think i have win32/zbot

[lmrcpr]

Hi,
A few months ago my pc started directing me to add sites when I searched for anything. The AVG scan found problems and cleared them so I though it was ok. The night before last I kept getting AVG warnings about files containing win32/zbot. The pc would not run spybot search and destroy to start with and would not allow me to run in safe mode. It was also comming up with a page not found message for several sites including microsoft this site and avg.
I've since done a AVG rootkits scan that said it had removed 4 problems. Search and destroy is now running but said there was one thing it could not fix.
Here is the dds results. I didn't have the search and destroy results as it would not allow me on this site earlier so I didn't know I needed it. Thank you.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Run by CPR at 0:59:14 on 2011-09-03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.93 [GMT 1:00]
.
AV: BullGuard Antivirus *Enabled/Updated* {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: BullGuard Firewall *Disabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\SvcHost.exe -k BullGuard_Main
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
svchost.exe
C:\WINDOWS\System32\SvcHost.exe -k BullGuard
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\RegCure\RegCure.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\documents and settings\cpr\local settings\application data\qsosldmb\yvgfvgvo.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [YvgFvgvo] c:\documents and settings\cpr\local settings\application data\qsosldmb\yvgfvgvo.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Gainward] "c:\program files\xpertvision\TBPanel.exe" /A
mRun: [nwiz] "nwiz.exe" /install
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Microsoft Works Update Detection] "c:\program files\common files\microsoft shared\works shared\WkUFind.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRunOnce: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\windows\system32\BGLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{3676FF3D-A78C-4CDA-ACE6-868255941027} : DhcpNameServer = 192.168.0.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\cpr\application data\mozilla\firefox\profiles\pkhj6d1o.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.sky.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc68f0b&v=7.007.026.001&i=23&tp=ab&iy=b&ychte=uk&lng=en-US&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\bullguard ltd\bullguard\antiphishing\ff\antiphishing@bullguard\components\BGFFComponent.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Gamers Unite! Snag Bar: {afe43e80-0abc-4df2-81a0-3fe44b74abe8} - %profile%\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Security Toolbar em:version=7.007.026.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
FF - Ext: XULRunner: {C7587CE6-6C7A-40C5-ACFF-775134790365} - c:\documents and settings\cpr\local settings\application data\{C7587CE6-6C7A-40C5-ACFF-775134790365}
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: BullGuard Safe Browsing: antiphishing@bullguard - c:\program files\bullguard ltd\bullguard\antiphishing\ff\antiphishing@bullguard
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-15 64160]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
R1 BdSpy;BdSpy;c:\windows\system32\drivers\BdSpy.sys [2010-12-16 64608]
R1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\drivers\NSKernel.sys [2010-12-21 789448]
R1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\drivers\NSNetmon.sys [2010-12-21 19272]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 BsBhvScan;BullGuard behavioural detection service;c:\program files\bullguard ltd\bullguard\BullGuardBhvScanner.exe [2010-12-17 338264]
R2 BsBrowser;BullGuard antiphishing service;c:\windows\system32\SvcHost.exe -k BullGuard_LowPriv [2009-6-15 14336]
R2 BsFileScan;BullGuard on-access service;c:\windows\system32\SvcHost.exe -k BullGuard [2009-6-15 14336]
R2 BsFire;BullGuard firewall service;c:\windows\system32\SvcHost.exe -k BullGuard [2009-6-15 14336]
R2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\system32\SvcHost.exe -k BullGuard [2009-6-15 14336]
R2 BsMain;BullGuard main service;c:\windows\system32\SvcHost.exe -k BullGuard_Main [2009-6-15 14336]
R2 BsUpdate;BullGuard update service;c:\program files\bullguard ltd\bullguard\BullGuardUpdate.exe [2010-11-26 320344]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2010-10-12 34280]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2010-10-12 267624]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 BsScanner;BullGuard scanning service;c:\program files\bullguard ltd\bullguard\BullGuardScanner.exe [2010-11-23 288088]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-11-15 38224]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 287232]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-14 1025352]
S4 BgRaSvc;BgRaSvc;c:\program files\bullguard ltd\bullguard\support\BgRaSvc.exe [2010-11-26 125784]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-2 1036104]
S4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-6-15 14336]
.
=============== Created Last 30 ================
.
2011-09-02 22:34:06 4224 ----a-w- c:\windows\system32\drivers\RDPCDD.sys
2011-09-02 11:07:42 -------- d--h--w- C:\$AVG
2011-09-02 09:52:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-09-02 09:52:33 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-09-02 00:04:40 -------- d-----w- c:\program files\Trend Micro
2011-09-01 23:58:42 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-09-01 23:57:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2011-09-01 23:57:20 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-09-01 23:57:14 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-09-01 23:56:05 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-09-01 23:56:05 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-09-01 23:56:02 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-09-01 23:56:01 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-09-01 23:56:01 110592 -c----w- c:\windows\system32\dllcache\services.exe
2011-09-01 23:56:00 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-09-01 23:56:00 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-09-01 23:55:59 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-09-01 23:55:58 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2011-09-01 23:55:57 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-09-01 23:55:57 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-09-01 23:55:54 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-09-01 23:55:53 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-09-01 23:55:50 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-09-01 23:54:38 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-09-01 23:52:25 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-09-01 23:52:00 2560 ------w- c:\windows\system32\xpsp4res.dll
2011-09-01 22:20:06 -------- d-----w- c:\windows\system32\scripting
2011-09-01 22:20:04 -------- d-----w- c:\windows\l2schemas
2011-09-01 22:20:03 -------- d-----w- c:\windows\system32\en
2011-09-01 22:20:02 -------- d-----w- c:\windows\system32\bits
2011-09-01 22:03:57 -------- d-----w- c:\windows\network diagnostic
2011-09-01 21:55:19 -------- d-----w- c:\windows\EHome
2011-09-01 16:33:11 -------- d-----w- c:\program files\Steam
2011-09-01 11:08:48 166872 ------w- c:\program files\mozilla firefox\softokn3.dll
2011-09-01 11:08:42 105432 ------w- c:\program files\mozilla firefox\nssdbm3.dll
2011-09-01 11:08:38 269272 ------w- c:\program files\mozilla firefox\freebl3.dll
2011-09-01 09:22:51 -------- d-----w- c:\documents and settings\cpr\application data\Software Inspection Library
2011-09-01 07:05:21 304712 ----a-w- c:\windows\system32\drivers\Trufos.sys
2011-09-01 06:50:00 -------- d-----w- c:\documents and settings\cpr\application data\BullGuard
2011-09-01 06:46:28 -------- d-----w- c:\documents and settings\all users\application data\BullGuard
2011-09-01 06:45:46 -------- d-----w- c:\program files\BullGuard Ltd
2011-08-31 20:00:57 -------- d-----w- c:\documents and settings\cpr\local settings\application data\qsosldmb
2011-08-31 19:59:42 0 ----a-w- c:\documents and settings\cpr\0.3191063280485381.exe
2011-08-10 11:31:36 -------- d-----w- c:\documents and settings\cpr\local settings\application data\WMTools Downloaded Files
.
==================== Find3M ====================
.
2011-09-01 06:59:54 100184 ----a-w- c:\windows\system32\BgGamingMonitor.dll
2011-09-01 06:59:15 155992 ----a-w- c:\windows\system32\BGLsp.dll
2011-09-01 06:59:02 789448 ----a-w- c:\windows\system32\drivers\NSKernel.sys
2011-09-01 06:59:02 19272 ----a-w- c:\windows\system32\drivers\NSNetmon.sys
2011-09-01 06:58:41 64608 ----a-w- c:\windows\system32\drivers\BdSpy.sys
.
============= FINISH: 1:00:27.75 ===============

[Cypher]

Hi and welcome to Safer Networking Forums.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.

• The instructions being given are for YOUR computer and system only!.
  Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
• If you don't know or understand something, please don't hesitate to ask.
• Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
• Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
  Absence of symptoms does not mean that everything is clear.
• Please DO NOT run any other tools or scans whilst I am helping you.
• Please DO NOT install any other software (or hardware) during the cleaning process.
• Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
• Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic READ this Procedure BEFORE Requesting Assistance where the conditions for receiving help here are explained.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.


We need to disable TeaTimer as its protection will interfere with fixes.
It can be re-enabled once the computer is clean.

1. Open Spybot-S&D in Advanced Mode.
2. If it is not already set to do this go to the "Mode" menu and select "Advanced Mode".
3. On the left hand side, click on "Tools".
4. Then click on the Resident Icon in the List.
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

Next.

multiple Anti Virus programs

• It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:
  

  BullGuard Antivirus
  AVG Anti-Virus Free Edition 2011

• Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
• Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.
  
• Please remove one of them.

Next.

Please download OTL by Old Timer and save it to your Desktop.

• Double click on OTL.exe to run it.
• Under Output, ensure that Minimal Output is selected.
• Under Extra Registry section, select Use SafeList.
• Click the Scan All Users checkbox.
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
  
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
• Please post the contents of these 2 Notepad files in your next reply.

Next.

TDSSKiller

Please download TDSSKiller.exe and save it to your Desktop.

• Double click on TDSSKiller.exe to launch it.
• Click on Start Scan, the scan will run.
• When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
• Now click on Report to open the log file created by TDSSKiller in your root directory C:\
• To find the log go to Start > Computer > C:
• Post the contents of that log in your next reply please.
• DO NOT TRY TO FIX ANYTHING AT THIS POINT

Logs/Information to Post in your Next Reply

• OTL.txt and Extra.txt contents.
• TDSSKiller log..

[lmrcpr]

thanks for your help here are the logs you asked for
OTL.txt

OTL logfile created on: 04/09/2011 21:32:03 - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\CPR\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.23 Mb Total Physical Memory | 348.13 Mb Available Physical Memory | 34.02% Memory free
2.40 Gb Paging File | 1.82 Gb Available in Paging File | 75.60% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 162.66 Gb Free Space | 69.85% Space Free | Partition Type: NTFS
Drive H: | 2.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: YABADABA-ED7B9E | User Name: CPR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\CPR\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\RegCure\RegCure.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe ()
MOD - C:\Program Files\Mozilla Firefox\js3250.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\RegCure\zlibwapi.dll ()
MOD - C:\Program Files\RegCure\RegCure.exe ()
MOD - C:\Program Files\RegCure\AutoUpdate.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()


========== Win32 Services (SafeList) ==========

SRV - (WMPNetworkSvc) -- File not found
SRV - (NMIndexingService) -- File not found
SRV - (NBService) -- File not found
SRV - (IDriverT) -- File not found
SRV - (BgRaSvc) -- File not found
SRV - (vToolbarUpdater) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe ()
SRV - (avgfws) -- C:\Program Files\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)


========== Driver Services (SafeList) ==========

DRV - (Trufos) -- C:\WINDOWS\system32\drivers\Trufos.sys (BitDefender S.R.L.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\wg111v3.sys (Realtek Semiconductor Corporation )
DRV - (TBPanel) -- C:\WINDOWS\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (Cardex) -- C:\WINDOWS\system32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (nvcap) nVidia WDM Video Capture (universal) -- C:\WINDOWS\system32\drivers\NVCAP.SYS (NVIDIA Corporation)
DRV - (NVXBAR) -- C:\WINDOWS\system32\drivers\NVXBAR.SYS (NVIDIA Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1202660629-1844823847-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1202660629-1844823847-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.sky.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: avg@igeared:7.007.026.001
FF - prefs.js..extensions.enabledItems: {C7587CE6-6C7A-40C5-ACFF-775134790365}:1.9.1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1787
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cc68f0b&v=7.007.026.001&i=23&tp=ab&iy=b&ychte=uk&lng=en-US&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/08/17 23:16:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{C7587CE6-6C7A-40C5-ACFF-775134790365}: C:\Documents and Settings\CPR\Local Settings\Application Data\{C7587CE6-6C7A-40C5-ACFF-775134790365} [2010/11/30 17:38:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/09/03 22:30:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/04 19:52:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/01 20:08:16 | 000,000,000 | ---D | M]

[2009/10/27 00:12:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CPR\Application Data\Mozilla\Extensions
[2009/10/27 00:12:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CPR\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/09/04 19:32:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CPR\Application Data\Mozilla\Firefox\Profiles\pkhj6d1o.default\extensions
[2010/07/26 22:09:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\CPR\Application Data\Mozilla\Firefox\Profiles\pkhj6d1o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/19 09:23:56 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\CPR\Application Data\Mozilla\Firefox\Profiles\pkhj6d1o.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/09/12 20:58:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CPR\Application Data\Mozilla\Firefox\Profiles\pkhj6d1o.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/09/03 22:30:23 | 000,003,674 | ---- | M] () -- C:\Documents and Settings\CPR\Application Data\Mozilla\Firefox\Profiles\pkhj6d1o.default\searchplugins\avg-secure-search.xml
[2010/10/24 19:24:04 | 000,001,751 | -H-- | M] () -- C:\Documents and Settings\CPR\Application Data\Mozilla\Firefox\Profiles\pkhj6d1o.default\searchplugins\search-the-web.xml
[2011/09/04 08:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/30 17:38:23 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\CPR\LOCAL SETTINGS\APPLICATION DATA\{C7587CE6-6C7A-40C5-ACFF-775134790365}
[2011/08/17 23:16:56 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.007.026.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/09/03 22:30:32 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2009/08/05 16:50:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2009/11/16 18:02:31 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKU\S-1-5-21-1202660629-1844823847-839522115-1004\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe (Xpertvision, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-1844823847-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3676FF3D-A78C-4CDA-ACE6-868255941027}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\CPR\Local Settings\Application Data\qsosldmb\yvgfvgvo.exe) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\CPR\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\CPR\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/12 11:15:58 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/30 09:30:42 | 000,000,154 | R--- | M] () - H:\autorun.cfg -- [ UDF ]
O32 - AutoRun File - [2008/11/27 13:02:24 | 000,214,280 | R--- | M] (Sports Interactive) - H:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2006/09/11 14:26:42 | 000,000,027 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/04 21:10:51 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\CPR\Desktop\OTL.exe
[2011/09/03 22:30:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/09/03 22:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/09/03 22:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011/09/03 22:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CPR\Application Data\AVG2012
[2011/09/03 22:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/09/03 03:06:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/09/03 00:59:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\CPR\Start Menu\Programs\Administrative Tools
[2011/09/03 00:58:57 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\CPR\Desktop\dds.scr
[2011/09/02 21:41:16 | 003,894,928 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\CPR\Desktop\avg_free_stb_all_2012_1796_cnet.exe
[2011/09/02 12:07:42 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/09/02 11:47:43 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/09/02 11:45:34 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/09/02 11:41:17 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/09/02 11:37:38 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/09/02 11:36:22 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/09/02 11:31:58 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/09/02 11:18:27 | 000,454,120 | ---- | C] (CBS Interactive) -- C:\Documents and Settings\CPR\Desktop\cnet_rt60ln90_exe.exe
[2011/09/02 10:52:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/09/02 10:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/09/02 10:52:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/09/02 10:49:49 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\CPR\Desktop\spybotsd162.exe
[2011/09/02 01:11:00 | 030,068,760 | ---- | C] (IObit ) -- C:\Documents and Settings\CPR\Desktop\asc4-setup-aff.exe
[2011/09/02 01:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CPR\Start Menu\Programs\HiJackThis
[2011/09/02 01:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/09/02 00:58:42 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011/09/02 00:57:50 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2011/09/02 00:57:20 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/09/02 00:57:14 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2011/09/02 00:56:05 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2011/09/02 00:56:05 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2011/09/02 00:55:58 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2011/09/02 00:55:54 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011/09/02 00:55:53 | 002,192,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/09/02 00:55:50 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011/09/02 00:54:38 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2011/09/02 00:52:25 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2011/09/02 00:35:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/09/01 23:20:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/09/01 23:20:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/09/01 23:20:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/09/01 23:20:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/09/01 23:03:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/09/01 22:55:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/09/01 22:55:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2011/09/01 20:09:53 | 013,975,408 | ---- | C] (Mozilla) -- C:\Documents and Settings\CPR\Desktop\Firefox Setup 6.0.1.exe
[2011/09/01 17:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Steam
[2011/09/01 17:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011/09/01 10:22:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CPR\Application Data\Software Inspection Library
[2011/09/01 08:05:21 | 000,304,712 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys
[2011/08/31 21:00:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CPR\Local Settings\Application Data\qsosldmb
[2011/08/10 12:31:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CPR\Local Settings\Application Data\WMTools Downloaded Files
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[16 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/04 21:28:09 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2011/09/04 21:28:09 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2011/09/04 21:27:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/04 21:10:52 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CPR\Desktop\OTL.exe
[2011/09/04 18:57:00 | 102,737,273 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/04 17:00:05 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/09/04 03:40:05 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2011/09/03 22:40:31 | 000,660,847 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/09/03 22:30:32 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/09/03 19:25:00 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\CPR\Local Settings\Application Data\prvlcl.dat
[2011/09/03 10:03:24 | 000,000,918 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Football Manager 2010.lnk
[2011/09/03 03:49:08 | 000,237,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/03 03:31:14 | 000,435,776 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/03 03:31:14 | 000,068,480 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/03 03:20:40 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/03 00:58:57 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\CPR\Desktop\dds.scr
[2011/09/02 23:35:39 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/02 23:00:48 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\CPR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/02 21:41:22 | 003,894,928 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\CPR\Desktop\avg_free_stb_all_2012_1796_cnet.exe
[2011/09/02 11:19:58 | 000,454,120 | ---- | M] (CBS Interactive) -- C:\Documents and Settings\CPR\Desktop\cnet_rt60ln90_exe.exe
[2011/09/02 10:53:01 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\CPR\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/02 10:53:01 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\CPR\Desktop\Spybot - Search & Destroy.lnk
[2011/09/02 10:50:51 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\CPR\Desktop\spybotsd162.exe
[2011/09/02 01:17:08 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI
[2011/09/02 01:15:54 | 030,068,760 | ---- | M] (IObit ) -- C:\Documents and Settings\CPR\Desktop\asc4-setup-aff.exe
[2011/09/02 01:04:03 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\CPR\Desktop\HijackThis.msi
[2011/09/01 23:03:18 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/09/01 20:12:36 | 013,975,408 | ---- | M] (Mozilla) -- C:\Documents and Settings\CPR\Desktop\Firefox Setup 6.0.1.exe
[2011/09/01 18:18:52 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2011/09/01 17:33:17 | 000,001,872 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2011/09/01 11:43:36 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/09/01 07:58:36 | 000,304,712 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys
[2011/08/31 20:59:42 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\CPR\0.3191063280485381.exe
[2011/08/23 19:58:17 | 000,000,071 | ---- | M] () -- C:\Documents and Settings\CPR\default.pls
[2011/08/17 07:49:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/10 12:32:59 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/08/09 21:35:55 | 000,038,677 | ---- | M] () -- C:\Documents and Settings\CPR\My Documents\Firestone golf.htm
[2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[16 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/03 22:30:32 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/09/02 10:53:01 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\CPR\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/02 10:53:01 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\CPR\Desktop\Spybot - Search & Destroy.lnk
[2011/09/02 01:04:01 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\CPR\Desktop\HijackThis.msi
[2011/09/01 17:33:17 | 000,001,872 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2011/08/31 20:59:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\CPR\0.3191063280485381.exe
[2011/08/09 21:35:51 | 000,038,677 | ---- | C] () -- C:\Documents and Settings\CPR\My Documents\Firestone golf.htm
[2011/07/06 00:05:59 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/06/02 18:39:00 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18013988r
[2011/06/02 18:39:00 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18013988
[2011/06/02 18:38:56 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18013988
[2010/11/30 17:38:24 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Tbifocacezaf.dat
[2010/11/30 17:38:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mqefaxuhijuc.bin
[2010/11/12 11:57:23 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2010/09/12 21:05:56 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/09/12 21:05:56 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/09/02 17:40:30 | 000,411,992 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/25 16:52:22 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/12/10 19:42:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/20 12:08:10 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\CPR\Local Settings\Application Data\prvlcl.dat
[2009/09/20 20:20:59 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2009/09/07 13:32:46 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2009/08/17 11:12:36 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\CPR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/01 20:11:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/27 08:49:47 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/17 13:06:07 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/06/17 13:06:07 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/06/17 12:38:40 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/06/16 22:33:58 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/06/15 22:58:10 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/06/15 22:58:04 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/06/15 22:58:04 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/06/15 22:58:03 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/06/15 22:58:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/06/15 22:57:47 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/06/15 22:57:47 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/06/15 22:57:32 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/06/15 22:57:13 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2009/06/15 20:00:29 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2009/06/15 19:52:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/15 19:46:59 | 000,237,552 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/15 19:24:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/15 19:05:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/15 19:00:47 | 000,022,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/10/05 06:59:49 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/10/05 06:59:49 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/10/05 06:59:49 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/10/05 06:59:49 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/10/05 06:59:49 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/10/05 06:59:49 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/10/05 06:59:49 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/10/05 06:59:49 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/02/28 13:00:00 | 000,435,776 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 13:00:00 | 000,068,480 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >






extras.txt

OTL Extras logfile created on: 04/09/2011 21:32:03 - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\CPR\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.23 Mb Total Physical Memory | 348.13 Mb Available Physical Memory | 34.02% Memory free
2.40 Gb Paging File | 1.82 Gb Available in Paging File | 75.60% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 162.66 Gb Free Space | 69.85% Space Free | Partition Type: NTFS
Drive H: | 2.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: YABADABA-ED7B9E | User Name: CPR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1202660629-1844823847-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\Sports Interactive\Football Manager 2010 Demo\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2010 Demo\fm.exe:*:Enabled:Football Manager 2010 Demo -- (Sports Interactive)
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP480_series" = Canon MP480 series MP Drivers
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1C00A3F1-6DA0-49F8-94E4-01AB6FC01033}" = Nero 7 Essentials
"{1D171963-9063-4423-898B-8EC4F1F190B7}" = EA downloader
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{49CFD5D9-0556-4037-B7D6-E13ED4BEA4C5}" = Football Manager 2006
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5CA7899B-FFEC-4254-A05B-448420831F37}" = Championship Manager 2010
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0732D58-7DC1-431F-ADE5-B9704B2EBEDF}" = Big Mutha Truckers
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A819907C-5912-4471-91D7-D94885A2C40B}" = AVG 2012
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4A3B14A-1C4B-47B9-A5B5-BF429237D568}" = muveeNow 2.1
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CCF98260-1FE9-4CEC-ACE7-88EE3158F23C}" = AVG 2012
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Standard 9
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2012
"Canon MP480 series User Registration" = Canon MP480 series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Duplicate Music Files Finder_is1" = Duplicate Music Files Finder 1.5.5
"DVD Shrink_is1" = DVD Shrink 3.2
"EA Installer.1321180248" = EA Installer
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EPSON Printer and Utilities" = EPSON Printer Software
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FIFA MANAGER 11" = FIFA MANAGER 11
"Football Manager 2010" = Football Manager 2010
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{1D171963-9063-4423-898B-8EC4F1F190B7}" = EA downloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.21)" = Mozilla Firefox (3.6.21)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PictureIt_v9" = Microsoft Picture It! Photo Standard 9
"RegCure" = RegCure
"Registry Mechanic_is1" = Registry Mechanic 8.0
"Vivitar Experience Image Manager" = Vivitar Experience Image Manager
"WIC" = Windows Imaging Component
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpertVision_is1" = XpertVision 5.5

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01/09/2011 19:43:53 | Computer Name = YABADABA-ED7B9E | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4259, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 02/09/2011 07:13:55 | Computer Name = YABADABA-ED7B9E | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4259, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 02/09/2011 07:13:56 | Computer Name = YABADABA-ED7B9E | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4259, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 03/09/2011 03:13:14 | Computer Name = YABADABA-ED7B9E | Source = Application Error | ID = 1000
Description = Faulting application spybotsd.exe, version 1.6.2.46, faulting module
spybotsd.exe, version 1.6.2.46, fault address 0x00004d8a.

Error - 03/09/2011 08:40:13 | Computer Name = YABADABA-ED7B9E | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x1000d180.

Error - 03/09/2011 08:42:25 | Computer Name = YABADABA-ED7B9E | Source = Application Hang | ID = 1002
Description = Hanging application BullGuard100.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/09/2011 08:45:47 | Computer Name = YABADABA-ED7B9E | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x1000d180.

Error - 03/09/2011 08:50:13 | Computer Name = YABADABA-ED7B9E | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 03/09/2011 08:56:01 | Computer Name = YABADABA-ED7B9E | Source = ESENT | ID = 494
Description = wuauclt (572) Database recovery failed with error -1216 because it
encountered references to a database, 'C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb',
which is no longer present. The database was not brought to a consistent state
before it was removed (or possibly moved or renamed). The database engine will not
permit recovery to complete for this instance until the missing database is re-instated.
If the database is truly no longer available and no longer required, please contact
PSS for further instructions regarding the steps required in order to allow recovery
to proceed without this database.

Error - 03/09/2011 08:56:01 | Computer Name = YABADABA-ED7B9E | Source = ESENT | ID = 454
Description = wuauclt (572) Database recovery/restore failed with unexpected error
-1216.

[ OSession Events ]
Error - 24/03/2010 02:45:41 | Computer Name = YABADABA-ED7B9E | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 135613
seconds with 2040 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 03/09/2011 08:34:35 | Computer Name = YABADABA-ED7B9E | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 03/09/2011 08:34:46 | Computer Name = YABADABA-ED7B9E | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 03/09/2011 08:34:58 | Computer Name = YABADABA-ED7B9E | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 03/09/2011 08:35:14 | Computer Name = YABADABA-ED7B9E | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 03/09/2011 08:40:14 | Computer Name = YABADABA-ED7B9E | Source = Service Control Manager | ID = 7034
Description = The TCP/IP NetBIOS Helper service terminated unexpectedly. It has
done this 1 time(s).

Error - 03/09/2011 08:40:14 | Computer Name = YABADABA-ED7B9E | Source = Service Control Manager | ID = 7034
Description = The SSDP Discovery Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 03/09/2011 08:46:39 | Computer Name = YABADABA-ED7B9E | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 03/09/2011 08:46:39 | Computer Name = YABADABA-ED7B9E | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 04/09/2011 15:41:37 | Computer Name = YABADABA-ED7B9E | Source = PSched | ID = 14103
Description = QoS [Adapter {3676FF3D-A78C-4CDA-ACE6-868255941027}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 04/09/2011 16:27:56 | Computer Name = YABADABA-ED7B9E | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
NovaShieldFilterDriver NovaShieldTDIDriver


< End of report >


TDSSKiller.exe said infection not found.

[Cypher]

Hi lmrcpr,

thanks for your help

You're welcome.

TDSSKiller.exe said infection not found.

I still need to see the log post it in your next reply please, you can find it by going to Start > computer > C:.
Continue with the instructions below, once done give me an update on your computers performance.

Add/Remove programs

• Click on start
• Then Run
• In the open text entry box please copy/paste appwiz.cpl Then click enter.
• Press the "Remove" or "Change/Remove"...button to uninstall the following.

Ad-Aware
RegCure
Registry Mechanic 8.0

Next.

Run OTL Script

We need to run an OTL Fix

• Double-click OTL.exe to start the program.
• Copy and Paste the following code into the textbox. Do not include the word Code
  
  Code:

  :processes
  killallprocesses
  
  :otl
  IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
  IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
  FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: File not found
  FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: File not found
  FF - prefs.js..extensions.enabledItems: {C7587CE6-6C7A-40C5-ACFF-775134790365}:1.9.1
  FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1787
  FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{C7587CE6-6C7A-40C5-ACFF-775134790365}: C:\Documents and Settings\CPR\Local Settings\Application Data\{C7587CE6-6C7A-40C5-ACFF-775134790365} [2010/11/30 17:38:23 | 000,000,000 | ---D | M]
  [2010/11/30 17:38:23 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\CPR\LOCAL SETTINGS\APPLICATION DATA\{C7587CE6-6C7A-40C5-ACFF-775134790365}
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
  O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
  O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
  O34 - HKLM BootExecute: (autocheck autochk *) - File not found
  @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
  @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
  
  :files
  c:\documents and settings\cpr\local settings\application data\qsosldmb
  c:\documents and settings\cpr\0.3191063280485381.exe
  C:\Program Files\RegCure
  C:\Program Files\Lavasoft\Ad-Aware
  C:\WINDOWS\tasks\RegCure Program Check.job
  C:\WINDOWS\tasks\RegCure.job
  C:\Documents and Settings\CPR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
  C:\Documents and Settings\All Users\Application Data\~18013988r
  C:\Documents and Settings\All Users\Application Data\~18013988
  C:\Documents and Settings\All Users\Application Data\18013988
  C:\WINDOWS\Tbifocacezaf.dat
  C:\WINDOWS\Mqefaxuhijuc.bin
  ipconfig /flushdns /c
  
  :commands
  [emptyflash]
  [emptytemp]
  [resethosts]
  [clearallrestorepoints]
  [REBOOT]

• Then click the Run Fix button at the top.
• Click .
• OTL may ask to reboot the machine. Please do so if asked.
• The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Logs/Information to Post in your Next Reply

• OTL log.
• TDSSKiller log.
• Please give me an update on your computers performance.

[lmrcpr]

thanks, The computor seams to be runnign fine now, its not redirecting me, is a normall spead and i'm not getitng any warrings from avg.
Here are the logs you asked for:

OTS log
All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Prefs.js: {C7587CE6-6C7A-40C5-ACFF-775134790365}:1.9.1 removed from extensions.enabledItems
Prefs.js: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1787 removed from extensions.enabledItems
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{C7587CE6-6C7A-40C5-ACFF-775134790365}: C:\Documents and Settings\CPR\Local Settings\Application Data\{C7587CE6-6C7A-40C5-ACFF-775134790365} not found.
C:\DOCUMENTS AND SETTINGS\CPR\LOCAL SETTINGS\APPLICATION DATA\{C7587CE6-6C7A-40C5-ACFF-775134790365}\chrome\content folder moved successfully.
C:\DOCUMENTS AND SETTINGS\CPR\LOCAL SETTINGS\APPLICATION DATA\{C7587CE6-6C7A-40C5-ACFF-775134790365}\chrome folder moved successfully.
C:\DOCUMENTS AND SETTINGS\CPR\LOCAL SETTINGS\APPLICATION DATA\{C7587CE6-6C7A-40C5-ACFF-775134790365} folder moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1202660629-1844823847-839522115-1005\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1202660629-1844823847-839522115-1005\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\belarc\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6318E0AB-2E93-11D1-B8ED-00608CC9A71F}\ deleted successfully.
File {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
========== FILES ==========
c:\documents and settings\cpr\local settings\application data\qsosldmb folder moved successfully.
c:\documents and settings\cpr\0.3191063280485381.exe moved successfully.
File\Folder C:\Program Files\RegCure not found.
C:\Program Files\Lavasoft\Ad-Aware folder moved successfully.
File\Folder C:\WINDOWS\tasks\RegCure Program Check.job not found.
File\Folder C:\WINDOWS\tasks\RegCure.job not found.
C:\Documents and Settings\CPR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Documents and Settings\All Users\Application Data\~18013988r moved successfully.
C:\Documents and Settings\All Users\Application Data\~18013988 moved successfully.
C:\Documents and Settings\All Users\Application Data\18013988 moved successfully.
C:\WINDOWS\Tbifocacezaf.dat moved successfully.
C:\WINDOWS\Mqefaxuhijuc.bin moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\CPR\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\CPR\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 2836 bytes

User: Administrator.YABADABA-ED7B9E
->Flash cache emptied: 2836 bytes

User: All Users

User: CPR
->Flash cache emptied: 66264 bytes

User: Default User
->Flash cache emptied: 41620 bytes

User: LMR
->Flash cache emptied: 2231 bytes

User: LocalService
->Flash cache emptied: 405 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 32768 bytes
->Flash cache emptied: 0 bytes

User: Administrator.YABADABA-ED7B9E
->Temporary Internet Files folder emptied: 204550 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: CPR
->Temp folder emptied: 24049281 bytes
->Temporary Internet Files folder emptied: 85398111 bytes
->Java cache emptied: 685337 bytes
->FireFox cache emptied: 219448790 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: LMR
->Temp folder emptied: 205142400 bytes
->Temporary Internet Files folder emptied: 8001815 bytes
->FireFox cache emptied: 100888931 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 138452 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 47059621 bytes
%systemroot%\System32 .tmp files removed: 4370961 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 880070 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 104711050 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 116377394 bytes

Total Files Cleaned = 875.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.27.0 log created on 09052011_222352

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




TDSSkiller log - this is the one from before I carried out the actions in the last post, hope that right.


2011/09/04 21:38:57.0093 2332 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/09/04 21:38:58.0281 2332 ================================================================================
2011/09/04 21:38:58.0281 2332 SystemInfo:
2011/09/04 21:38:58.0281 2332
2011/09/04 21:38:58.0281 2332 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/04 21:38:58.0281 2332 Product type: Workstation
2011/09/04 21:38:58.0281 2332 ComputerName: YABADABA-ED7B9E
2011/09/04 21:38:58.0281 2332 UserName: CPR
2011/09/04 21:38:58.0281 2332 Windows directory: C:\WINDOWS
2011/09/04 21:38:58.0281 2332 System windows directory: C:\WINDOWS
2011/09/04 21:38:58.0281 2332 Processor architecture: Intel x86
2011/09/04 21:38:58.0281 2332 Number of processors: 2
2011/09/04 21:38:58.0281 2332 Page size: 0x1000
2011/09/04 21:38:58.0281 2332 Boot type: Normal boot
2011/09/04 21:38:58.0281 2332 ================================================================================
2011/09/04 21:39:00.0031 2332 Initialize success
2011/09/04 21:39:07.0390 0528 ================================================================================
2011/09/04 21:39:07.0406 0528 Scan started
2011/09/04 21:39:07.0406 0528 Mode: Manual;
2011/09/04 21:39:07.0406 0528 ================================================================================
2011/09/04 21:39:08.0453 0528 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/04 21:39:08.0500 0528 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/04 21:39:08.0562 0528 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/04 21:39:08.0609 0528 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/09/04 21:39:08.0656 0528 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/04 21:39:08.0906 0528 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/04 21:39:08.0937 0528 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/04 21:39:08.0984 0528 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/04 21:39:09.0046 0528 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/04 21:39:09.0093 0528 Avgfwdx (841b0a982065bffc7d7e84009f2fa76f) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/09/04 21:39:09.0109 0528 Avgfwfd (841b0a982065bffc7d7e84009f2fa76f) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/09/04 21:39:09.0171 0528 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/09/04 21:39:09.0203 0528 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/09/04 21:39:09.0218 0528 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/09/04 21:39:09.0250 0528 AVGIDSShim (07eba0c11fa1d73b82ecc3255ddfe34d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/09/04 21:39:09.0281 0528 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/09/04 21:39:09.0312 0528 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/09/04 21:39:09.0328 0528 Avgrkx86 (4def59ff7d09b9ce59739102b49fd526) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/09/04 21:39:09.0359 0528 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/09/04 21:39:09.0437 0528 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2011/09/04 21:39:09.0484 0528 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/04 21:39:09.0562 0528 Cardex (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPANEL.SYS
2011/09/04 21:39:09.0609 0528 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/04 21:39:09.0671 0528 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/04 21:39:09.0750 0528 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/04 21:39:09.0781 0528 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/04 21:39:09.0796 0528 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/04 21:39:10.0015 0528 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/04 21:39:10.0062 0528 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/04 21:39:10.0125 0528 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/04 21:39:10.0250 0528 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/04 21:39:10.0343 0528 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/04 21:39:10.0406 0528 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/04 21:39:10.0453 0528 EAPPkt (c47e7c5e7410c7de98f7219e3008c23d) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
2011/09/04 21:39:10.0515 0528 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/04 21:39:10.0593 0528 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/04 21:39:10.0671 0528 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/04 21:39:10.0718 0528 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/04 21:39:10.0734 0528 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/04 21:39:10.0796 0528 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/04 21:39:10.0843 0528 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/04 21:39:10.0890 0528 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/09/04 21:39:10.0921 0528 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/04 21:39:10.0968 0528 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/04 21:39:11.0109 0528 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/04 21:39:11.0187 0528 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/04 21:39:11.0312 0528 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/04 21:39:11.0390 0528 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/04 21:39:11.0687 0528 IntcAzAudAddService (a7d3a1b2cabdab81ead07c204adb7ce1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/09/04 21:39:12.0031 0528 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/04 21:39:12.0062 0528 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/04 21:39:12.0078 0528 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/04 21:39:12.0125 0528 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/04 21:39:12.0156 0528 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/04 21:39:12.0187 0528 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/04 21:39:12.0234 0528 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/04 21:39:12.0250 0528 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/04 21:39:12.0296 0528 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/04 21:39:12.0343 0528 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/04 21:39:12.0406 0528 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/09/04 21:39:12.0484 0528 MBAMSwissArmy (00c4a0992d4ea5520ac12db4fd11c3e3) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/09/04 21:39:12.0531 0528 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/04 21:39:12.0593 0528 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/04 21:39:12.0609 0528 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/04 21:39:12.0671 0528 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/04 21:39:12.0734 0528 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/04 21:39:12.0765 0528 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/04 21:39:12.0828 0528 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/04 21:39:12.0890 0528 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/04 21:39:12.0921 0528 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/04 21:39:12.0937 0528 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/04 21:39:12.0953 0528 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/04 21:39:13.0000 0528 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/04 21:39:13.0046 0528 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/04 21:39:13.0078 0528 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/04 21:39:13.0125 0528 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/04 21:39:13.0171 0528 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/04 21:39:13.0203 0528 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/04 21:39:13.0250 0528 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/04 21:39:13.0343 0528 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/04 21:39:13.0546 0528 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/04 21:39:13.0593 0528 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/04 21:39:13.0640 0528 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/04 21:39:13.0656 0528 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/04 21:39:13.0843 0528 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/04 21:39:13.0859 0528 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/04 21:39:13.0968 0528 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/04 21:39:14.0187 0528 nv (5950e6cc9fb3fabb61604d395dbc8550) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/04 21:39:14.0484 0528 nvcap (281169c9bbb8a0d4f1df67f1af791148) C:\WINDOWS\system32\DRIVERS\nvcap.sys
2011/09/04 21:39:14.0500 0528 NVXBAR (8558d771e406487f200647a13a74472e) C:\WINDOWS\system32\DRIVERS\NVxbar.sys
2011/09/04 21:39:14.0578 0528 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/04 21:39:14.0640 0528 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/04 21:39:14.0718 0528 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/04 21:39:14.0765 0528 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/04 21:39:14.0796 0528 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/04 21:39:14.0796 0528 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/04 21:39:14.0843 0528 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/04 21:39:14.0953 0528 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/04 21:39:15.0140 0528 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/04 21:39:15.0156 0528 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/09/04 21:39:15.0171 0528 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/04 21:39:15.0234 0528 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/04 21:39:15.0312 0528 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/04 21:39:15.0437 0528 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/04 21:39:15.0500 0528 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/04 21:39:15.0515 0528 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/04 21:39:15.0531 0528 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/04 21:39:15.0578 0528 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/04 21:39:15.0625 0528 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/04 21:39:15.0687 0528 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/04 21:39:15.0734 0528 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/04 21:39:15.0796 0528 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/09/04 21:39:15.0875 0528 RTL8187B (60aecd4284317784111716bb88342f46) C:\WINDOWS\system32\DRIVERS\wg111v3.sys
2011/09/04 21:39:15.0953 0528 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/04 21:39:15.0968 0528 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/04 21:39:16.0000 0528 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/04 21:39:16.0031 0528 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/04 21:39:16.0093 0528 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/04 21:39:16.0234 0528 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/04 21:39:16.0265 0528 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/04 21:39:16.0328 0528 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/04 21:39:16.0406 0528 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/04 21:39:16.0500 0528 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/04 21:39:16.0531 0528 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/04 21:39:16.0687 0528 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/04 21:39:16.0750 0528 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPanel.sys
2011/09/04 21:39:16.0906 0528 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/04 21:39:16.0968 0528 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/04 21:39:17.0000 0528 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/04 21:39:17.0031 0528 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/04 21:39:17.0125 0528 Trufos (d391f1171a2e3a7080df6faae7a20c0b) C:\WINDOWS\system32\DRIVERS\Trufos.sys
2011/09/04 21:39:17.0171 0528 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/04 21:39:17.0265 0528 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/04 21:39:17.0296 0528 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/04 21:39:17.0328 0528 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/04 21:39:17.0343 0528 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/04 21:39:17.0359 0528 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/09/04 21:39:17.0375 0528 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/04 21:39:17.0406 0528 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/04 21:39:17.0421 0528 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/04 21:39:17.0437 0528 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/04 21:39:17.0484 0528 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/04 21:39:17.0515 0528 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/04 21:39:17.0578 0528 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/04 21:39:17.0718 0528 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/09/04 21:39:17.0781 0528 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/04 21:39:17.0828 0528 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/04 21:39:17.0859 0528 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/04 21:39:17.0906 0528 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/09/04 21:39:18.0046 0528 Boot (0x1200) (ab8e4197bb4662ec7feea96502adc9b3) \Device\Harddisk0\DR0\Partition0
2011/09/04 21:39:18.0062 0528 ================================================================================
2011/09/04 21:39:18.0078 0528 Scan finished
2011/09/04 21:39:18.0078 0528 ================================================================================
2011/09/04 21:39:18.0078 2480 Detected object count: 0
2011/09/04 21:39:18.0078 2480 Actual detected object count: 0
2011/09/04 21:39:29.0421 4020 Deinitialize success

[Cypher]

Hi lmrcpr,

The computor seams to be runnign fine now, its not redirecting me, is a normall spead and i'm not getitng any warrings from avg.

Excellent, good work so far.
I need you to run another scan for me to check for leftovers.

Java SE Runtime Environment (JRE).

Please download from HERE

• Find Java SE 7, (JRE) Java SE 7.
• Click the Download JRE button to the right.
• Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
• Click the Continue button.
• Click on the filename under Windows Offline Installation and save it to your desktop.
• Close all active windows.
• Install the program.

Next.

Temp File Cleaner

• Please download TFC and save it to your desktop.
• Save any unsaved work. TFC will close all open application windows.
• Double-click TFC.exe to run the program.
• If prompted, click Yes to reboot.
• NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer than a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

• First please Disable any Antivirus you have active, as shown in This topic.
• Note: Don't forget to re-enable it after the scan.
• Next hold down Control then click on the following link to open a new window to ESET online scannner
• Then click on Run ESET Online Scanner
  

  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

• Select the option YES, I accept the Terms of Use then click on Start.
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:

• • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Now click on Start.
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
• Now click on Finish.
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Logs/Information to Post in your Next Reply

• ESET log.
• Please give me an update on your computers performance.

[Cypher]

Hi lmrcpr,
Are you still with me?

[Cypher]

This topic has been archived due to inactivity.

If it has been three days or more since your last post, and the helper assisting you posted a response to which you did not reply, your thread will not be re-opened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested previously, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send your helper a private message (pm). A valid, working link to the closed topic is required.