Slow system / Avira warnings

[Animosity2]

So my system started running slow as molasses last week, and decided it was just too suspicious and out of the realm of ordinary. Also an odd number of links in my browsers were being redirected... Scanned with the stuff I had, and got nothing. D/l'd Malwarebytes and gave it a whirl, and found some files that it triggered. Told it to remove, said it needed to reboot, still there after the reboot. D/l'd Avira, and kept getting popups about a tr/cryptredol.18432.2.6 issue. Told it to delete, and use the same action, computer went blue screen on me. No change in safe mode either. Been using several programs, nothing is working for me. So figured it was time to call in the calvary.

File location:
C:\Windows\System32\geyekrcupijtpv.dll

I have also dowloaded every tool that has helped people in similar situations, so they're all ready to go.

DDS log:

DDS (Ver_09-06-26.01) - NTFSx86
Run by Chris at 19:50:24.52 on Tue 07/28/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1013.341 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\msfeedssync.exe
C:\Users\Chris\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
Trusted Zone: myuhc.com\www
DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: Internet Shortcut: {fbf23b40-e3f0-101b-8488-00aa003e56f8} - c:\windows\system32\ieframe.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\5as0iqpk.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\5as0iqpk.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\5as0iqpk.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-24 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot\SDWinSec.exe [2009-7-24 1153368]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
RUnknown lpxavx;lpxavx; [x]
S2 gupdate1c9bddd699feb40;Google Update Service (gupdate1c9bddd699feb40);c:\program files\google\update\GoogleUpdate.exe [2009-4-15 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-1-9 10976]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2007-4-2 17920]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2007-1-23 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2006-12-14 40832]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2009-5-29 17408]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\drivers\s125bus.sys [2007-4-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\drivers\s125mdfl.sys [2007-4-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\drivers\s125mdm.sys [2007-4-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s125mgmt.sys [2007-4-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\drivers\s125obex.sys [2007-4-24 98696]

=============== Created Last 30 ================

2009-07-28 19:24 <DIR> --d----- c:\programdata\F-Secure
2009-07-28 19:24 <DIR> --d----- c:\progra~2\F-Secure
2009-07-28 16:58 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-28 16:58 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-28 16:58 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-28 12:10 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-07-28 11:35 219,648 a------- c:\windows\PEV.exe
2009-07-28 11:35 161,792 a------- c:\windows\SWREG.exe
2009-07-28 11:35 98,816 a------- c:\windows\sed.exe
2009-07-27 19:44 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-27 19:43 <DIR> --d----- c:\programdata\McAfee
2009-07-27 19:31 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-07-27 19:26 <DIR> --d----- c:\program files\CCleaner
2009-07-25 18:31 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-07-25 18:31 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-07-25 18:30 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-25 18:30 <DIR> --d----- c:\users\chris\appdata\roaming\SUPERAntiSpyware.com
2009-07-25 18:29 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-25 13:12 <DIR> --d----- c:\users\chris\appdata\roaming\Malwarebytes
2009-07-25 13:12 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-25 13:12 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-24 23:04 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-07-24 23:04 <DIR> --d----- c:\program files\Spybot
2009-07-24 23:04 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-07-24 19:38 15,688 a------- c:\windows\system32\lsdelete.exe
2009-07-24 19:08 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-07-24 18:48 <DIR> -cd-h--- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-24 18:48 <DIR> -cd-h--- c:\progra~2\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-24 18:47 <DIR> --d----- c:\programdata\Lavasoft
2009-07-24 18:47 <DIR> --d----- c:\program files\Lavasoft
2009-07-24 17:51 <DIR> --d----- c:\programdata\11761494
2009-07-24 17:51 <DIR> --d----- c:\progra~2\11761494
2009-07-21 23:46 <DIR> --d----- c:\users\chris\appdata\roaming\Autodesk
2009-07-21 20:27 <DIR> --d----- c:\program files\common files\Autodesk Shared
2009-07-21 16:47 <DIR> --d----- c:\program files\Autodesk
2009-07-19 16:00 86,016 a------- c:\windows\system32\custmon32.dll
2009-07-19 16:00 <DIR> --d----- c:\program files\gs
2009-07-19 15:59 <DIR> --d----- c:\program files\SmartDraw PDF Filter
2009-07-17 12:09 <DIR> --d----- c:\users\chris\appdata\roaming\SmartDraw
2009-07-16 01:25 <DIR> --d----- c:\program files\AVG
2009-07-16 01:25 <DIR> --d----- c:\programdata\avg8
2009-07-16 01:25 <DIR> --d----- c:\progra~2\avg8
2009-07-15 23:46 <DIR> --d----- c:\programdata\WinZip
2009-07-15 17:41 <DIR> --d----- c:\program files\iPod
2009-07-15 17:41 <DIR> --d----- c:\program files\iTunes
2009-07-15 11:00 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-15 11:00 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-15 11:00 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-15 11:00 23,552 a------- c:\windows\system32\lpk.dll
2009-07-15 11:00 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-14 21:49 <DIR> --d----- c:\users\chris\.gegl-0.0
2009-07-04 15:46 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf
2009-06-30 00:58 <DIR> --d----- c:\program files\common files\DivX Shared

==================== Find3M ====================

2009-06-29 11:22 75,616 a------- c:\users\chris\appdata\roaming\GDIPFONTCACHEV1.DAT
2009-06-26 09:21 143,360 a------- c:\windows\inf\infstor.dat
2009-06-26 09:21 51,200 a------- c:\windows\inf\infpub.dat
2009-06-26 09:21 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-27 20:54 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-09 01:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 01:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-01 17:02 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-01 17:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 17:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 17:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 17:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 17:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 17:02 685,056 a------- c:\windows\system32\DivX.dll
2008-03-20 21:56 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 19:53:47.70 ===============

[Animosity2]

Someone lock this thread for me...

I said f*** it and decided to reinstall Vista. When I popped the upgrade CD in and booted from it, there was an option to repair windows. One of the repair options was a command prompt. Clicked it, and VOILA!!!

Every file was available, even hidden ones. Used to log from a previous scan of SysProt that had all of the infected files and went through and deleted them all. Rebooted, Malwarebytes found 1 other file that was infected and removed it. Now everything is back to normal, passes all scans by ALL programs that I downloaded ot combat this thing.

Tip for everyone with issues:
Try to get yourself a copy of you OS install disk, or possible the UBCD. Anything you can boot from to a clean prompt. Using one of your logs, you can clear the majority of your infection quickly and easily, at least to a point where the scanner can actually remove them properly and permanently.

I spent almost a week fighting this darn thing, and fixed it in 5 minutes and 2 reboots!