip MBR.bin and attach it to your next reply.

Alright I'll give this a go. Thank you.

Hey,

So when I insert the CD into the infected computer, I hit "F12" for bios setup, locate the CD press "enter" and then it takes me to the puppy linux screen thingy and it says "wait 5 seconds for normal start up, press F2 for help setup, press F3 for advanced help setup." I wait for more then 5 seconds and nothing occurs.

I'm in no rush, let me know what's up when you can.

Thanks

Lets do this, back up anything you may not want to lose like pictures , important documents. Do you have your windows CD or the Recovery CD that came with your computer ? In case the fix fails you may need it

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Due to inactivity, this thread will now be closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.