I Have had problems with my computer since detecting the virus antivirus pro 2010 . I have managed to delete that . I am now having several problems with
1. google redirects to other search engines
2 .Have installed spybot s&d and trying to run it have the error,windows cannot acces the specific device,path,or file. you may not have the appropriate permission to acces the item.
3. Have tried downloading hijackthis which also refuses to run
4. avg 8.5 will not perform a system scan but shows that everything is working. (i have tried uninstalling it and re install with no luck)
5. reg cure and spyware doctor work and scan the system find infections and cure them but they keep re-apearing on the next scan.
I think i have included everything,my operating system is win xp
I hope you can help many thanks Arfon

Hi there
You are correct
HKEY_LOCAL_MACHINE\REMOTE_SAM
I wrote it down incorectly
the last time the p.c booted up correctly was october 14th
I will re attempt to run through your instructions as i probably did run with the hives open
please be patient as im trying my best.
thanks again

I figured it was a typo, though I needed to be sure.
I have yet another exercise for you to do whilst in MiniXP.

Using the Opera browser to view this post, highlight and copy to text the contents of the code box below.



Either click the command prompt icon on the taskbar or double click the Command Prompt icon on the desktop to open a command window.
Right click in the command window and Paste the copied text.
It should execute quickly and close, and a log should open.
Post the contents of that log here please.

Hello i re ran the DDS bootcd.exe twice one before i pasted the 'reg query' into the command prompt box and one after.
one thing i noticed i couldent get the user hive to open, it stated (ntuser.dat-file not found-please verify thr correct file name was given.
only the HKEY_LOCAL as previousley noted opend
I will run the next exercise in another post complete with log

DDS_BootCD_Version (Ver_09-10-04.01) - NTFSx86
Run at 17:42:16.06 on Wed 10/28/2009
Internet Explorer: 8.0.6001.18702

============== Pseudo HJT Report ===============

S-1-5-21-1935681133-1597978318-240782882-1007_URLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
S-1-5-21-1935681133-1597978318-240782882-1007_URLSearchHooks: H - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: Orange: {4e7bd74f-2b8d-469e-a1fb-f862b587b57d} -
TB: {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
S-1-5-21-1935681133-1597978318-240782882-1007_Run: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
S-1-5-21-1935681133-1597978318-240782882-1007_Run: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
S-1-5-21-1935681133-1597978318-240782882-1007_Run: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
S-1-5-21-1935681133-1597978318-240782882-1007_Run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [RemoteControl] c:\windows\system32\rmctrl.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
S-1-5-21-1935681133-1597978318-240782882-1007_Policies-explorer: NoWindowsUpdate = 0 (0x0)
S-1-5-21-1935681133-1597978318-240782882-1007_Policies-system: EnableProfileQuota = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,21/mcgdmgr.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: rqRHxusp - rqRHxusp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

APCPBEAgent; c:\progra~1\apc\powerc~1\agent\pbeagent.exe
AVG; [x]
avg8wd; c:\progra~1\avg\avg8\avgwdsvc.exe
AvgLdx86; \SystemRoot\System32\Drivers\avgldx86.sys
AvgTdiX; \SystemRoot\System32\Drivers\avgtdix.sys
fssfltr; system32\DRIVERS\fssfltr_tdi.sys
fsssvc; "c:\program files\windows live\family safety\fsssvc.exe"
gupdate1c9b63b8cc7536e; "c:\program files\google\update\GoogleUpdate.exe" /svc
Lavasoft Ad-Aware Service; [x]
PAC207; system32\DRIVERS\pfc027.sys
PCTCore; system32\drivers\PCTCore.sys
rpvnprpipoufniww; \systemroot\system32\drivers\rpvnprpipoufniww.sys
sdAuxService; c:\program files\spyware doctor\pctsAuxs.exe
SeaPort; "c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe"
Winsock - Google Desktop Search Backup Before First Install; [x]
Winsock - Google Desktop Search Backup Before Last Install; [x]
Winsock2 - Google Desktop Search Backup Before First Install; [x]
Winsock2 - Google Desktop Search Backup Before Last Install; [x]
{017945CB-B466-4F10-96F8-EE9956E84EEE}; [x]
{04D8EFFB-0568-4B5D-ABF5-862962188B58}; [x]
{AACB5D92-5FF1-4F32-BA0D-D1825E165C1F}; [x]

=============== Created Last 30 ================

2009-10-10 19:32 13,824 a------- c:\windows\system32\gasfkynrerrnti.dll
2009-10-09 20:30 13,824 a------- c:\windows\system32\gasfkyxexbfjpi.dll
2009-10-06 16:52 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-10-06 16:52 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-10-06 16:52 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-10-06 16:51 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-10-06 16:51 <DIR> --d----- c:\documents and settings\all users\application data\AVG Security Toolbar
2009-10-06 16:51 <DIR> --d----- c:\program files\AVG
2009-10-01 20:26 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-10-01 20:26 <DIR> --d----- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2009-09-28 23:44 9,200 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-09-28 23:44 9,072 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-09-28 23:43 <DIR> --d----- c:\windows\system32\IOSUBSYS

==================== Find3M ====================

2009-10-13 16:24 94,253 a------- c:\windows\system32\gasfkyomudujwm.dat
2009-10-13 16:24 19,968 a------- c:\windows\system32\gasfkygwveirwk.dll
2009-09-30 22:49 46 a------- C:\p2hhr.bat
2009-09-27 15:53 18,176 a------- c:\documents and settings\all users\application data\ywij.com
2009-09-27 15:53 14,539 a------- c:\windows\osokobu.com
2009-09-27 15:53 12,169 a------- c:\windows\system32\odyfonem.bat
2009-09-27 15:53 10,437 a------- c:\windows\system32\icide.pif
2009-09-27 15:53 18,333 a------- c:\documents and settings\all users\application data\etujibyh.sys
2009-09-27 15:53 13,315 a------- c:\windows\myheq.reg
2009-09-27 15:53 11,890 a------- c:\documents and settings\all users\application data\qaha.com
2009-09-27 15:53 10,590 a------- c:\documents and settings\arfon jones\application data\aqynacehu.vbs
2009-09-27 15:53 11,399 a------- c:\program files\common files\niryvizuf.dl
2009-09-27 15:53 14,561 a------- c:\program files\common files\bogawi.dat
2009-09-26 12:49 19,755 a------- c:\windows\yxusujag.dat
2009-09-26 12:49 17,582 a------- c:\documents and settings\all users\application data\vegiz.reg
2009-09-26 12:49 17,248 a------- c:\program files\common files\adegyrut.db
2009-09-26 12:49 16,604 a------- c:\windows\system32\icolataf.scr
2009-09-26 12:49 12,103 a------- c:\program files\common files\ycisig.pif
2009-09-26 12:49 12,058 a------- c:\windows\oqevugoze.reg
2009-09-26 12:49 11,947 a------- c:\windows\ocimusavi.com
2009-09-26 12:49 10,731 a------- c:\documents and settings\all users\application data\ywah.scr
2009-09-26 12:49 16,602 a------- c:\program files\common files\ysirunuq._dl
2009-09-26 12:44 20,992 a------- c:\windows\system32\gasfkyrqpwqlta.dll
2009-09-26 12:43 45,568 a------- c:\windows\system32\gasfkytsnsnior.dll
2009-09-26 12:43 72,192 a------- c:\windows\system32\drivers\gasfkybbgiujrw.sys.old
2009-09-26 12:42 6,656 a------- C:\hxlqib.exe
2009-09-25 21:31 991,584 a------- c:\windows\system32\xa.tmp
2009-08-06 18:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 18:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 09:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2008-09-23 21:28 31,320 a------- c:\documents and settings\arfon jones\application data\GDIPFONTCACHEV1.DAT
2008-09-17 21:59 87,608 a------- c:\documents and settings\arfon jones\application data\inst.exe
2008-09-17 21:59 47,360 a------- c:\documents and settings\arfon jones\application data\pcouffin.sys
2006-10-10 21:19 278,528 a------- c:\program files\common files\FDEUnInstaller.exe
2004-11-25 20:59 262,144 a------- c:\documents and settings\all users\NTUSER.DAT

==== Installed Programs ======================


2600
2600_Help
2600Trb
4oD
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0.1
Adobe Reader 7.0.9
Adobe® Photoshop® Album Starter Edition 3.0
AiO_Scan
AiOSoftware
APC PowerChute Business Edition Agent
APC PowerChute Business Edition Console
AVG Free 8.5
BufferChm
Copy
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Destinations
DiMAGE Viewer
Director
DocProc
DocumentViewer
Driveway and Patio Designer V9.5.22
Easy Price Pro NHE Cal
Easy Price Pro NHE Estimator
ERUNT 1.1j
Fax
Google Earth
Google SketchUp 6
Google Toolbar for Internet Explorer
Google Update Helper
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HMRC Employer CD-ROM 2009
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
hp deskjet 5550 series (Remove only)
HP Diagnostic Assistant
HP Discover Digital Photography
HP Image Zone 4.2
hp print screen utility
HP PSC & OfficeJet 4.2
HP Software Update
HP Unload DLL Patch
HPSystemDiagnostics
InstantShare
InterActual Player
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 11
Java™ 6 Update 3
Junk Mail filter update
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8 Plugin
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MSN
MSN Music Assistant
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero - Burning Rom (Web installer)
Network Play System (Patching)
NHEEstimator
Orange Search Toolbar
OTiCardReader
Overland
PC Camer@
Personal License Update Wizard for Windows Media Player
PhotoGallery
Picasa 3
PowerDVD
PrintScreen
ProductContext
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
RegCure 1.6.0.0
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Scan
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
SkinsHP1
Spybot - Search & Destroy
Spyware Doctor 6.0
The Sims House Party
TrayApp
Unload
upapp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VIA Rhine-Family Fast Ethernet Adapter
Viewpoint Media Player
Virtual Earth 3D (Beta)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

============= FINISH: 17:42:23.14 ===============



DDS_BootCD_Version (Ver_09-10-04.01) - NTFSx86
Run at 18:01:20.31 on Wed 10/28/2009
Internet Explorer: 8.0.6001.18702

============== Pseudo HJT Report ===============

S-1-5-21-1935681133-1597978318-240782882-1007_URLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
S-1-5-21-1935681133-1597978318-240782882-1007_URLSearchHooks: H - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: Orange: {4e7bd74f-2b8d-469e-a1fb-f862b587b57d} -
TB: {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
S-1-5-21-1935681133-1597978318-240782882-1007_Run: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
S-1-5-21-1935681133-1597978318-240782882-1007_Run: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
S-1-5-21-1935681133-1597978318-240782882-1007_Run: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
S-1-5-21-1935681133-1597978318-240782882-1007_Run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [RemoteControl] c:\windows\system32\rmctrl.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
S-1-5-21-1935681133-1597978318-240782882-1007_Policies-explorer: NoWindowsUpdate = 0 (0x0)
S-1-5-21-1935681133-1597978318-240782882-1007_Policies-system: EnableProfileQuota = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,21/mcgdmgr.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: rqRHxusp - rqRHxusp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

APCPBEAgent; c:\progra~1\apc\powerc~1\agent\pbeagent.exe
AVG; [x]
avg8wd; c:\progra~1\avg\avg8\avgwdsvc.exe
AvgLdx86; \SystemRoot\System32\Drivers\avgldx86.sys
AvgTdiX; \SystemRoot\System32\Drivers\avgtdix.sys
fssfltr; system32\DRIVERS\fssfltr_tdi.sys
fsssvc; "c:\program files\windows live\family safety\fsssvc.exe"
gupdate1c9b63b8cc7536e; "c:\program files\google\update\GoogleUpdate.exe" /svc
Lavasoft Ad-Aware Service; [x]
PAC207; system32\DRIVERS\pfc027.sys
PCTCore; system32\drivers\PCTCore.sys
rpvnprpipoufniww; \systemroot\system32\drivers\rpvnprpipoufniww.sys
sdAuxService; c:\program files\spyware doctor\pctsAuxs.exe
SeaPort; "c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe"
Winsock - Google Desktop Search Backup Before First Install; [x]
Winsock - Google Desktop Search Backup Before Last Install; [x]
Winsock2 - Google Desktop Search Backup Before First Install; [x]
Winsock2 - Google Desktop Search Backup Before Last Install; [x]
{017945CB-B466-4F10-96F8-EE9956E84EEE}; [x]
{04D8EFFB-0568-4B5D-ABF5-862962188B58}; [x]
{AACB5D92-5FF1-4F32-BA0D-D1825E165C1F}; [x]

=============== Created Last 30 ================

2009-10-10 19:32 13,824 a------- c:\windows\system32\gasfkynrerrnti.dll
2009-10-09 20:30 13,824 a------- c:\windows\system32\gasfkyxexbfjpi.dll
2009-10-06 16:52 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-10-06 16:52 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-10-06 16:52 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-10-06 16:51 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-10-06 16:51 <DIR> --d----- c:\documents and settings\all users\application data\AVG Security Toolbar
2009-10-06 16:51 <DIR> --d----- c:\program files\AVG
2009-10-01 20:26 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-10-01 20:26 <DIR> --d----- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2009-09-28 23:44 9,200 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-09-28 23:44 9,072 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-09-28 23:43 <DIR> --d----- c:\windows\system32\IOSUBSYS

==================== Find3M ====================

2009-10-13 16:24 94,253 a------- c:\windows\system32\gasfkyomudujwm.dat
2009-10-13 16:24 19,968 a------- c:\windows\system32\gasfkygwveirwk.dll
2009-09-30 22:49 46 a------- C:\p2hhr.bat
2009-09-27 15:53 18,176 a------- c:\documents and settings\all users\application data\ywij.com
2009-09-27 15:53 14,539 a------- c:\windows\osokobu.com
2009-09-27 15:53 12,169 a------- c:\windows\system32\odyfonem.bat
2009-09-27 15:53 10,437 a------- c:\windows\system32\icide.pif
2009-09-27 15:53 18,333 a------- c:\documents and settings\all users\application data\etujibyh.sys
2009-09-27 15:53 13,315 a------- c:\windows\myheq.reg
2009-09-27 15:53 11,890 a------- c:\documents and settings\all users\application data\qaha.com
2009-09-27 15:53 10,590 a------- c:\documents and settings\arfon jones\application data\aqynacehu.vbs
2009-09-27 15:53 11,399 a------- c:\program files\common files\niryvizuf.dl
2009-09-27 15:53 14,561 a------- c:\program files\common files\bogawi.dat
2009-09-26 12:49 19,755 a------- c:\windows\yxusujag.dat
2009-09-26 12:49 17,582 a------- c:\documents and settings\all users\application data\vegiz.reg
2009-09-26 12:49 17,248 a------- c:\program files\common files\adegyrut.db
2009-09-26 12:49 16,604 a------- c:\windows\system32\icolataf.scr
2009-09-26 12:49 12,103 a------- c:\program files\common files\ycisig.pif
2009-09-26 12:49 12,058 a------- c:\windows\oqevugoze.reg
2009-09-26 12:49 11,947 a------- c:\windows\ocimusavi.com
2009-09-26 12:49 10,731 a------- c:\documents and settings\all users\application data\ywah.scr
2009-09-26 12:49 16,602 a------- c:\program files\common files\ysirunuq._dl
2009-09-26 12:44 20,992 a------- c:\windows\system32\gasfkyrqpwqlta.dll
2009-09-26 12:43 45,568 a------- c:\windows\system32\gasfkytsnsnior.dll
2009-09-26 12:43 72,192 a------- c:\windows\system32\drivers\gasfkybbgiujrw.sys.old
2009-09-26 12:42 6,656 a------- C:\hxlqib.exe
2009-09-25 21:31 991,584 a------- c:\windows\system32\xa.tmp
2009-08-06 18:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 18:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 09:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2008-09-23 21:28 31,320 a------- c:\documents and settings\arfon jones\application data\GDIPFONTCACHEV1.DAT
2008-09-17 21:59 87,608 a------- c:\documents and settings\arfon jones\application data\inst.exe
2008-09-17 21:59 47,360 a------- c:\documents and settings\arfon jones\application data\pcouffin.sys
2006-10-10 21:19 278,528 a------- c:\program files\common files\FDEUnInstaller.exe
2004-11-25 20:59 262,144 a------- c:\documents and settings\all users\NTUSER.DAT

==== Installed Programs ======================


2600
2600_Help
2600Trb
4oD
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0.1
Adobe Reader 7.0.9
Adobe® Photoshop® Album Starter Edition 3.0
AiO_Scan
AiOSoftware
APC PowerChute Business Edition Agent
APC PowerChute Business Edition Console
AVG Free 8.5
BufferChm
Copy
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Destinations
DiMAGE Viewer
Director
DocProc
DocumentViewer
Driveway and Patio Designer V9.5.22
Easy Price Pro NHE Cal
Easy Price Pro NHE Estimator
ERUNT 1.1j
Fax
Google Earth
Google SketchUp 6
Google Toolbar for Internet Explorer
Google Update Helper
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HMRC Employer CD-ROM 2009
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
hp deskjet 5550 series (Remove only)
HP Diagnostic Assistant
HP Discover Digital Photography
HP Image Zone 4.2
hp print screen utility
HP PSC & OfficeJet 4.2
HP Software Update
HP Unload DLL Patch
HPSystemDiagnostics
InstantShare
InterActual Player
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 11
Java™ 6 Update 3
Junk Mail filter update
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8 Plugin
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MSN
MSN Music Assistant
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero - Burning Rom (Web installer)
Network Play System (Patching)
NHEEstimator
Orange Search Toolbar
OTiCardReader
Overland
PC Camer@
Personal License Update Wizard for Windows Media Player
PhotoGallery
Picasa 3
PowerDVD
PrintScreen
ProductContext
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
RegCure 1.6.0.0
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Scan
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
SkinsHP1
Spybot - Search & Destroy
Spyware Doctor 6.0
The Sims House Party
TrayApp
Unload
upapp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VIA Rhine-Family Fast Ethernet Adapter
Viewpoint Media Player
Virtual Earth 3D (Beta)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

============= FINISH: 18:01:23.29 ===============

Hello again
Here is a log of your last exercise

Volume in drive C is system
Volume Serial Number is 4C24-1144

Again thank you

The last exercise was done to see if any System Restore points existed that we might get a good working set of registry hives from. The results show there are none available.

It was not necessary to run dds twice, though no harm done. What I really need now is the log from the reg query done while having the hives loaded in Registry Editor PE. I will repeat those instructions below.

Open the Hiren's BootCD WinTools and click Menu>Other>Registry Editor PE
When it loads, expand and select the C:\Windows folder in the Browse dialog that opens, then click OK.
Next you will be presented with a series of 4 Select file dialogs in which you need only click Open.
Next you will be asked if you want to open a User hive - click No.
Once the hives are loaded, you will get a message box confirming they are loaded and the relative paths in the Registry Editor.
Click OK then minimize the Registry Editor to the taskbar when it opens. *DO NOT CLOSE REGISTRY EDITOR PE AT THIS TIME*

Connect the network, then using the Opera browser, come back to this post and highlight then copy the following bolded command to text.

reg query HKLM\_REMOTE_SYSTEM\Select>"%userprofile%\desktop\log.txt"

Open the Command prompt window again then right click>Paste the command into the command window.
When complete, close the command window and open the log.txt file on the desktop.
Post it's contents in a reply here along with the exact path to the user hive as previously noted.
Close the Registry Editor PE and wait for an 'All Finished' message.


Now, click Start>Programs>Windows Explorer and expand then select C:\Windows
Look for the file ntbtlog.txt and delete it if present.
Restart the computer, select Boot the hard drive, then begin tapping the F8 key to enable the Advanced Start Menu.
Select Enable Boot Logging from the menu.
When the computer loads as far as it will, restart and go back to MiniXP.
Open Windows Explorer and locate the newly created C:\Windows\ntbtlog.txt file then post it's contents here.

This post has been edited by noahdfear: Nov 1 2009, 06:35 PM

Here is my DDS log after your last instructions
the hive paths were
HKEY_LOCAL_MACHINE\_REMOTE_SAM
\_REMOTE_SECURITY
\_REMOTE_SOFTWARE
\_REMOTE_SYSTEM
I have deleated the ntbtlog.txt. i will re boot next and post the contents of the new ntbtlog

DDS_BootCD_Version (Ver_09-10-04.01) - NTFSx86
Run at 21:22:15.37 on Sun 11/01/2009

============== Pseudo HJT Report ===============


============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-10-10 19:32 13,824 a------- c:\windows\system32\gasfkynrerrnti.dll
2009-10-09 20:30 13,824 a------- c:\windows\system32\gasfkyxexbfjpi.dll
2009-10-06 16:52 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-10-06 16:52 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-10-06 16:52 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-10-06 16:51 <DIR> --d----- c:\windows\system32\drivers\Avg

==================== Find3M ====================

2009-10-13 16:24 94,253 a------- c:\windows\system32\gasfkyomudujwm.dat
2009-10-13 16:24 19,968 a------- c:\windows\system32\gasfkygwveirwk.dll
2009-09-30 22:49 46 a------- C:\p2hhr.bat
2009-09-27 15:53 14,539 a------- c:\windows\osokobu.com
2009-09-27 15:53 12,169 a------- c:\windows\system32\odyfonem.bat
2009-09-27 15:53 10,437 a------- c:\windows\system32\icide.pif
2009-09-27 15:53 13,315 a------- c:\windows\myheq.reg
2009-09-26 12:49 19,755 a------- c:\windows\yxusujag.dat
2009-09-26 12:49 16,604 a------- c:\windows\system32\icolataf.scr
2009-09-26 12:49 12,058 a------- c:\windows\oqevugoze.reg
2009-09-26 12:49 11,947 a------- c:\windows\ocimusavi.com
2009-09-26 12:44 20,992 a------- c:\windows\system32\gasfkyrqpwqlta.dll
2009-09-26 12:43 45,568 a------- c:\windows\system32\gasfkytsnsnior.dll
2009-09-26 12:43 72,192 a------- c:\windows\system32\drivers\gasfkybbgiujrw.sys.old
2009-09-26 12:42 6,656 a------- C:\hxlqib.exe
2009-09-25 21:31 991,584 a------- c:\windows\system32\xa.tmp
2009-08-06 18:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 18:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 09:01 204,800 a------- c:\windows\system32\mswebdvd.dll

==== Installed Programs ======================


============= FINISH: 21:22:21.09 ===============

here is my ntbtlog.txt
Service Pack 311 1 2009 20:46:28.500
Loaded driver \WINDOWS\system32\ntkrnlpa.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver sptd.sys
Loaded driver \WINDOWS\System32\Drivers\WMILIB.SYS
Loaded driver \WINDOWS\System32\Drivers\SPTDDRV1.SYS
Loaded driver ACPI.sys
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver compbatt.sys
Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS
Loaded driver pciide.sys
Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Loaded driver aliide.sys
Loaded driver cmdide.sys
Loaded driver toside.sys
Loaded driver viaide.sys
Loaded driver intelide.sys
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver cpqarray.sys
Loaded driver \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Loaded driver atapi.sys
Loaded driver aha154x.sys
Loaded driver sparrow.sys
Loaded driver symc810.sys
Loaded driver aic78xx.sys
Loaded driver dac960nt.sys
Loaded driver ql10wnt.sys
Loaded driver amsint.sys
Loaded driver asc.sys
Loaded driver asc3550.sys
Loaded driver mraid35x.sys
Loaded driver i2omp.sys
Loaded driver ini910u.sys
Loaded driver ql1240.sys
Loaded driver aic78u2.sys
Loaded driver symc8xx.sys
Loaded driver sym_hi.sys
Loaded driver sym_u3.sys
Loaded driver ABP480N5.SYS
Loaded driver asc3350p.sys
Loaded driver cd20xrnt.sys
Loaded driver ultra.sys
Loaded driver adpu160m.sys
Loaded driver dpti2o.sys
Loaded driver ql1080.sys
Loaded driver ql1280.sys
Loaded driver ql12160.sys
Loaded driver perc2.sys
Loaded driver perc2hib.sys
Loaded driver hpn.sys
Loaded driver cbidf2k.sys
Loaded driver dac2w2k.sys
Loaded driver VIAMRAID.SYS
Loaded driver disk.sys
Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Loaded driver fltmgr.sys
Loaded driver PCTCore.sys
Loaded driver PxHelp20.sys
Loaded driver KSecDD.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver sisagp.sys
Loaded driver viaagp.sys
Loaded driver viaagp1.sys
Loaded driver ohci1394.sys
Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS
Loaded driver Mup.sys
Loaded driver alim1541.sys
Loaded driver amdagp.sys
Loaded driver agp440.sys
Loaded driver agpCPQ.sys
Loaded driver \SystemRoot\system32\DRIVERS\nic1394.sys
Loaded driver \SystemRoot\system32\DRIVERS\processr.sys
Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys
Loaded driver \SystemRoot\system32\DRIVERS\Intels51.sys
Loaded driver \SystemRoot\System32\Drivers\Modem.SYS
Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\System32\Drivers\ElbyDelay.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\system32\DRIVERS\point32.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\drivers\ALCXWDM.SYS
Loaded driver \SystemRoot\system32\drivers\ALCXSENS.SYS
Loaded driver \SystemRoot\system32\DRIVERS\fetnd5bv.sys
Loaded driver \SystemRoot\system32\DRIVERS\fdc.sys
Loaded driver \SystemRoot\system32\DRIVERS\serial.sys
Loaded driver \SystemRoot\system32\DRIVERS\serenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\parport.sys
Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\system32\DRIVERS\psched.sys
Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\update.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\drivers\MODEMCSA.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Loaded driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Did not load driver \systemroot\system32\drivers\gasfkybbgiujrw.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\System32\Drivers\avgtdix.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\system32\DRIVERS\p3.sys
Loaded driver \SystemRoot\System32\Drivers\StarOpen.SYS
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Did not load driver \systemroot\system32\drivers\rpvnprpipoufniww.sys
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\system32\DRIVERS\arp1394.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \SystemRoot\System32\Drivers\avgmfx86.sys
Loaded driver \SystemRoot\System32\Drivers\avgldx86.sys
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS

Another DDS log is NOT required. Again, what I do need is the results of the reg query, so I'll post those instructions yet again.


Open the Hiren's BootCD WinTools and click Menu>Other>Registry Editor PE
When it loads, expand and select the C:\Windows folder in the Browse dialog that opens, then click OK.
Next you will be presented with a series of 4 Select file dialogs in which you need only click Open.
Next you will be asked if you want to open a User hive - click No.
Once the hives are loaded, you will get a message box confirming they are loaded and the relative paths in the Registry Editor.
Click OK then minimize the Registry Editor to the taskbar when it opens. *DO NOT CLOSE REGISTRY EDITOR PE AT THIS TIME*

Connect the network, then using the Opera browser, come back to this post and highlight then copy the following bolded command to text.

reg query HKLM\_REMOTE_SYSTEM\Select>"%userprofile%\desktop\log.txt"

Open the Command prompt window again then right click>Paste the command into the command window.
When complete, close the command window and open the log.txt file on the desktop.
Post it's contents in a reply here along with the exact path to the user hive as previously noted.
Close the Registry Editor PE and wait for an 'All Finished' message.

hi
not sure if ive done it correctly but heres my log


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\_REMOTE_SYSTEM\Select
Current REG_DWORD 0x5
Default REG_DWORD 0x5
Failed REG_DWORD 0x4
LastKnownGood REG_DWORD 0x6

That's perfect! I'll post further instructions soon.

Please double check the ntbtlog.txt and verify that it ends at exactly the place in your post above (just want to make sure the whole thing got posted).

Hi
Yes checked the ntbtlog.txt file and ends with cdfs.sys

Lets see if we can remove some of the malware loading points in the registry and get a successful bootup.

Open the Hiren's BootCD WinTools and click Menu>Other>Registry Editor PE
When it loads, expand and select the C:\Windows folder in the Browse dialog that opens, then click OK.
Next you will be presented with a series of 4 Select file dialogs inwhich you need only click Open.
Next you will be asked if you want to open a User hive - click No.
Once the hives are loaded, you will get a message box confirming they are loaded and the relative paths in the Registry Editor.
Click OK then minimize the Registry Editor to the taskbar when it opens.

Connect the network, then using the Opera browser, come back to this post and copy the contents of the code box below to text.



Open the Command prompt window again then right click>Paste the command into the command window.
When complete, close the command window and open the new query.txt file on the desktop.
Post it's contents in a reply here and wait for further instructions before doing anything else.

hello
I ran the last instruction and opend the query.txt file on the desktop but there was nothing writen within.

An empty log suggests the registry editing from the batch was successful. Lets make sure. Boot back to MiniXP and run dds-bootcd again then post the log (do NOT open Registry Editor PE).

Hello
Here is my latest DDS log


DDS_BootCD_Version (Ver_09-10-04.01) - NTFSx86
Run at 21:19:51.71 on Tue 11/03/2009
Internet Explorer: 8.0.6001.18702

============== Pseudo HJT Report ===============

S-1-5-21-1935681133-1597978318-240782882-1007_URLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
S-1-5-21-1935681133-1597978318-240782882-1007_URLSearchHooks: H - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: Orange: {4e7bd74f-2b8d-469e-a1fb-f862b587b57d} -
TB: {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
S-1-5-21-1935681133-1597978318-240782882-1007_Run: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
S-1-5-21-1935681133-1597978318-240782882-1007_Run: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
S-1-5-21-1935681133-1597978318-240782882-1007_Run: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
S-1-5-21-1935681133-1597978318-240782882-1007_Run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [RemoteControl] c:\windows\system32\rmctrl.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
S-1-5-21-1935681133-1597978318-240782882-1007_Policies-explorer: NoWindowsUpdate = 0 (0x0)
S-1-5-21-1935681133-1597978318-240782882-1007_Policies-system: EnableProfileQuota = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,21/mcgdmgr.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

APCPBEAgent; c:\progra~1\apc\powerc~1\agent\pbeagent.exe
AVG; [x]
avg8wd; c:\progra~1\avg\avg8\avgwdsvc.exe
AvgLdx86; \SystemRoot\System32\Drivers\avgldx86.sys
AvgTdiX; \SystemRoot\System32\Drivers\avgtdix.sys
fssfltr; system32\DRIVERS\fssfltr_tdi.sys
fsssvc; "c:\program files\windows live\family safety\fsssvc.exe"
gupdate1c9b63b8cc7536e; "c:\program files\google\update\GoogleUpdate.exe" /svc
Lavasoft Ad-Aware Service; [x]
PAC207; system32\DRIVERS\pfc027.sys
PCTCore; system32\drivers\PCTCore.sys
sdAuxService; c:\program files\spyware doctor\pctsAuxs.exe
SeaPort; "c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe"
Winsock - Google Desktop Search Backup Before First Install; [x]
Winsock - Google Desktop Search Backup Before Last Install; [x]
Winsock2 - Google Desktop Search Backup Before First Install; [x]
Winsock2 - Google Desktop Search Backup Before Last Install; [x]
{017945CB-B466-4F10-96F8-EE9956E84EEE}; [x]
{04D8EFFB-0568-4B5D-ABF5-862962188B58}; [x]
{AACB5D92-5FF1-4F32-BA0D-D1825E165C1F}; [x]

=============== Created Last 30 ================

2009-10-10 19:32 13,824 a------- c:\windows\system32\gasfkynrerrnti.dll
2009-10-09 20:30 13,824 a------- c:\windows\system32\gasfkyxexbfjpi.dll
2009-10-06 16:52 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-10-06 16:52 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-10-06 16:52 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-10-06 16:51 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-10-06 16:51 <DIR> --d----- c:\documents and settings\all users\application data\AVG Security Toolbar
2009-10-06 16:51 <DIR> --d----- c:\program files\AVG

==================== Find3M ====================

2009-10-13 16:24 94,253 a------- c:\windows\system32\gasfkyomudujwm.dat
2009-10-13 16:24 19,968 a------- c:\windows\system32\gasfkygwveirwk.dll
2009-09-30 22:49 46 a------- C:\p2hhr.bat
2009-09-27 15:53 18,176 a------- c:\documents and settings\all users\application data\ywij.com
2009-09-27 15:53 14,539 a------- c:\windows\osokobu.com
2009-09-27 15:53 12,169 a------- c:\windows\system32\odyfonem.bat
2009-09-27 15:53 10,437 a------- c:\windows\system32\icide.pif
2009-09-27 15:53 18,333 a------- c:\documents and settings\all users\application data\etujibyh.sys
2009-09-27 15:53 13,315 a------- c:\windows\myheq.reg
2009-09-27 15:53 11,890 a------- c:\documents and settings\all users\application data\qaha.com
2009-09-27 15:53 10,590 a------- c:\documents and settings\arfon jones\application data\aqynacehu.vbs
2009-09-27 15:53 11,399 a------- c:\program files\common files\niryvizuf.dl
2009-09-27 15:53 14,561 a------- c:\program files\common files\bogawi.dat
2009-09-26 12:49 19,755 a------- c:\windows\yxusujag.dat
2009-09-26 12:49 17,582 a------- c:\documents and settings\all users\application data\vegiz.reg
2009-09-26 12:49 17,248 a------- c:\program files\common files\adegyrut.db
2009-09-26 12:49 16,604 a------- c:\windows\system32\icolataf.scr
2009-09-26 12:49 12,103 a------- c:\program files\common files\ycisig.pif
2009-09-26 12:49 12,058 a------- c:\windows\oqevugoze.reg
2009-09-26 12:49 11,947 a------- c:\windows\ocimusavi.com
2009-09-26 12:49 10,731 a------- c:\documents and settings\all users\application data\ywah.scr
2009-09-26 12:49 16,602 a------- c:\program files\common files\ysirunuq._dl
2009-09-26 12:44 20,992 a------- c:\windows\system32\gasfkyrqpwqlta.dll
2009-09-26 12:43 45,568 a------- c:\windows\system32\gasfkytsnsnior.dll
2009-09-26 12:43 72,192 a------- c:\windows\system32\drivers\gasfkybbgiujrw.sys.old
2009-09-26 12:42 6,656 a------- C:\hxlqib.exe
2009-09-25 21:31 991,584 a------- c:\windows\system32\xa.tmp
2009-08-06 18:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 18:23 215,920 a------- c:\windows\system32\muweb.dll
2008-09-23 21:28 31,320 a------- c:\documents and settings\arfon jones\application data\GDIPFONTCACHEV1.DAT
2008-09-17 21:59 87,608 a------- c:\documents and settings\arfon jones\application data\inst.exe
2008-09-17 21:59 47,360 a------- c:\documents and settings\arfon jones\application data\pcouffin.sys
2006-10-10 21:19 278,528 a------- c:\program files\common files\FDEUnInstaller.exe
2004-11-25 20:59 262,144 a------- c:\documents and settings\all users\NTUSER.DAT

==== Installed Programs ======================


2600
2600_Help
2600Trb
4oD
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0.1
Adobe Reader 7.0.9
Adobe® Photoshop® Album Starter Edition 3.0
AiO_Scan
AiOSoftware
APC PowerChute Business Edition Agent
APC PowerChute Business Edition Console
AVG Free 8.5
BufferChm
Copy
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Destinations
DiMAGE Viewer
Director
DocProc
DocumentViewer
Driveway and Patio Designer V9.5.22
Easy Price Pro NHE Cal
Easy Price Pro NHE Estimator
ERUNT 1.1j
Fax
Google Earth
Google SketchUp 6
Google Toolbar for Internet Explorer
Google Update Helper
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HMRC Employer CD-ROM 2009
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
hp deskjet 5550 series (Remove only)
HP Diagnostic Assistant
HP Discover Digital Photography
HP Image Zone 4.2
hp print screen utility
HP PSC & OfficeJet 4.2
HP Software Update
HP Unload DLL Patch
HPSystemDiagnostics
InstantShare
InterActual Player
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 11
Java™ 6 Update 3
Junk Mail filter update
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8 Plugin
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MSN
MSN Music Assistant
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero - Burning Rom (Web installer)
Network Play System (Patching)
NHEEstimator
Orange Search Toolbar
OTiCardReader
Overland
PC Camer@
Personal License Update Wizard for Windows Media Player
PhotoGallery
Picasa 3
PowerDVD
PrintScreen
ProductContext
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
RegCure 1.6.0.0
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Scan
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
SkinsHP1
Spybot - Search & Destroy
Spyware Doctor 6.0
The Sims House Party
TrayApp
Unload
upapp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VIA Rhine-Family Fast Ethernet Adapter
Viewpoint Media Player
Virtual Earth 3D (Beta)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

============= FINISH: 21:19:58.51 ===============