Here's the combofix log as requested: since I have reboot the computer back to normal no threats have been detected by AVG yet and PC seems to be running normal but waiting for more threats to occur if any.
ComboFix 12-05-04.03 - Brendan 05/05/2012 19:22:05.2.1 - x86 NETWORK
Running from: c:\downloads\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\5BFDE0D65F999626.log
.
.
((((((((((((((((((((((((( Files Created from 2012-04-05 to 2012-05-05 )))))))))))))))))))))))))))))))
.
.
2012-05-05 04:25 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-05-04 03:17 . 2012-05-04 03:17 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-05-03 23:34 . 2005-11-08 14:26 38400 ----a-w- c:\windows\system32\moveex.exe
2012-05-03 23:02 . 2012-05-03 23:02 -------- d-----w- C:\VundoFix Backups
2012-05-03 09:04 . 2012-05-03 09:06 -------- d-----w- c:\documents and settings\Brendan\Application Data\Xuwal
2012-05-03 09:04 . 2012-05-03 09:05 -------- d-----w- c:\documents and settings\Brendan\Application Data\Xiqiq
2012-05-03 09:04 . 2012-05-03 09:05 -------- d-----w- c:\documents and settings\Brendan\Application Data\Egoles
2012-05-03 09:04 . 2012-05-03 09:04 -------- d-----w- c:\documents and settings\Brendan\Application Data\Hyeml
2012-04-18 12:10 . 2012-05-03 00:22 -------- d-----w- c:\documents and settings\Brendan\Application Data\Nitro PDF
2012-04-18 12:06 . 2011-10-25 05:50 17704 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-04-18 12:06 . 2011-10-25 05:50 26408 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-04-18 12:06 . 2012-04-18 12:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Nitro PDF
2012-04-18 12:06 . 2012-04-18 12:06 -------- d-----w- c:\program files\Nitro PDF
2012-04-18 12:06 . 2012-04-18 12:06 -------- d-----w- c:\program files\Common Files\Nitro PDF
2012-04-18 12:04 . 2012-04-18 12:04 -------- d-----w- c:\documents and settings\Brendan\Application Data\Downloaded Installations
2012-04-18 00:48 . 2003-06-27 08:54 57344 ----a-w- c:\windows\CTREBOOT.EXE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-14 23:34 . 2007-04-23 12:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-14 23:34 . 2012-01-06 08:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen 3.5"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2006-07-08 1101824]
"NOMAD Detector"="c:\program files\Creative\SBLive\PlayCenter2\CTNMRun.exe" [2002-03-04 18432]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 1867888]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-01-14 4697024]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-28 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Disc Detector"="c:\program files\Creative\ShareDLL\CtNotify.exe" [2001-12-25 191488]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-11-04 90112]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 827392]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-06-01 7618560]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-06-01 86016]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]
"Ashampoo HDD Control Guard"="c:\program files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe" [2010-11-01 4085080]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2012-01-31 26264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
erzi.exe [2012-5-3 137728]
loetir.exe [2012-5-3 215079]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
oxez.exe [2012-5-3 137728]
vafi.exe [2012-5-3 215079]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-5-18 24576]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2008-04-09 10:14 136472 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2008-04-09 10:23 909208 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-02-11 05:36 133104 ----atw- c:\documents and settings\Brendan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 00:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-26 11:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
2002-06-03 01:38 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE\opware32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-03-23 03:20 227328 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2008-04-09 10:11 2595792 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NOMAD Detector"="c:\program files\Creative\SBLive\PlayCenter2\CTNMRun.exe"
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Brendan\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-06 248656]
R1 FNETDEVI;FNETDEVI;c:\windows\system32\drivers\FNETDEVI.SYS [2008-08-05 19572]
R1 sonypvd2;sonypvd2;c:\windows\system32\DRIVERS\sonypvd2.sys [2003-06-24 64093]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [2011-03-09 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-07 269520]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R2 Icecast-trunk;Icecast-trunk Streaming Media Server;c:\program files\Icecast2 Win32\icecastService.exe [2008-05-24 417792]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-09-21 110752]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [2011-10-25 196904]
R2 Vqtfk;Vqtfk;c:\windows\System32\Vqtfk.sys [1999-08-11 19936]
R3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2010-07-11 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-09 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-09 27216]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 7\Dfsdks.exe [2009-08-24 406016]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\Pcouffin.sys [2008-09-07 47360]
R3 pctplsg;pctplsg;c:\windows\SYSTEM32\DRIVERS\pctplsg.sys [x]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2003-09-16 152576]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-01-11 27168]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-01-11 27168]
S0 Achernar;Achernar - SCSI Command Filters;c:\windows\System32\Drivers\Achernar.sys [2005-09-23 16855]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-21 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S0 hotcore2;hotcore2;c:\windows\system32\drivers\hotcore2.sys [2007-02-02 30808]
S0 sonypvl2;sonypvl2; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-07-11 682232]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]
S1 sonypvf2;sonypvf2; [x]
S1 sonypvt2;sonypvt2; [x]
S3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\System32\Drivers\Aldebaran.sys [2005-09-23 21808]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2010-07-11 30432]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 04484856
*Deregistered* - 04484856
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
MaxtorFrontPanel1
zntport
Udfreadr_xp
sfhlp01
usbsermpt
ncupdatesvc
avgfwsrv
tzontservice
gemserv
ccsetmgr
Maplom
RAPIProtocol
BrSerIf
oraclesnmppeermasteragent
SE27mgmt
svv
CdaD10BA
icollectservice
siside
transcode360
asusgsb
CBTNDIS5
CTEDSPFX.DLL
imagedrv
prodrv06
dns4meclient
cobbmservice
umpusbxp
TNaviSrv
crystalaps
bthenum
cpntsrv
lilsgt
mafwboot
prevxagent
vaiomediaplatform-mobile-gateway
IBM_LLC2
ipsecmon
authsyssvc
btfirst
pcctlcom
aexnsclienttransport
iAimTV5
avcgbdr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 05:32 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 00:50]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 00:50]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2392070450-808398348-4156111588-1009Core.job
- c:\documents and settings\Brendan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-13 05:36]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2392070450-808398348-4156111588-1009UA.job
- c:\documents and settings\Brendan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-13 05:36]
.
2004-02-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 08:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 0<local>;localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Inbox Search - tbr:iemenu
TCP: DhcpNameServer = 192.168.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Inbox\ctbr.dll
DPF: {860D5AAC-D059-4C9F-93D3-3FD6FBB6872F} - hxxp://icebergradio.com/aurora/1.0.2.259/client.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2012-05-05 19:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = c:\program files\Creative\ShareDLL\CtNotify.exe?X???????????????????E?@?Disc Detector?A????? ?A?P?????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A???????B???@?????P?????@?????????~?B~??????????@???????????????????B??????????????????????????`??????r?B
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet012\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2392070450-808398348-4156111588-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1064)
c:\windows\System32\ctmp3.acm
c:\windows\system32\ITIG726.acm
c:\windows\system32\sirenacm.dll
c:\windows\system32\vct3216.acm
c:\windows\system32\vct3216.dll
c:\windows\system32\MSMS001.vwp
c:\windows\system32\Mvoice.vwp
c:\windows\system32\scg726.acm
c:\windows\system32\alf2cd.acm
c:\windows\system32\ac3acm.acm
c:\windows\system32\lameACM.acm
c:\windows\system32\IEFRAME.dll
.
- - - - - - - > 'lsass.exe'(1136)
c:\windows\system32\relog_ap.dll
.
Completion time: 2012-05-05 19:40:43
ComboFix-quarantined-files.txt 2012-05-05 09:40
ComboFix2.txt 2012-05-05 05:20
ComboFix3.txt 2008-08-20 11:22
.
Pre-Run: 31,611,555,840 bytes free
Post-Run: 31,594,872,832 bytes free
.
- - End Of File - - 58149121D59E3B522DF21D6F0B2D1DA0