Nope you have malware - at one stage you disabled it by MSConfig - but it is back. Probably from the infected USB you are using
On completion of this fix int the folder C:_OTS will be a zip file please upload to Mediafire and post the sharing link.
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\user\Application Data\Mozilla\FireFox\Profiles\q8pt8r8q.default\prefs.js
YN -> extensions.enabledItems -> seo4firefox@seobook.com:3.3.0
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68}" [HKLM] -> [FireShot]
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
YN -> "C:\Documents and Settings\user\Application Data\gmcevcadereoc3idypgpkvqeztnwcai2\csrss.exe" ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\DOCUME~1\user\LOCALS~1\Temp\0.8108138830993659.exe" -> [C:\DOCUME~1\user\LOCALS~1\Temp\0.8108138830993659.exe:*:Enabled:ldrsoft]
YN -> "C:\Documents and Settings\user\Application Data\gmcevcadereoc3idypgpkvqeztnwcai2\csrss.exe" -> [C:\Documents and Settings\user\Application Data\gmcevcadereoc3idypgpkvqeztnwcai2\csrss.exe:*:Enabled:ldrsoft]
YY -> "C:\Documents and Settings\user\Application Data\xunmzwyrji2tbauviodtwo3bvcrpc2ui2\svcnost.exe" -> C:\Documents and Settings\user\Application Data\xunmzwyrji2tbauviodtwo3bvcrpc2ui2\svcnost.exe [C:\Documents and Settings\user\Application Data\xunmzwyrji2tbauviodtwo3bvcrpc2ui2\svcnost.exe:*:Enabled:ldrsoft]
YY -> "C:\Documents and Settings\user\Application Data\xyauoftiibdow2teeazn2vfatcdl1uqx2\svcnost.exe" -> C:\Documents and Settings\user\Application Data\xyauoftiibdow2teeazn2vfatcdl1uqx2\svcnost.exe [C:\Documents and Settings\user\Application Data\xyauoftiibdow2teeazn2vfatcdl1uqx2\svcnost.exe:*:Enabled:ldrsoft]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{410dc580-c644-11de-adaa-000cf14c9661} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{410dc580-c644-11de-adaa-000cf14c9661}\Shell\AutoRun\command ->
YN -> \{410dc580-c644-11de-adaa-000cf14c9661}\Shell\AutoRun\command\\"" -> [H:\fooool.exe]
YN -> \{410dc580-c644-11de-adaa-000cf14c9661} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{410dc580-c644-11de-adaa-000cf14c9661}\Shell\explore\Command ->
YN -> \{410dc580-c644-11de-adaa-000cf14c9661}\Shell\explore\Command\\"" -> [H:\fooool.exe]
YN -> \{410dc580-c644-11de-adaa-000cf14c9661} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{410dc580-c644-11de-adaa-000cf14c9661}\Shell\open\Command ->
YN -> \{410dc580-c644-11de-adaa-000cf14c9661}\Shell\open\Command\\"" -> [H:\fooool.exe]
YN -> \{6436358c-78fa-11dd-9100-d5cd3b9a4bd9} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6436358c-78fa-11dd-9100-d5cd3b9a4bd9}\Shell\AutoRun\command ->
YN -> \{6436358c-78fa-11dd-9100-d5cd3b9a4bd9}\Shell\AutoRun\command\\"" -> [F:\nideiect.com]
YN -> \{6436358c-78fa-11dd-9100-d5cd3b9a4bd9} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6436358c-78fa-11dd-9100-d5cd3b9a4bd9}\Shell\explore\Command ->
YN -> \{6436358c-78fa-11dd-9100-d5cd3b9a4bd9}\Shell\explore\Command\\"" -> [F:\nideiect.com]
YN -> \{6436358c-78fa-11dd-9100-d5cd3b9a4bd9} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6436358c-78fa-11dd-9100-d5cd3b9a4bd9}\Shell\open\Command ->
YN -> \{6436358c-78fa-11dd-9100-d5cd3b9a4bd9}\Shell\open\Command\\"" -> [F:\nideiect.com]
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YY -> mssend hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Documents and Settings\user\Application Data\xyauoftiibdow2teeazn2vfatcdl1uqx2\svcnost.exe
[Files/Folders - Created Within 30 Days]
NY -> xyauoftiibdow2teeazn2vfatcdl1uqx2 -> C:\Documents and Settings\user\Application Data\xyauoftiibdow2teeazn2vfatcdl1uqx2
NY -> xunmzwyrji2tbauviodtwo3bvcrpc2ui2 -> C:\Documents and Settings\user\Application Data\xunmzwyrji2tbauviodtwo3bvcrpc2ui2
NY -> gmce111111111111111 -> C:\Documents and Settings\user\Application Data\gmce111111111111111
NY -> oaozxuztvzinbabzpnpkusxxxdwoveo2 -> C:\Documents and Settings\user\Application Data\oaozxuztvzinbabzpnpkusxxxdwoveo2
NY -> iDkCbDc24400 -> C:\Documents and Settings\All Users\Application Data\iDkCbDc24400
[File - Lop Check]
NY -> iDkCbDc24400 -> C:\Documents and Settings\All Users\Application Data\iDkCbDc24400
NY -> Tarma Installer -> C:\Documents and Settings\All Users\Application Data\Tarma Installer
NY -> gmce111111111111111 -> C:\Documents and Settings\user\Application Data\gmce111111111111111
NY -> xunmzwyrji2tbauviodtwo3bvcrpc2ui2 -> C:\Documents and Settings\user\Application Data\xunmzwyrji2tbauviodtwo3bvcrpc2ui2
NY -> xyauoftiibdow2teeazn2vfatcdl1uqx2 -> C:\Documents and Settings\user\Application Data\xyauoftiibdow2teeazn2vfatcdl1uqx2
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
[ZipFiles]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.