take a look at logs plz

[El loco]

Hello again. this morning my comp was getting weird error;
"Error loading hpvcp.dll The specific module could not be found."
So I left malwarebytes running while I was away and it seems to have picked whatever it was. I scanned with everything again just to be safe. could you take a look at the logs please?

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4234

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/23/2010 7:02:38 AM
mbam-log-2010-07-23 (07-02-38).txt

Scan type: Full scan (C:\|)
Objects scanned: 393415
Time elapsed: 2 hour(s), 40 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93179be5-9cdb-4ce4-94e2-42ff4b929a5c} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{93179be5-9cdb-4ce4-94e2-42ff4b929a5c} (Adware.AdRotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mchk (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\LocalService\Application Data\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Street-Ads\sta (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Paradox Entertainment\Crusader Kings\Crusaders.exe (Rogue.Crusader) -> Not selected for removal.
C:\System Volume Information\_restore{F8796A5D-162E-472F-9610-50B325A26B99}\RP26\A0004227.exe (Rogue.Crusader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F8796A5D-162E-472F-9610-50B325A26B99}\RP26\A0004229.exe (Rogue.Crusader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F8796A5D-162E-472F-9610-50B325A26B99}\RP19\A0003427.exe (Rogue.Crusader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Update\seupd.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpvcp.dll (Adware.AdRotator) -> Quarantined and deleted successfully.

logs

ComboFix 10-07-22.06 - Mike 07/23/2010 14:58:16.15.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.404 [GMT -4:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-06-23 to 2010-07-23 )))))))))))))))))))))))))))))))
.

2010-07-23 11:53 . 2004-08-07 00:17 4224 -c--a-w- c:\windows\system32\dllcache\rdpcdd.sys
2010-07-23 11:53 . 2004-08-07 00:17 4224 ----a-w- c:\windows\system32\drivers\RDPCDD.sys
2010-07-23 03:09 . 2010-07-23 03:09 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-07-23 03:07 . 2010-07-23 19:07 766976 ----a-w- c:\windows\system32\drivers\gdwqaj.sys
2010-07-23 03:07 . 2010-07-23 11:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-07-23 03:06 . 2010-07-23 03:11 -------- d-----w- c:\documents and settings\Mike\Application Data\C8687F969A494E736FF0EDE49A00E961
2010-07-22 02:57 . 2010-07-23 03:18 -------- d-----w- c:\program files\The Guild 2 - Demo
2010-07-21 12:58 . 2010-07-21 12:58 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-21 12:58 . 2010-07-21 12:58 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-21 12:58 . 2010-07-21 12:58 1373536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-07-21 12:58 . 2010-07-21 12:58 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-16 13:56 . 2010-07-16 13:56 2332000 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
2010-07-14 12:56 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-01 01:55 . 2010-07-01 01:55 -------- d-----w- c:\program files\iPod
2010-07-01 01:54 . 2010-07-01 01:56 -------- d-----w- c:\program files\iTunes
2010-07-01 01:47 . 2010-07-01 01:47 -------- d-----w- c:\program files\Bonjour
2010-07-01 01:40 . 2010-07-01 01:40 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-29 14:37 . 2010-06-29 14:37 1039712 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 18:55 . 2010-06-19 11:52 0 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\prvlcl.dat
2010-07-16 15:16 . 2008-02-12 00:55 -------- d-----w- c:\documents and settings\Mike\Application Data\uTorrent
2010-07-01 01:55 . 2008-03-15 15:16 -------- d-----w- c:\program files\Common Files\Apple
2010-06-30 04:15 . 2009-02-14 01:26 -------- d-----w- c:\documents and settings\Mike\Application Data\mIRC
2010-06-29 20:11 . 2009-02-14 01:26 -------- d-----w- c:\program files\mIRC
2010-06-24 22:25 . 2008-09-13 01:06 -------- d-----w- c:\program files\Paradox Entertainment
2010-06-22 13:49 . 2010-06-14 23:12 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-22 13:49 . 2010-06-14 23:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-22 13:49 . 2010-06-14 23:12 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-06-22 13:48 . 2010-06-14 23:12 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-21 03:32 . 2010-03-21 23:03 -------- d-----w- c:\documents and settings\Mike\Application Data\Skype
2010-06-21 02:27 . 2008-01-23 17:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-20 20:03 . 2010-03-21 23:06 -------- d-----w- c:\documents and settings\Mike\Application Data\skypePM
2010-06-18 17:18 . 2009-10-06 23:49 -------- d-----w- c:\documents and settings\Mike\Application Data\gtk-2.0
2010-06-16 19:56 . 2010-06-16 19:26 -------- d-----w- c:\documents and settings\Mike\Application Data\DAEMON Tools Lite
2010-06-16 19:29 . 2010-06-16 19:26 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-16 19:27 . 2008-02-05 19:16 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-16 19:26 . 2010-06-16 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-06-14 23:26 . 2010-06-14 23:12 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-14 23:12 . 2010-06-14 23:12 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-06-14 23:10 . 2010-06-14 23:10 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-06-14 23:10 . 2010-06-14 23:10 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-06-14 23:09 . 2010-06-14 23:09 -------- d-----w- c:\program files\AVG
2010-06-14 23:09 . 2010-03-05 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-14 14:31 . 2008-01-23 16:40 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-11 19:15 . 2009-03-01 01:02 -------- d-----w- c:\documents and settings\Mike\Application Data\Malwarebytes
2010-06-11 19:15 . 2010-06-11 19:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-11 19:15 . 2009-03-01 01:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-11 18:33 . 2008-03-29 12:20 -------- d-----w- c:\program files\Google
2010-06-11 18:08 . 2008-02-02 02:51 -------- d-----w- c:\program files\SpeedFan
2010-06-11 18:07 . 2008-04-09 00:43 -------- d-----w- c:\program files\Strategy First
2010-06-11 18:05 . 2009-10-23 05:01 -------- d-----w- c:\program files\PokerStars
2010-06-11 18:04 . 2009-10-30 18:46 -------- d-----w- c:\documents and settings\Mike\Application Data\runic games
2010-06-11 17:48 . 2008-07-09 17:22 -------- d-----w- c:\program files\Digital Guitar Tuner 2.3
2010-06-11 17:46 . 2010-06-11 12:40 1217 ----a-w- c:\windows\system32\eappgfui.dat
2010-06-11 17:46 . 2010-06-11 12:40 1008 ----a-w- c:\windows\system32\mspbdel0.dat
2010-06-11 17:41 . 2010-06-11 12:40 0 ----a-w- c:\windows\system32\unaczv2c.dat
2010-06-11 17:34 . 2010-06-11 12:45 585 ----a-w- c:\windows\system32\cfgbkend.dat
2010-06-11 17:34 . 2010-06-11 12:45 896 ----a-w- c:\windows\system32\iaspolcu.dat
2010-06-11 17:33 . 2010-06-11 12:45 0 ----a-w- c:\windows\system32\mf321y.dat
2010-06-11 17:10 . 2010-06-11 12:40 318 ----a-w- c:\windows\system32\adptihps.dat
2010-06-05 03:17 . 2008-01-23 18:14 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-28 22:57 . 2009-12-12 04:43 -------- d-----w- c:\program files\Free Easy Burner
2010-05-28 21:31 . 2010-01-10 03:39 -------- d-----w- c:\program files\Children of the Nile - Enhanced Edition
2010-05-28 20:04 . 2010-05-28 20:04 -------- d-----w- c:\program files\Cheetah Burner
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-09 21:23 . 2010-04-23 13:32 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-09 20:52 . 2010-04-23 13:31 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-06 10:41 . 2004-08-04 04:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 03:17 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-06-11 19:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-06-11 19:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-25 17:33 . 2010-04-25 17:33 262144 ----a-w- C:\ntuser.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\documents and settings\Mike\Desktop\frontpage.swf
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-22 13:49 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-06-15 17:37 47408 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 20:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 20:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-01-12 03:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-01-12 03:17 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2010-04-17 10:56 394984 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 14:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\kav\\kav7\\setup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\Bf2_w32ded.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [6/14/2010 7:12 PM 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [6/14/2010 7:12 PM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/14/2010 7:12 PM 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/14/2010 7:12 PM 243024]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/14/2010 7:10 PM 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [6/14/2010 7:26 PM 2331032]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [11/15/2009 5:58 PM 2368]
R2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [2/5/2010 5:18 PM 41025]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [6/14/2010 7:10 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [6/14/2010 7:10 PM 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [6/14/2010 7:10 PM 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [6/14/2010 7:10 PM 26192]
S2 a2AntiMalware;a-squared Anti-Malware Service;"c:\program files\a-squared Anti-Malware\a2service.exe" --> c:\program files\a-squared Anti-Malware\a2service.exe [?]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [6/22/2010 9:49 AM 5897808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate1c9f7db41a482ee;Google Update Service (gupdate1c9f7db41a482ee);c:\program files\Google\Update\GoogleUpdate.exe [6/28/2009 6:29 AM 133104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [6/14/2010 7:10 PM 30104]
S3 cpuz130;cpuz130;\??\c:\docume~1\Mike\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Mike\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [1/20/2010 12:15 PM 23456]
S3 lgusbsmodem;LGE Mobile USB Modem;c:\windows\system32\DRIVERS\lgusbsmodem.sys --> c:\windows\system32\DRIVERS\lgusbsmodem.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/5/2008 3:16 PM 691696]

 

[El loco]

--- Other Services/Drivers In Memory ---

*Deregistered* - gdwqaj

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-28 10:28]

2010-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-28 10:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://espanol.yahoo.com
mStart Page = hxxp://espanol.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\en8u1vpy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://espanol.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google.com (in English)
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101038100&s=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\en8u1vpy.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101038100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-07-23 15:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet008\Services\gdwqaj]

.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4040)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-23 15:11:19
ComboFix-quarantined-files.txt 2010-07-23 19:11
ComboFix2.txt 2010-07-23 15:51
ComboFix3.txt 2010-07-23 12:18
ComboFix4.txt 2010-06-24 19:00
ComboFix5.txt 2010-07-23 18:57

Pre-Run: 42,790,281,216 bytes free
Post-Run: 42,770,210,816 bytes free

Current=8 Default=8 Failed=7 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - C861E6CDC4C06FCF1094993565FF961A

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:19:56 PM, on 7/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Mike\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! en Espaol
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! en Espaol
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1201108691495
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1201111902218
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Unknown owner - C:\Program Files\a-squared Anti-Malware\a2service.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9f7db41a482ee) (gupdate1c9f7db41a482ee) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Blaze Media Pro\NMSAccess32.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Mike\Desktop\frontpage.swf

--
End of file - 8650 bytes

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4341

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/23/2010 3:18:54 PM
mbam-log-2010-07-23 (15-18-54).txt

Scan type: Quick scan
Objects scanned: 164570
Time elapsed: 6 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Osiris]

Go to start, run, type msconfig and press enter.

Then go to the startup tab, click disable all. Then recheck your antvirius entry or entries and then reboot.

Does that message appear again?

 

[El loco]

Go to start, run, type msconfig and press enter.

Then go to the startup tab, click disable all. Then recheck your antvirius entry or entries and then reboot.

Does that message appear again?

after the first malwarebytes scan I did that, then ran ccleaner/cleanup! then scanned with
combofix/malwarebytes/highjackthis
The error has not appeared anymore.

 

[Osiris]

Sounds good