AVG, Norton, and Avira AntiVir Personal all find different V

OK so my laptop has been going pretty much crazier in the last couple of months, and improvement doesn't seem to be in sight. Alright so I'll just try and give you the symptoms that I've observed so you Doc's give your diagnosis. Lately I've been getting a lot of random blue screens and there becoming more frequent. It used to be just when I played video games but now its just random. Another thing is that when I close the lid to my laptop or put it in hibernation or sleep mode, it'll just randomly turn on by itself like 5 or 10 minutes later. So I've just been fed up with this crap and decided to get some antivirus and so I tried AVG first. Now that program detected some Trojan horse called generic or something. The program said it fixed and quarantined it but my problems still continued. So then I downloaded the free version of Norton. That freaking antivirus said I also had Trojan horse and said it fixed those too but I got a blue screen again like 10 minutes later. So now I've downloaded Avira Antivir and used their scanner today. I actually logged the Virus they said they found and fixed. Which I have no clue whether or not it has fixed but atleast I haven't had the computer freak out or anything yet. Avira said it found 3 virus' one called: TR/Dropp.D Trojan ; EXP/ASF.CetCodec.gen ; finally Heur/damaged. I just think it's weird that each Antivirus finds a different type of trojan even after they say they've quarantined or deleted them. (BTW I installed and tried all 3 programs in last like week) Anyways I also logged what it said on one of the blue screens and it said:

Driver_IRQL_NOT_LESS_OR_EQUAL

*** Stop: 0x000000D1 (0X00040019, 0x00000002, 0x00000000, 0x8D975F5B)
*** Tcpip.sys - address 8D975F5B base at 8D92E000, date Stamp 478ad415

Alright so honestly the first blue screen I got was way long ago like over a year but they sorta didn't happen as often maybe once a few weeks. But now there's one like every day and that's just ridiculous. I don't know if it has anything to do with the Virus' but either way having Virus' probably doesn't help the situation. OK so here's the hijack this log that you probably need, and so i can stop venting. And I'm gonna thank you guys for your help in advance just for reading this long ass post.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:35:45 AM, on 3/4/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AIM\aim.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Harvey\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Google Update] "C:\Users\Harvey\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {0A155D3C-68E2-4215-A47A-E800A446447A} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Unknown owner - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8435 bytes

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll (file missing)
  O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll (file missing)
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

So I just did all the other steps that you instructed and it seems that the program found some virus' and malware. Also I forgot to say one symptom that I noticed, about 7 months ago I went into my D harddisk to try and look at some photos. However all I found was that in all of my picture folders there was only 1 photo left in each separate folder. I don't know if that has anything to do with the Virus' but it was like all the other photos were deleted and I don't know how since I didn't do it. Alright well here's the log.


Malwarebytes' Anti-Malware 1.34
Database version: 1817
Windows 6.0.6000

3/4/2009 1:35:06 PM
mbam-log-2009-03-04 (13-35-06).txt

Scan type: Quick Scan
Objects scanned: 73693
Time elapsed: 7 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Harvey\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Harvey\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Harvey\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Harvey\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Harvey\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.

Not much, but before I class this as a hardware or software problem, I want to have a look around the machine.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  Link 3
  
• Double click DDS.scr to run
  
• When complete, DDS.txt will open.
  
• Save the report to your Desktop.
  
• Copy and paste DDS.txt back here, I don't need to see attach.txt.
  

Triple post.

Last edited by Belahzur on 4th March 2009, 9:56 pm; edited 1 time in total

Triple post.

Here it is:



DDS (Ver_09-02-01.01) - NTFSx86
Run by Harvey at 14:13:26.83 on Wed 03/04/2009
Internet Explorer: 7.0.6000.16681 BrowserJavaVersion: 1.6.0_11
Microsoft Windows Vista Ultimate 6.0.6000.0.1252.1.1033.18.2038.911 [GMT -8:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\CCM\CcmExec.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AIM\aim.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Harvey\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Harvey\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [Google Update] "c:\users\harvey\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: EnableLUA = 0 (0x0)
IE: {0A155D3C-68E2-4215-A47A-E800A446447A}
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\harvey\appdata\roaming\mozilla\firefox\profiles\svt63bv6.default\
FF - plugin: c:\users\harvey\appdata\local\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\users\harvey\appdata\roaming\mozilla\firefox\profiles\svt63bv6.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll

============= SERVICES / DRIVERS ===============

R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-4-10 50688]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-2-19 106496]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-4 38496]

=============== Created Last 30 ================

2009-03-04 13:26 --d----- c:\users\harvey\appdata\roaming\Malwarebytes
2009-03-04 13:26 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-04 13:26 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-04 13:26 --d----- c:\programdata\Malwarebytes
2009-03-04 13:26 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-04 13:26 --d----- c:\progra~2\Malwarebytes
2009-03-04 03:35 --d----- c:\program files\Trend Micro
2009-03-04 00:24 --d----- c:\programdata\Avira
2009-03-04 00:24 --d----- c:\program files\Avira
2009-03-04 00:24 --d----- c:\progra~2\Avira
2009-03-03 22:28 54,156 a---h--- c:\windows\QTFont.qfn
2009-03-03 22:28 1,409 a------- c:\windows\QTFont.for
2009-03-03 12:12 --d----- c:\programdata\Norton
2009-03-03 12:12 --d----- c:\progra~2\Norton
2009-03-03 12:09 --d----- c:\programdata\NortonInstaller
2009-03-03 12:09 --d----- c:\progra~2\NortonInstaller
2009-02-21 14:23 --d-h--- C:\$AVG8.VAULT$
2009-02-21 12:00 --d----- c:\programdata\avg8
2009-02-21 12:00 --d----- c:\program files\AVG
2009-02-21 12:00 --d----- c:\progra~2\avg8

==================== Find3M ====================

2009-03-04 02:36 5,386 a------- c:\windows\system32\PerfStringBackup.TMP
2009-03-04 02:12 352,615 a---h--- c:\windows\system32\drivers\vsconfig.xml
2009-03-04 01:58 86,016 a------- c:\windows\inf\infstrng.dat
2009-03-04 01:58 86,016 a------- c:\windows\inf\infstor.dat
2009-03-04 01:58 51,200 a------- c:\windows\inf\infpub.dat
2009-01-25 00:36 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-18 00:06 352,615 a---h--- c:\windows\system32\drivers\vsconfig(583).xml
2008-06-11 02:03 665,600 a------- c:\windows\inf\drvindex.dat
2007-10-22 03:49 1,805,306 a------- c:\program files\NOV2007_d3dx9_36_x64.cab
2007-10-22 03:49 867,848 a------- c:\program files\NOV2007_d3dx10_36_x64.cab
2007-10-22 03:49 1,712,608 a------- c:\program files\NOV2007_d3dx9_36_x86.cab
2007-10-22 03:49 807,132 a------- c:\program files\NOV2007_d3dx10_36_x86.cab
2007-10-22 03:49 200,010 a------- c:\program files\NOV2007_XACT_x64.cab
2007-10-22 03:49 151,512 a------- c:\program files\NOV2007_XACT_x86.cab
2007-10-22 03:49 49,392 a------- c:\program files\NOV2007_X3DAudio_x64.cab
2007-10-22 03:49 44,850 a------- c:\program files\dxdllreg_x86.cab
2007-10-22 03:49 21,744 a------- c:\program files\NOV2007_X3DAudio_x86.cab
2007-09-27 21:54 174 a--sh--- c:\program files\desktop.ini
2006-11-02 04:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 04:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 04:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 04:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 14:14:26.96 ===============

Doesn't look like malware to me.
Have you installed any new hardware recently?

No, I haven't gotten any new hardware since I bought my mouse, and that was like over 5 months ago. I just don't understand why each new Antivirus or Spyware removal continues to find new and different trojans or virus'. I thought the Avira Antivirus would wok but obviously after I downloaded malwarebytes it found trojans again. Is this normal? I mean do the programs actually delete the virus' or are they unable to do that and can only list them.

You shouldn't need more than one AV anyway, running 2 AV's is dangerous because the conflict.
I wouldn't say this is a malware problem.

I would consider opening an thread in our hardware section and copy and paste the BSOD error like you did here, the other techs of this forum know more in that area than I do.

Alright, well thanks for all the help.