major lag, pop ups, BS

[Boot Boy]

i tried and i failed to fix it my self so i am asking for help.... here is my log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:12:16 PM, on 10/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\Daddy\Application Data\mjusbsp\magicJack.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\Daddy\My Documents\Downloads\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Application Layer Gateway] C:\Program Files\Common Files\alg.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Daddy\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [A00F218721DC.exe] C:\DOCUME~1\Daddy\LOCALS~1\Temp\_A00F218721DC.exe
O4 - HKCU\..\Run: [A00F15259707.exe] C:\DOCUME~1\Daddy\LOCALS~1\Temp\_A00F15259707.exe
O4 - HKUS\S-1-5-21-746137067-688789844-1417001333-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Brook')
O4 - HKUS\S-1-5-21-746137067-688789844-1417001333-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Brook')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1218836048702
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\compstui32.dll
O20 - Winlogon Notify: a4cd410a658 - C:\WINDOWS\System32\compstui32.dll
O20 - Winlogon Notify: __c009E039 - C:\WINDOWS\system32\__c009E039.dat
O20 - Winlogon Notify: __c00D7664 - C:\WINDOWS\system32\__c00D7664.dat (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe

--
End of file - 9149 bytes

[Jintan]

Welcome to HijackThis.de Boot Boy,


Infection is showing here. Let's get more details and then start some repairs.

First follow the steps here to disable SpyBot's TeaTimer, as it will interfere with the repairs. Be sure to do all the steps, including the required reboot.

And to keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button.

If necessary allow it to locate or download a copy of HijackThis as needed.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

--------------

Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


If on it's opening scan Gmer locates items shown in red or indicates "hidden" or "rootkit", stop there, and click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. We don't want any crashes just from taking an initial look at things.

If not, then click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

[Boot Boy]

OK I ran them and got the 2 log files from RSIT when I ran Gmer I clicked scan and each time it runs it will go for about 5-10 min and then crashes the computer. I tried it 3 times and each time the computer will automatically restart before it finishes...
Here are the 2 files from RSIT:


Logfile of random's system information tool 1.06 (written by random/random)
Run by Daddy at 2009-10-09 08:00:04
Microsoft Windows XP Professional Service Pack 3
System drive C: has 14 GB (23%) free of 60 GB
Total RAM: 511 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:20 AM, on 10/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\Daddy\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Documents and Settings\Daddy\My Documents\Downloads\RSIT.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Daddy\My Documents\Downloads\Daddy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Application Layer Gateway] C:\Program Files\Common Files\alg.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Daddy\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [A00F218721DC.exe] C:\DOCUME~1\Daddy\LOCALS~1\Temp\_A00F218721DC.exe
O4 - HKCU\..\Run: [A00F15259707.exe] C:\DOCUME~1\Daddy\LOCALS~1\Temp\_A00F15259707.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1218836048702
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\compstui32.dll
O20 - Winlogon Notify: a4cd410a658 - C:\WINDOWS\System32\compstui32.dll
O20 - Winlogon Notify: __c009E039 - C:\WINDOWS\system32\__c009E039.dat
O20 - Winlogon Notify: __c00D7664 - C:\WINDOWS\system32\__c00D7664.dat (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe

--
End of file - 8171 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-08-20 430592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Run]
"USRpdA"= []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"3c1807pd"=C:\WINDOWS\SYSTEM32\3cmlink.exe [2005-11-18 73728]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"Application Layer Gateway"=C:\Program Files\Common Files\alg.exe []
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-09-21 520024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2009-02-20 4363504]
"cdloader"=C:\Documents and Settings\Daddy\Application Data\mjusbsp\cdloader2.exe [2009-08-01 50520]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe [2009-01-30 1347584]
"Creative WebCam Tray"=C:\Program Files\Creative\Shared Files\CamTray.exe [2005-10-27 299008]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2009-08-20 2000120]
"A00F218721DC.exe"=C:\DOCUME~1\Daddy\LOCALS~1\Temp\_A00F2187 21DC.exe []
"A00F15259707.exe"=C:\DOCUME~1\Daddy\LOCALS~1\Temp\_A00F1525 9707.exe [2009-10-05 40960]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\System32\compstui32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\a4cd410a658]
C:\WINDOWS\System32\compstui32.dll [2009-08-27 124928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c009E039]
C:\WINDOWS\system32\__c009E039.dat [2009-10-08 28160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00D7664]
C:\WINDOWS\system32\__c00D7664.dat []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shareda ccess\parameters\firewallpolicy\standardprofile\authorizedap plications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.e xe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\BitPim\bitpimw.exe"="C:\Program Files\BitPim\bitpimw.exe:*:Enabled:Open Source Mobile Phone Tool"
"C:\Program Files\SVDVR\shttps\http.exe"="C:\Program Files\SVDVR\shttps\http.exe:*:Enabled:http"
"C:\Program Files\SVDVR\SVDVR.exe"="C:\Program Files\SVDVR\SVDVR.exe:*:Enabled:SVDVR"
"C:\Program Files\Client\ClientMain.exe"="C:\Program Files\Client\ClientMain.exe:*:Enabled:ClientMain"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\System\ArmyOps.exe"="D:\System\ArmyOps.exe:*:Enabled:Arm yOps"
"C:\Program Files\EA GAMES\American McGee's Alice\alice.exe"="C:\Program Files\EA GAMES\American McGee's Alice\alice.exe:*:Enabled:American McGee's Alice"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*isabled:Windows Explorer"
"C:\Documents and Settings\Daddy\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\Daddy\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shareda ccess\parameters\firewallpolicy\domainprofile\authorizedappl ications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.e xe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ explorer\mountpoints2\E]
shell\AutoRun\command - E:\install\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ explorer\mountpoints2\F]
shell\AutoRun\command - F:\autorun.exe
shell\phone\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ explorer\mountpoints2\H]
shell\AutoRun\command - H:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-12-25 18:17:58 ----SHD---- C:\WINDOWS\ftpcache
2009-10-09 07:55:45 ----A---- C:\WINDOWS\system32\__c003E96C.exe
2009-10-09 07:11:50 ----D---- C:\rsit
2009-10-08 13:03:29 ----A---- C:\WINDOWS\system32\96.tmp
2009-10-08 13:03:28 ----A---- C:\WINDOWS\system32\95.tmp
2009-10-07 09:14:35 ----SHD---- C:\WINDOWS\system32\LocalService
2009-10-04 03:12:43 ----ASH---- C:\WINDOWS\system32\91.tmp
2009-10-03 07:12:43 ----ASH---- C:\WINDOWS\system32\8E.tmp
2009-10-01 05:28:34 ----A---- C:\WINDOWS\system32\A7.tmp
2009-09-30 09:28:34 ----A---- C:\WINDOWS\system32\16.tmp
2009-09-29 11:13:08 ----A---- C:\WINDOWS\system32\5CF.tmp
2009-09-24 11:13:18 ----A---- C:\WINDOWS\system32\116.tmp
2009-09-23 12:27:56 ----A---- C:\WINDOWS\wininit.ini
2009-09-22 07:22:18 ----ASH---- C:\WINDOWS\system32\31A.tmp
2009-09-20 19:17:31 ----A---- C:\WINDOWS\GnuHashes.ini
2009-09-20 19:10:01 ----ASH---- C:\WINDOWS\system32\207.tmp
2009-09-19 12:15:23 ----D---- C:\Documents and Settings\Daddy\Application Data\BitTorrent
2009-09-19 12:14:44 ----D---- C:\Program Files\BitTorrent

======List of files/folders modified in the last 1 months======

2009-10-09 07:58:00 ----D---- C:\WINDOWS\Temp
2009-10-09 07:55:56 ----D---- C:\WINDOWS\Prefetch
2009-10-09 07:55:45 ----D---- C:\WINDOWS\system32
2009-10-09 07:52:24 ----D---- C:\Program Files\Mozilla Firefox
2009-10-09 07:51:22 ----D---- C:\Documents and Settings\Daddy\Application Data\mjusbsp
2009-10-09 07:41:15 ----D---- C:\WINDOWS\Minidump
2009-10-09 07:41:15 ----D---- C:\WINDOWS
2009-10-07 10:51:24 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-07 10:09:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-07 09:36:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-05 18:40:27 ----HD---- C:\WINDOWS\inf
2009-10-05 18:40:27 ----D---- C:\WINDOWS\Help
2009-09-28 19:19:29 ----D---- C:\Documents and Settings\Daddy\Application Data\Enigma Browser
2009-09-23 11:56:04 ----SHD---- C:\WINDOWS\Installer
2009-09-23 11:56:00 ----RD---- C:\Program Files
2009-09-23 11:55:58 ----SD---- C:\WINDOWS\Tasks
2009-09-23 11:28:27 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-09-19 18:42:40 ----D---- C:\Documents and Settings\Daddy\Application Data\LimeWire

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-08-19 991656]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 SiSV;SiSV; C:\WINDOWS\System32\DRIVERS\SiSV.sys [2001-08-17 50432]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudio.sys [2003-08-19 73984]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2003-05-21 253672]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 3c1807pd;U.S. Robotics V.92 Fax Win Int; C:\WINDOWS\system32\DRIVERS\3c1807pd.sys [2005-11-18 329056]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2008-05-30 534568]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-07-24 156816]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2008-03-10 57384]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-08-19 47272]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MRVW245;Linksys Wireless-N USB Network Adapter WUSB300N; C:\WINDOWS\System32\DRIVERS\MRVW245.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 StkAMini;Syntek STK1160; C:\WINDOWS\System32\Drivers\StkAMini.sys [2006-11-15 242139]
S3 StkScan;Syntek STK1160 Still Image; C:\WINDOWS\System32\Drivers\StkScan.sys [2006-06-27 4772]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
S3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver; C:\WINDOWS\System32\DRIVERS\USRpdA.sys [2001-08-17 113762]
S3 V0260VID;Live! Cam Vista IM; C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-04 178913]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-09-02 346720]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-21 1028432]
R2 StkASSrv;Syntek STK1160 Service; C:\WINDOWS\System32\StkASv2K.exe [2006-05-23 24576]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.e xe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFont Cache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


-----------------------------------------------------------------------------------




info.txt logfile of random's system information tool 1.06 2009-10-09 07:12:24

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe Acrobat 4.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Any Video Converter 2.6.2-->"C:\Program Files\Any Video Converter\unins000.exe"
Arthur's Birthday-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Living Books\DeIsL1.isu"
Arthur's Wilderness Rescue-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Arthur's Wilderness Rescue\Uninstall.xml"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BitPim 1.0.6-->"C:\Program Files\BitPim\unins000.exe"
BitTorrent-->C:\Program Files\BitTorrent\uninst.exe
Camouflage-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Camouflage\Uninst.isu"
Client-->C:\PROGRA~1\Client\UNWISE.EXE C:\PROGRA~1\Client\INSTALL.LOG
Creative Live! Cam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x9 /remove
Creative Live! Cam Vista IM Driver (1.01.03.1104)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0260.uns -unsext NT -plugin V0260Pin.dll -pluginres CtCamPin.crl
Creative Live! Cam Vista IM User's Guide (English)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative Live! Cam Vista IM\Creative Live! Cam Vista IM User's Guide\English\CTManual.isu"
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative WebCam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9 /remove
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.ex e"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Enigma Browser (remove only)-->"C:\Program Files\Enigma Browser\uninst.exe"
Get Yahoo! Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x9 /remove
HijackThis 2.0.2-->"C:\Documents and Settings\Daddy\My Documents\Downloads\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Leap Ahead Kindergarten-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\The Learning Company\Leap Ahead Kindergarten\Uninst.isu"
LimeWire 4.18.6-->"C:\Program Files\LimeWire\uninstall.exe"
Magic School Bus - Animals-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft Kids\MSB Animals\System\UnMSBA.isu" -c"C:\Program Files\Microsoft Kids\MSB Animals\System\IsUninst.dll"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfi x.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M92836 6\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Command & Control Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mscnc.inf, Uninstall
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuni nst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spu ninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Speech API 3.0-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\spchapi.inf, Uninstall
Microsoft Speech Lexicon-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mslex.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Monopoly-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{20FA8AEE-E785-4F79-98EB-2067A8F395F4}\setup.exe" -l0x9
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MultiViewer-->"C:\Program Files\MultiViewer\unins000.exe"
Oxelon Media Converter 1.1-->"C:\Program Files\OxelonMedia\unins000.exe"
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
Reader Rabbit Personalized Kindergarten-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\The Learning Company\Reader Rabbit Personalized Kindergarten\Uninst.isu"
Reader Rabbit's Reading Ages 4-6-->C:\WINDOWS\IsUninst.exe -fC:\Tlcwin\Rrread46\Uninst\DeIsL1.isu
Reader Rabbit's Toddler-->C:\WINDOWS\IsUninst.exe -fC:\Tlcwin\Rrt\Uninst\DeIsL1.isu
Ringling Bros. - Frankie Goes to the Circus-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\unjsrbbb.exe
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe "
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe "
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.e xe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.ex e"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SVDVR-->C:\PROGRA~1\SVDVR\UNWISE.EXE C:\PROGRA~1\SVDVR\INSTALL.LOG
The Land Before Time Kindergarten Adventure-->C:\Lbtkind\Lbtkind\UNWISE.EXE /A C:\Lbtkind\Lbtkind\INSTALL.LOG
TightVNC 1.3.9-->"C:\Program Files\TightVNC\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951618-v2)-->"C:\WINDOWS\$NtUninstallKB951618-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
USB2.0 Capture Device-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\ Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E337B156-DF81-48D8-8977-B1574EE87BCF}\Setup.exe" -l0x9
USB-IrDA Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}\SETUP.EXE" -l0x9
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WeatherBug-->MsiExec.exe /X{70DECFBF-9119-4434-B2D3-A3C283D15E45}
WIDCOMM Bluetooth Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.ex e"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

127.0.0.1 www.Myspace.com

======Security center information======

AV: avast! antivirus 4.8.1351 [VPS 091008-0] (disabled)

======System event log======

Computer Name: KIDS_COMP
Event Code: 9
Message: The device, \Device\Ide\IdePort1, did not respond within the timeout period.

Record Number: 1504
Source Name: atapi
Time Written: 20081231233001.000000-420
Event Type: error
User:

Computer Name: KIDS_COMP
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0010B50DFEA8. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 1494
Source Name: Dhcp
Time Written: 20081231232922.000000-420
Event Type: warning
User:

Computer Name: KIDS_COMP
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 1484
Source Name: W32Time
Time Written: 20081231221042.000000-420
Event Type: warning
User:

Computer Name: KIDS_COMP
Event Code: 52
Message: The driver has detected that device \Device\Harddisk0\DR0 has predicted that it will fail.
Immediately back up your data and replace your hard disk drive. A failure
may be imminent.

Record Number: 1483
Source Name: Disk
Time Written: 20081231093034.000000-420
Event Type: warning
User:

Computer Name: KIDS_COMP
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 1450
Source Name: W32Time
Time Written: 20091225181800.000000-420
Event Type: warning
User:

=====Application event log=====

Computer Name: KIDS_COMP
Event Code: 0
Message: HttpModules node ServiceModel does not exist in System.Web section group.

Record Number: 541
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090820032030.000000-420
Event Type: warning
User:

Computer Name: KIDS_COMP
Event Code: 0
Message: HttpHandlers node *.svc does not exist in System.Web section group.

Record Number: 540
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090820032030.000000-420
Event Type: warning
User:

Computer Name: KIDS_COMP
Event Code: 0
Message: All compilation assembly nodes do not exist in System.Web section group.

Record Number: 539
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090820032029.000000-420
Event Type: warning
User:

Computer Name: KIDS_COMP
Event Code: 0
Message: A configuration entry for BuildProvider System.ServiceModel.Activation.ServiceBuildProvider, System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 does not exist.

Record Number: 538
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090820032029.000000-420
Event Type: warning
User:

Computer Name: KIDS_COMP
Event Code: 0
Message: Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly.
If you believe this message is an error, check your IIS installation to make sure it is installed properly.

Record Number: 536
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090820032022.000000-420
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\Syste m32\Wbem;C:\Program Files\Common Files\DivX Shared\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.W SH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

[Boot Boy]

OK.... I have to apologize for my impatiens. I took a breath and re-read your post and I failed to read (or "rootkit", stop there ~~/~~ "We don't want any crashes just from taking an initial look at things.") so I re-opened it and here is what it had:


GMER 1.0.15.15125 - http://www.gmer.net
Rootkit quick scan 2009-10-09 14:26:21
Windows 5.1.2600 Service Pack 3
Running: okvxcgd4.exe; Driver: C:\DOCUME~1\Daddy\LOCALS~1\Temp\pwrcapog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

[Jintan]

Gmer, for now, only shows Avast's functions. See if the crashes created a log I can check, and let's start a repair scan there as well.

Make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



Navigate (right click My Computer, left click Explore) to the following folder:

c:\windows\minidump

And if one is there, locate in it any recent minidump(date-somenumber).dmp files created, where "date-somenumber" matches dates of any recent crashes there. If they exist, then just zip a copy of it, and send it to jintan@malwarecrypt.com as an attachment. Please place "Submitted Files - Timfi" as the email Subject.

------------------

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Download ComboFix.exe from here to your desktop, but I would like you to rename the file as you download it (do not download it directly without renaming it - use right click "Save Target/Link As" ). For this, rename the downloading file to 456out.com, then click the renamed 456out.com to run that scan.

Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

[Boot Boy]

ComboFix 09-10-08.04 - Daddy 10/10/2009 11:19.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.282 [GMT -7:00]
Running from: c:\documents and settings\Daddy\My Documents\Downloads\456out.com
AV: avast! antivirus 4.8.1351 [VPS 091009-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Brook\Application Data\02000000121b7245658C.manifest
c:\documents and settings\Brook\Application Data\02000000121b7245658O.manifest
c:\documents and settings\Brook\Application Data\02000000121b7245658P.manifest
c:\documents and settings\Brook\Application Data\02000000121b7245658S.manifest
c:\documents and settings\Courtney\Application Data\02000000121b7245658C.manifest
c:\documents and settings\Courtney\Application Data\02000000121b7245658O.manifest
c:\documents and settings\Courtney\Application Data\02000000121b7245658P.manifest
c:\documents and settings\Courtney\Application Data\02000000121b7245658S.manifest
c:\documents and settings\Daddy\Application Data\02000000121b7245658C.manifest
c:\documents and settings\Daddy\Application Data\02000000121b7245658O.manifest
c:\documents and settings\Daddy\Application Data\02000000121b7245658P.manifest
c:\documents and settings\Daddy\Application Data\02000000121b7245658S.manifest
c:\documents and settings\Kirsten\Application Data\02000000121b7245658C.manifest
c:\documents and settings\Kirsten\Application Data\02000000121b7245658O.manifest
c:\documents and settings\Kirsten\Application Data\02000000121b7245658P.manifest
c:\documents and settings\Kirsten\Application Data\02000000121b7245658S.manifest
C:\test.txt
c:\windows\GnuHashes.ini
c:\windows\MFCKINF.dll
c:\windows\system32\__c003E96C.exe
c:\windows\system32\__c009E039.dat
c:\windows\system32\COMPSTUI32.DLL
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\LocalService\313.crack.zip
c:\windows\system32\LocalService\313.crack.zip.kwd
c:\windows\system32\LocalService\314.keygen.zip
c:\windows\system32\LocalService\314.keygen.zip.kwd
c:\windows\system32\LocalService\315.serial.zip
c:\windows\system32\LocalService\315.serial.zip.kwd
c:\windows\system32\LocalService\316.setup.zip
c:\windows\system32\LocalService\316.setup.zip.kwd
c:\windows\system32\LocalService\317.music.au
c:\windows\system32\LocalService\317.music.au.kwd
c:\windows\system32\LocalService\318.music2.au
c:\windows\system32\LocalService\318.music2.au.kwd
c:\windows\system32\LocalService\319.music3.au
c:\windows\system32\LocalService\319.music3.au.kwd
c:\windows\system32\LocalService\320.music4.au
c:\windows\system32\LocalService\320.music4.au.kwd
C:\xcrashdump.dat

.
((((((((((((((((((((((((( Files Created from 2009-09-10 to 2009-10-10 )))))))))))))))))))))))))))))))
.

2009-12-26 01:17 . 2009-12-26 01:17 -------- d-sh--w- c:\windows\ftpcache
2009-10-09 14:11 . 2009-10-09 14:12 -------- d-----w- C:\rsit
2009-10-07 22:00 . 2009-10-07 22:00 -------- d-sh--w- c:\documents and settings\Kirsten\PrivacIE
2009-10-07 16:14 . 2009-10-10 18:25 -------- d-sh--w- c:\windows\system32\LocalService
2009-09-19 19:15 . 2009-09-21 01:47 -------- d-----w- c:\documents and settings\Daddy\Application Data\BitTorrent
2009-09-19 19:14 . 2009-09-19 19:14 -------- d-----w- c:\program files\BitTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-10 18:33 . 2009-04-07 08:06 -------- d-----w- c:\documents and settings\Daddy\Application Data\mjusbsp
2009-10-09 16:41 . 2009-01-29 03:25 -------- d-----w- c:\documents and settings\Daddy\Application Data\U3
2009-10-09 01:38 . 2009-03-04 21:02 1636 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-08 20:03 . 2009-10-08 20:03 0 ----a-w- c:\windows\system32\96.tmp
2009-10-08 20:03 . 2009-10-08 20:03 0 ----a-w- c:\windows\system32\95.tmp
2009-10-04 10:12 . 2009-10-04 10:12 523264 --sha-w- c:\windows\system32\91.tmp
2009-10-03 14:12 . 2009-10-03 14:12 523264 --sha-w- c:\windows\system32\8E.tmp
2009-10-01 12:28 . 2009-10-01 12:28 0 ----a-w- c:\windows\system32\A7.tmp
2009-09-30 16:28 . 2009-09-30 16:28 0 ----a-w- c:\windows\system32\16.tmp
2009-09-29 18:13 . 2009-09-29 18:13 0 ----a-w- c:\windows\system32\5CF.tmp
2009-09-29 02:19 . 2009-09-09 09:11 -------- d-----w- c:\documents and settings\Daddy\Application Data\Enigma Browser
2009-09-29 02:14 . 2008-12-26 00:57 1524 ----a-w- c:\windows\system32\d3d8caps.dat
2009-09-24 18:13 . 2009-09-24 18:13 0 ----a-w- c:\windows\system32\116.tmp
2009-09-23 18:28 . 2009-09-02 02:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-22 14:22 . 2009-09-22 14:22 523264 --sha-w- c:\windows\system32\31A.tmp
2009-09-21 02:10 . 2009-09-21 02:10 523264 --sha-w- c:\windows\system32\207.tmp
2009-09-20 01:42 . 2008-09-08 17:55 -------- d-----w- c:\documents and settings\Daddy\Application Data\LimeWire
2009-09-16 18:37 . 2009-07-23 00:47 1636 ----a-w- c:\documents and settings\Courtney\Local Settings\Application Data\d3d9caps.tmp
2009-09-09 22:00 . 2009-09-09 11:30 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-09-09 22:00 . 2009-09-09 11:30 -------- d-----w- c:\program files\AVS4YOU
2009-09-09 11:53 . 2009-09-09 11:47 -------- d-----w- c:\documents and settings\Daddy\Application Data\OxelonMC
2009-09-09 11:47 . 2009-09-09 11:47 -------- d-----w- c:\program files\OxelonMedia
2009-09-09 11:45 . 2009-01-29 03:36 -------- d-----w- c:\documents and settings\Daddy\Application Data\Any Video Converter
2009-09-09 11:34 . 2009-09-09 11:34 -------- d-----w- c:\documents and settings\Daddy\Application Data\AVS4YOU
2009-09-09 11:34 . 2009-09-09 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-09-09 10:49 . 2009-09-09 09:10 -------- d-----w- c:\program files\Enigma Browser
2009-09-09 08:00 . 2009-09-09 08:00 -------- d-----w- c:\program files\Veoh Networks
2009-09-04 02:48 . 2009-09-03 00:24 1636 ----a-w- c:\documents and settings\Kirsten\Local Settings\Application Data\d3d9caps.tmp
2009-09-02 03:50 . 2009-09-02 02:40 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-02 03:35 . 2009-09-02 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-02 02:40 . 2009-09-02 02:40 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-09-02 02:39 . 2009-09-02 02:39 -------- d-----w- c:\program files\Lavasoft
2009-09-02 02:39 . 2008-09-13 05:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-02 02:17 . 2009-08-12 05:57 -------- d-----w- c:\program files\Google
2009-09-02 02:01 . 2009-03-19 21:41 -------- d-----w- c:\program files\Yahoo!
2009-09-02 01:59 . 2008-08-16 04:12 -------- d-----w- c:\program files\Foldups
2009-09-02 01:56 . 2008-08-14 13:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-01 23:15 . 2009-09-01 23:15 -------- d-----w- c:\documents and settings\Courtney\Application Data\Yahoo!
2009-09-01 17:14 . 2009-09-01 17:14 69232 ----a-w- c:\documents and settings\Brook\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-31 22:44 . 2009-02-19 00:02 69232 ----a-w- c:\documents and settings\Courtney\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-28 23:13 . 2008-08-15 23:23 69232 ----a-w- c:\documents and settings\Daddy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-28 23:13 . 2009-08-28 23:12 691420 ----a-w- c:\windows\system32\Client.exe
2009-08-27 22:00 . 2009-08-27 21:55 -------- d-----w- c:\program files\MultiViewer
2009-08-27 06:38 . 2008-11-17 21:17 -------- d-----w- c:\documents and settings\All Users\Application Data\LGMOBILEAX
2009-08-27 05:26 . 2009-08-27 05:26 -------- d-----w- c:\program files\WIDCOMM
2009-08-25 07:59 . 2009-08-25 07:59 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX
2009-08-25 07:59 . 2009-08-25 07:59 -------- d-----w- c:\documents and settings\LocalService\Application Data\Creative
2009-08-25 07:47 . 2009-08-25 01:29 -------- d-----w- c:\program files\Creative
2009-08-25 07:31 . 2008-09-08 17:53 -------- d-----w- c:\program files\Java
2009-08-25 01:35 . 2009-08-25 01:35 -------- d-----w- c:\documents and settings\Daddy\Application Data\Creative
2009-08-20 21:25 . 2009-08-12 06:03 -------- d-----w- c:\documents and settings\Daddy\Application Data\DivX
2009-08-20 16:40 . 2009-08-11 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-20 16:40 . 2009-08-11 16:40 -------- d-----w- c:\program files\NOS
2009-08-20 10:19 . 2009-08-19 23:50 -------- d-----w- c:\program files\MSBuild
2009-08-20 10:19 . 2009-08-20 10:19 -------- d-----w- c:\program files\Reference Assemblies
2009-08-19 23:54 . 2009-08-19 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-19 23:50 . 2009-08-19 23:50 -------- d-----w- c:\program files\Microsoft Works
2009-08-19 23:48 . 2009-08-19 23:48 -------- d-----w- c:\program files\Microsoft.NET
2009-08-19 23:40 . 2009-08-19 23:40 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-08-19 23:34 . 2009-08-19 23:33 -------- d-----w- c:\documents and settings\Brook\Application Data\U3
2009-08-17 16:10 . 2008-08-15 23:30 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-08-15 23:30 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-08-15 23:30 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-08-15 23:46 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-08-15 23:46 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-08-15 23:30 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-08-15 23:30 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-08-15 23:30 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-08-15 23:30 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-12 05:59 . 2009-08-12 05:57 -------- d-----w- c:\program files\DivX
2009-08-12 05:57 . 2009-08-12 05:57 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-07 02:24 . 2008-08-15 21:34 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 02:24 . 2007-07-31 01:19 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 02:24 . 2008-08-15 21:34 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 02:24 . 2008-08-15 21:34 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 02:24 . 2008-08-14 05:14 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 02:24 . 2001-08-23 15:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 02:23 . 2008-08-15 21:34 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 02:23 . 2008-08-14 05:14 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2001-08-23 15:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 22:07 . 2008-08-14 13:23 899 ----a-w- c:\windows\EReg077.dat
2009-07-25 12:23 . 2008-12-17 18:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2001-08-23 15:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-04 07:56 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run]
"cdloader"="c:\documents and settings\Daddy\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-01-30 1347584]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-08-20 2000120]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"3c1807pd"="c:\windows\SYSTEM32\3cmlink.exe" [2005-11-19 73728]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-22 520024]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion \explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\stand ardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\BitPim\\bitpimw.exe"=
"c:\\Program Files\\SVDVR\\shttps\\http.exe"=
"c:\\Program Files\\SVDVR\\SVDVR.exe"=
"c:\\Program Files\\Client\\ClientMain.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Documents and Settings\\Daddy\\Application Data\\mjusbsp\\magicJack.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/1/2009 7:40 PM 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/15/2008 4:46 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/15/2008 4:46 PM 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 2:34 PM 1028432]
R3 SiSV;SiSV;c:\windows\system32\drivers\SiSV.sys [8/13/2008 3:42 PM 50432]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [8/25/2009 12:58 AM 178913]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 02:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Daddy\Application Data\Mozilla\Firefox\Profiles\vnwccepd.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://pbskids.org/
FF - prefs.js: keyword.URL -
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-USRpdA - (no file)
Notify-a4cd410a658 - c:\windows\System32\compstui32.dll
Notify-__c00D7664 - c:\windows\system32\__c00D7664.dat



************************************************************ **************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-10 11:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************************ **************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(156)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8. 0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\StkASv2K.exe
c:\windows\system32\searchindexer.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\devldr32.exe
c:\windows\system32\searchprotocolhost.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\documents and settings\Daddy\Application Data\mjusbsp\st00000\mjsetup.exe
c:\documents and settings\Daddy\Application Data\mjusbsp\magicJack.exe
c:\windows\system32\searchfilterhost.exe
.
************************************************************ **************
.
Completion time: 2009-10-10 11:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-10 18:38

Pre-Run: 14,392,877,056 bytes free
Post-Run: 14,770,860,032 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

273 --- E O F --- 2009-09-09 07:55

[Jintan]

I received the dump log, thanks. But likely made unnecessary now that ComboFix cleared all the malware files and settings there. The Gmer dump suggests something causing the Gmer driver to load improperly, or another legit system service has been altered:

Could not read faulting driver name

OVERLAPPED_MODULE: Address regions for 'pwrcapog' (<-- that's the Gmer driver) and 'kmixer.sys' overlap

READ_ADDRESS: f9a50005

FAULTING_IP:
pwrcapog+bbb3
f5f63bb3 807b0503 cmp byte ptr [ebx+5],3

Let's do more then check again after.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.



Download Malwarebytes' Anti-Malware from Here or Here.

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

----------

Run Gmer again, and this time the complete scan, and post that log along with a new RSIT log and the Malwarebytes log please.

[Boot Boy]

Once again Gmer crashed the system. I was able to get a split second look at a blue screen of death right before it re-booted. Here are the other two logs:


Logfile of random's system information tool 1.06 (written by random/random)
Run by Daddy at 2009-10-10 19:53:17
Microsoft Windows XP Professional Service Pack 3
System drive C: has 14 GB (23%) free of 60 GB
Total RAM: 511 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:38 PM, on 10/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Daddy\Application Data\mjusbsp\st00000\mjsetup.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\Daddy\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Daddy\My Documents\Downloads\RSIT.exe
C:\Documents and Settings\Daddy\My Documents\Downloads\Daddy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Daddy\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1218836048702
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe

--
End of file - 7511 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-08-20 430592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"3c1807pd"=C:\WINDOWS\SYSTEM32\3cmlink.exe [2005-11-18 73728]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-09-21 520024]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Run]
"Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2009-02-20 4363504]
"cdloader"=C:\Documents and Settings\Daddy\Application Data\mjusbsp\cdloader2.exe [2009-08-01 50520]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe [2009-01-30 1347584]
"Creative WebCam Tray"=C:\Program Files\Creative\Shared Files\CamTray.exe [2005-10-27 299008]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2009-08-20 2000120]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shareda ccess\parameters\firewallpolicy\standardprofile\authorizedap plications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.e xe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\BitPim\bitpimw.exe"="C:\Program Files\BitPim\bitpimw.exe:*:Enabled:Open Source Mobile Phone Tool"
"C:\Program Files\SVDVR\shttps\http.exe"="C:\Program Files\SVDVR\shttps\http.exe:*:Enabled:http"
"C:\Program Files\SVDVR\SVDVR.exe"="C:\Program Files\SVDVR\SVDVR.exe:*:Enabled:SVDVR"
"C:\Program Files\Client\ClientMain.exe"="C:\Program Files\Client\ClientMain.exe:*:Enabled:ClientMain"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Documents and Settings\Daddy\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\Daddy\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shareda ccess\parameters\firewallpolicy\domainprofile\authorizedappl ications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.e xe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-12-25 18:17:58 ----SHD---- C:\WINDOWS\ftpcache
2009-10-10 16:50:27 ----D---- C:\Documents and Settings\Daddy\Application Data\Malwarebytes
2009-10-10 16:50:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-10 16:50:19 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-10 11:38:53 ----A---- C:\ComboFix.txt
2009-10-10 11:16:55 ----A---- C:\Boot.bak
2009-10-10 11:16:48 ----RASHD---- C:\cmdcons
2009-10-10 10:17:14 ----A---- C:\WINDOWS\zip.exe
2009-10-10 10:17:14 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-10-10 10:17:14 ----A---- C:\WINDOWS\SWSC.exe
2009-10-10 10:17:14 ----A---- C:\WINDOWS\SWREG.exe
2009-10-10 10:17:14 ----A---- C:\WINDOWS\sed.exe
2009-10-10 10:17:14 ----A---- C:\WINDOWS\PEV.exe
2009-10-10 10:17:14 ----A---- C:\WINDOWS\NIRCMD.exe
2009-10-10 10:17:14 ----A---- C:\WINDOWS\grep.exe
2009-10-10 10:16:49 ----D---- C:\WINDOWS\ERDNT
2009-10-10 10:10:33 ----D---- C:\Qoobox
2009-10-09 07:11:50 ----D---- C:\rsit
2009-10-08 13:03:29 ----A---- C:\WINDOWS\system32\96.tmp
2009-10-08 13:03:28 ----A---- C:\WINDOWS\system32\95.tmp
2009-10-07 09:14:35 ----SHD---- C:\WINDOWS\system32\LocalService
2009-10-01 05:28:34 ----A---- C:\WINDOWS\system32\A7.tmp
2009-09-30 09:28:34 ----A---- C:\WINDOWS\system32\16.tmp
2009-09-29 11:13:08 ----A---- C:\WINDOWS\system32\5CF.tmp
2009-09-24 11:13:18 ----A---- C:\WINDOWS\system32\116.tmp
2009-09-23 12:27:56 ----A---- C:\WINDOWS\wininit.ini
2009-09-19 12:15:23 ----D---- C:\Documents and Settings\Daddy\Application Data\BitTorrent
2009-09-19 12:14:44 ----D---- C:\Program Files\BitTorrent

======List of files/folders modified in the last 1 months======

2009-10-10 19:53:23 ----D---- C:\WINDOWS\Prefetch
2009-10-10 19:52:16 ----D---- C:\Program Files\Mozilla Firefox
2009-10-10 19:52:04 ----D---- C:\WINDOWS\Temp
2009-10-10 19:51:23 ----D---- C:\Documents and Settings\Daddy\Application Data\mjusbsp
2009-10-10 19:49:31 ----D---- C:\WINDOWS
2009-10-10 19:25:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-10 19:23:10 ----D---- C:\WINDOWS\system32
2009-10-10 16:50:21 ----D---- C:\WINDOWS\system32\drivers
2009-10-10 16:50:19 ----RD---- C:\Program Files
2009-10-10 12:15:31 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-10 11:33:05 ----A---- C:\WINDOWS\system.ini
2009-10-10 11:23:38 ----D---- C:\WINDOWS\AppPatch
2009-10-10 11:23:28 ----D---- C:\Program Files\Common Files
2009-10-10 11:16:55 ----RASH---- C:\boot.ini
2009-10-09 09:41:11 ----D---- C:\Documents and Settings\Daddy\Application Data\U3
2009-10-09 09:37:11 ----HD---- C:\WINDOWS\inf
2009-10-09 08:29:13 ----D---- C:\WINDOWS\Minidump
2009-10-07 09:36:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-05 18:40:27 ----D---- C:\WINDOWS\Help
2009-09-28 19:19:29 ----D---- C:\Documents and Settings\Daddy\Application Data\Enigma Browser
2009-09-23 11:56:04 ----SHD---- C:\WINDOWS\Installer
2009-09-23 11:55:58 ----SD---- C:\WINDOWS\Tasks
2009-09-23 11:28:27 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-09-19 18:42:40 ----D---- C:\Documents and Settings\Daddy\Application Data\LimeWire

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-08-19 991656]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 SiSV;SiSV; C:\WINDOWS\System32\DRIVERS\SiSV.sys [2001-08-17 50432]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudio.sys [2003-08-19 73984]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2003-05-21 253672]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 3c1807pd;U.S. Robotics V.92 Fax Win Int; C:\WINDOWS\system32\DRIVERS\3c1807pd.sys [2005-11-18 329056]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2008-05-30 534568]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-07-24 156816]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2008-03-10 57384]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-08-19 47272]
S3 catchme;catchme; \??\C:\456out\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MRVW245;Linksys Wireless-N USB Network Adapter WUSB300N; C:\WINDOWS\System32\DRIVERS\MRVW245.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 StkAMini;Syntek STK1160; C:\WINDOWS\System32\Drivers\StkAMini.sys [2006-11-15 242139]
S3 StkScan;Syntek STK1160 Still Image; C:\WINDOWS\System32\Drivers\StkScan.sys [2006-06-27 4772]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver; C:\WINDOWS\System32\DRIVERS\USRpdA.sys [2001-08-17 113762]
S3 V0260VID;Live! Cam Vista IM; C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-04 178913]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-09-02 346720]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-21 1028432]
R2 StkASSrv;Syntek STK1160 Service; C:\WINDOWS\System32\StkASv2K.exe [2006-05-23 24576]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.e xe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFont Cache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


------------------------------------------------------------------------------------



Malwarebytes' Anti-Malware 1.41
Database version: 2939
Windows 5.1.2600 Service Pack 3

10/10/2009 7:23:10 PM
mbam-log-2009-10-10 (19-23-10).txt

Scan type: Quick Scan
Objects scanned: 26066
Time elapsed: 5 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Brook\Desktop\CursorManiaSetup2.3.50.45.ZCfox000(2) .exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brook\Desktop\CursorManiaSetup2.3.50.45.ZCfox000.ex e (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\207.tmp (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\31A.tmp (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8E.tmp (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\91.tmp (Worm.P2P) -> Quarantined and deleted successfully.

[Jintan]

Make sure Avast is disabled, as well as Ad-Aware if you have their Ad-Watch component.

Open Gmer again, but this time just right click in the white space in the display and select Options - Only non MS files. Then click Scan and allow Gmer to run a different scan. Once that completes click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

[Boot Boy]

GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-11 08:36:39
Windows 5.1.2600 Service Pack 3
Running: okvxcgd4.exe; Driver: C:\DOCUME~1\Daddy\LOCALS~1\Temp\pwrcapog.sys


---- Modules - GMER 1.0.15 ----

Module viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) F8B95000-F8B97000 (8192 bytes)
Module Lbd.sys (Boot Driver/Lavasoft AB) F86E1000-F86F0000 (61440 bytes)
Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) F86F1000-F86FA000 (36864 bytes)
Module amdagp.sys (AMD Win2000 AGP Filter/Advanced Micro Devices, Inc.) F8701000-F870C000 (45056 bytes)
Module \SystemRoot\system32\drivers\viaudio.sys (VIA AC'97 Enhanced Audio WDM Driver /VIA Technologies, Inc.) F7D61000-F7D74000 (77824 bytes)
Module \SystemRoot\System32\DRIVERS\SiSV.sys (SiS SVGA Miniport Driver/Silicon Integrated Systems Corporation) F8761000-F876E000 (53248 bytes)
Module \SystemRoot\system32\drivers\windrvr6.sys (WinDriver Device Driver 6.02/Jungo) F7D07000-F7D29000 (139264 bytes)
Module \SystemRoot\system32\drivers\emu10k1m.sys (Creative SB Live! Adapter Driver/Creative Technology Ltd.) F7CC1000-F7D07000 (286720 bytes)
Module \SystemRoot\system32\drivers\sfmanm.sys (SoundFont(R) Manager/Creative Technology Ltd.) F8771000-F877A000 (36864 bytes)
Module \SystemRoot\system32\drivers\ctlfacem.sys (Creative SB Live! Interface Driver/Creative Technology Ltd.) F8BBF000-F8BC1000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\Rtnicxp.sys (Realtek 10/100/1000 NDIS 5.1 Driver /Realtek Semiconductor Corporation ) F7CA7000-F7CC1000 (106496 bytes)
Module \SystemRoot\system32\DRIVERS\btkrnl.sys (Bluetooth Bus Enumerator/Broadcom Corporation.) F7BA2000-F7C93000 (987136 bytes)
Module \SystemRoot\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) F89D9000-F89DE000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\btport.sys (Bluetooth BTPORT Driver for Windows 2000/Broadcom Corporation.) F89E9000-F89F1000 (32768 bytes)
Module \SystemRoot\System32\Drivers\aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) F8781000-F878C000 (45056 bytes)
Module \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) F70AA000-F70CB000 (135168 bytes)
Module \SystemRoot\System32\Drivers\Aavmker4.SYS (avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP/ALWIL Software) F8A39000-F8A3E000 (20480 bytes)
Module \SystemRoot\System32\SiSV256.dll (SiS Framebuffer Display Driver/Silicon Integrated Systems Corporation) BFF30000-BFF57000 (159744 bytes)
Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BFFA0000-BFFE6000 (286720 bytes)
Module \SystemRoot\system32\DRIVERS\aswFsBlk.sys (avast! File System Access Blocking Driver/ALWIL Software) F8939000-F8941000 (32768 bytes)
Module \SystemRoot\System32\Drivers\aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) F69B0000-F69C6000 (90112 bytes)
Module \SystemRoot\System32\Drivers\aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software) F6332000-F6336000 (16384 bytes)
Module \??\C:\DOCUME~1\Daddy\LOCALS~1\Temp\pwrcapog.sys (GMER) F591C000-F5932000 (90112 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe (Yahoo! Messenger Tray/Yahoo! Inc.) 244
Library C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe (Yahoo! Messenger Tray/Yahoo! Inc.) 0x00400000
Library C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll 0x61110000
Library C:\PROGRA~1\Yahoo!\MESSEN~1\res_msgr.dll (Resource Module/Yahoo! Inc.) 0x60360000

Process C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 432
Library C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 0x00400000

Process C:\WINDOWS\System32\StkASv2K.exe (Syntek Hardware Snapshot Launch Application Services/Syntek America Inc.) 576
Library C:\WINDOWS\System32\StkASv2K.exe (Syntek Hardware Snapshot Launch Application Services/Syntek America Inc.) 0x00400000

Process C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (avast! Antivirus updating service/ALWIL Software) 1376
Library C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (avast! Antivirus updating service/ALWIL Software) 0x00400000
Library C:\Program Files\Alwil Software\Avast4\aswCmnS.dll (Common non-portable functions/ALWIL Software) 0x64100000
Library C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll (Antivirus HW dependent library/ALWIL Software) 0x64000000
Library C:\Program Files\Alwil Software\Avast4\aswCmnB.dll (High level portable functions/ALWIL Software) 0x64080000

Process C:\Program Files\Alwil Software\Avast4\ashServ.exe (avast! antivirus service/ALWIL Software) 1456
Library C:\Program Files\Alwil Software\Avast4\ashServ.exe (avast! antivirus service/ALWIL Software) 0x00400000
Library C:\Program Files\Alwil Software\Avast4\aswAux.dll (avast! Auxiliary Library/ALWIL Software) 0x64580000
Library C:\Program Files\Alwil Software\Avast4\aswCmnB.dll (High level portable functions/ALWIL Software) 0x64080000
Library C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll (Antivirus HW dependent library/ALWIL Software) 0x64000000
Library C:\Program Files\Alwil Software\Avast4\aswEngin.dll (High level antivirus engine/ALWIL Software) 0x64280000
Library C:\Program Files\Alwil Software\Avast4\aswScan.dll (Low level antivirus engine/ALWIL Software) 0x64200000
Library C:\Program Files\Alwil Software\Avast4\aswCmnS.dll (Common non-portable functions/ALWIL Software) 0x64100000
Library C:\Program Files\Alwil Software\Avast4\ashBase.dll (Basic Functionality Module/ALWIL Software) 0x64500000
Library C:\Program Files\Alwil Software\Avast4\ashTask.dll (Task Handling Module/ALWIL Software) 0x64800000
Library C:\Program Files\Alwil Software\Avast4\aswInteg.dll (Integrity checking implementation/ALWIL Software) 0x64400000
Library C:\Program Files\Alwil Software\Avast4\aswIdle.dll (avast! Idle Hook Library/ALWIL Software) 0x64A00000
Library C:\Program Files\Alwil Software\Avast4\Aavm4h.dll (avast! Asynchronous Virus Monitor (AAVM)/ALWIL Software) 0x65000000
Library C:\Program Files\Alwil Software\Avast4\AavmRpch.dll (avast! AAVM Remote Procedure Call Library/ALWIL Software) 0x65100000
Library C:\Program Files\Alwil Software\Avast4\English\Base.dll (avast! English Basic Module/ALWIL Software) 0x66080000
Library C:\Program Files\Alwil Software\Avast4\AhResMai.dll (avast! e-Mail Scanner AAVM Provider Library/ALWIL Software) 0x65380000
Library C:\Program Files\Alwil Software\Avast4\ahResMes.dll (avast!4 Messenger scanner AAVM Provider Library/ALWIL Software) 0x65880000
Library C:\Program Files\Alwil Software\Avast4\AhResNS.dll (avast!4 Network Shield AAVM Provider Library/ALWIL Software) 0x65980000
Library C:\Program Files\Alwil Software\Avast4\AhResOut.dll (avast! MS Outlook/Exchange AAVM Provider Library/ALWIL Software) 0x65280000
Library C:\Program Files\Alwil Software\Avast4\ahResP2P.dll (avast!4 P2P Shield AAVM Provider Library/ALWIL Software) 0x658C0000
Library C:\Program Files\Alwil Software\Avast4\AhResStd.dll (avast! Standard Shield AAVM Provider Library/ALWIL Software) 0x65180000
Library C:\Program Files\Alwil Software\Avast4\AhResWS.dll (avast! HTTP Scanner AAVM Provider Library/ALWIL Software) 0x65A00000
Library C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll (avast! Sqlt Storage Module/ALWIL Software) 0x64880000
Library C:\Program Files\Alwil Software\Avast4\DATA\aswar0.dll (Avast! anti-rootkit module/ALWIL Software) 0x65E20000
Library C:\Program Files\Alwil Software\Avast4\aswRawFs.dll (Raw disk access library/ALWIL Software) 0x64180000

Process C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 1720
Library C:\WINDOWS\system32\bthcrp.dll (bthcrp DLL/Broadcom Corporation.) 0x10000000
Library C:\WINDOWS\system32\WidcommSdk.dll (WidcommSdk DLL/Broadcom Corporation.) 0x00D00000
Library C:\WINDOWS\system32\wbtapi.dll (WBTApi DLL/Broadcom Corporation.) 0x00E20000
Library C:\WINDOWS\system32\CNMLM8O.DLL (IJ Language Monitor/CANON INC.) 0x67380000
Library C:\WINDOWS\system32\msonpmon.dll (Microsoft Office OneNote 2007 Printer Driver/Microsoft Corporation) 0x009A0000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD8O.DLL (IJ Print Processor Dispatcher/CANON INC.) 0x67200000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprin tproc.dll (Print Filter Pipeline Proxy/Microsoft Corporation) 0x3F420000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\msonpppr.dll (Microsoft Office OneNote 2007 Printer Driver/Microsoft Corporation) 0x01160000

Process C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Bluetooth Support Server/Broadcom Corporation.) 1968
Library C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Bluetooth Support Server/Broadcom Corporation.) 0x00400000

Process C:\Documents and Settings\Daddy\My Documents\Downloads\okvxcgd4.exe 2308
Library C:\Documents and Settings\Daddy\My Documents\Downloads\okvxcgd4.exe 0x00400000
Library C:\WINDOWS\system32\btmmhook.dll (Multimedia Keys Hook DLL/Broadcom Corporation.) 0x10000000

Process C:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation) 2312
Library C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL (GrooveShellExtensions Module/Microsoft Corporation) 0x661C0000
Library C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL (GrooveSystemServices Module/Microsoft Corporation) 0x65E30000
Library C:\WINDOWS\system32\btncopy.dll (BTNCopy Module/Broadcom Corporation.) 0x10000000
Library C:\PROGRA~1\MICROS~3\Office12\GR326C~1.DLL (GrooveMisc Module/Microsoft Corporation) 0x66B40000
Library C:\WINDOWS\system32\btmmhook.dll (Multimedia Keys Hook DLL/Broadcom Corporation.) 0x00C30000
Library C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll 0x01520000
Library C:\PROGRA~1\SPYBOT~1\SDHelper.dll (SBSD IE Protection/Safer Networking Limited) 0x03310000
Library C:\WINDOWS\System32\l3codeca.acm (MPEG Layer-3 Audio Codec for MSACM/Fraunhofer Institut Integrierte Schaltungen IIS) 0x58390000

Process C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (avast! service GUI component/ALWIL Software) 2752
Library C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (avast! service GUI component/ALWIL Software) 0x00400000
Library C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll (Antivirus HW dependent library/ALWIL Software) 0x64000000
Library C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll (Basic Functionality Module/ALWIL Software) 0x64500000
Library C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll (High level portable functions/ALWIL Software) 0x64080000
Library C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll (Common non-portable functions/ALWIL Software) 0x64100000
Library C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll (Task Handling Module/ALWIL Software) 0x64800000
Library C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll (avast! Auxiliary Library/ALWIL Software) 0x64580000
Library C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll (avast! Asynchronous Virus Monitor (AAVM)/ALWIL Software) 0x65000000
Library C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll (avast! AAVM Remote Procedure Call Library/ALWIL Software) 0x65100000
Library C:\Program Files\Alwil Software\Avast4\English\Base.dll (avast! English Basic Module/ALWIL Software) 0x66080000
Library C:\Program Files\Alwil Software\Avast4\English\Lang.dll (avast! Main English Module/ALWIL Software) 0x66100000
Library c:\program files\alwil software\avast4\ahruimai.dll (avast! e-Mail Scanner provider GUI/ALWIL Software) 0x65400000
Library C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll (avast! User Interface Common Module/ALWIL Software) 0x64B00000
Library C:\PROGRA~1\ALWILS~1\Avast4\uiAux2.dll (uiAux2 DLL/ALWIL Software) 0x00E80000
Library C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll (Xtreme Toolkit Library DLL/Codejock Software) 0x64C80000
Library c:\program files\alwil software\avast4\ahruimes.dll (avast!4 Messenger scanner AAVM Provider GUI Library/ALWIL Software) 0x65900000
Library c:\program files\alwil software\avast4\ahruins.dll (avast!4 Network Shield AAVM Provider GUI Library/ALWIL Software) 0x659C0000
Library c:\program files\alwil software\avast4\ahruiout.dll (avast! MS Outlook/Exchange AAVM Provider GUI Library/ALWIL Software) 0x65300000
Library c:\program files\alwil software\avast4\ahruip2p.dll (avast!4 P2P Shield AAVM Provider GUI Library/ALWIL Software) 0x65940000
Library c:\program files\alwil software\avast4\ahruistd.dll (avast! Standard Shield AAVM Provider GUI Library/ALWIL Software) 0x65200000
Library c:\program files\alwil software\avast4\ahruiws.dll (Avast! WWW Scanner AAVM Provider GUI Library/ALWIL Software) 0x65A40000
Library C:\WINDOWS\system32\btmmhook.dll (Multimedia Keys Hook DLL/Broadcom Corporation.) 0x10000000

Process C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (GrooveMonitor Utility/Microsoft Corporation) 2788
Library C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL (GrooveShellExtensions Module/Microsoft Corporation) 0x661C0000
Library C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL (GrooveSystemServices Module/Microsoft Corporation) 0x65E30000

Process C:\Program Files\Java\jre6\bin\jusched.exe (Java(TM) Platform SE binary/Sun Microsystems, Inc.) 2820
Library C:\Program Files\Java\jre6\bin\jusched.exe (Java(TM) Platform SE binary/Sun Microsystems, Inc.) 0x00400000

Process C:\Program Files\Creative\Shared Files\CamTray.exe (Creative Camera Launcher Application/Creative Technology Ltd) 2956
Library C:\Program Files\Creative\Shared Files\CamTray.exe (Creative Camera Launcher Application/Creative Technology Ltd) 0x00400000
Library C:\Program Files\Creative\Shared Files\CamRes.crl (Resource for CamTray.exe /Creative Technology Ltd) 0x10000000
Library C:\WINDOWS\system32\CtCamMgr.dll (Creative CamHAL Manager/Creative Technology Ltd.) 0x00A10000
Library C:\WINDOWS\system32\quartz.dll 0x74810000
Library C:\WINDOWS\System32\qcap.dll 0x757F0000
Library C:\WINDOWS\system32\btmmhook.dll (Multimedia Keys Hook DLL/Broadcom Corporation.) 0x00FE0000

Process C:\Documents and Settings\Daddy\Application Data\mjusbsp\st00000\mjsetup.exe (MJSetupHelpers/magicJack L.P.) 2960
Library C:\Documents and Settings\Daddy\Application Data\mjusbsp\st00000\mjsetup.exe (MJSetupHelpers/magicJack L.P.) 0x00400000

Process C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) 2968
Library C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) 0x00400000
Library C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) 0x10000000
Library C:\Program Files\Mozilla Firefox\sqlite3.dll (SQLite Database Library/sqlite.org) 0x00290000
Library C:\Program Files\Mozilla Firefox\MOZCRT19.dll (User-Generated Microsoft (R) C/C++ Runtime Library/Mozilla Foundation) 0x78130000
Library C:\Program Files\Mozilla Firefox\js3250.dll (Netscape 32-bit JavaScript Module/Netscape Communications Corporation) 0x00300000
Library C:\Program Files\Mozilla Firefox\nspr4.dll (NSPR Library/Mozilla Foundation) 0x004E0000
Library C:\Program Files\Mozilla Firefox\smime3.dll (NSS S/MIME Library/Mozilla Foundation) 0x00510000
Library C:\Program Files\Mozilla Firefox\nss3.dll (NSS Base Library/Mozilla Foundation) 0x00530000
Library C:\Program Files\Mozilla Firefox\nssutil3.dll (NSS Utility Library/Mozilla Foundation) 0x005D0000
Library C:\Program Files\Mozilla Firefox\plc4.dll (PLC Library/Mozilla Foundation) 0x003F0000
Library C:\Program Files\Mozilla Firefox\plds4.dll (PLDS Library/Mozilla Foundation) 0x005F0000
Library C:\Program Files\Mozilla Firefox\ssl3.dll (NSS SSL Library/Mozilla Foundation) 0x00600000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\Program Files\Mozilla Firefox\xpcom.dll (Mozilla Foundation) 0x00620000
Library C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll (Mozilla Foundation) 0x012E0000
Library C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll (Mozilla Foundation) 0x01950000
Library C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL (GrooveShellExtensions Module/Microsoft Corporation) 0x02F40000
Library C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL (GrooveSystemServices Module/Microsoft Corporation) 0x65E30000
Library C:\PROGRA~1\MICROS~3\Office12\GR326C~1.DLL (GrooveMisc Module/Microsoft Corporation) 0x66B40000
Library C:\WINDOWS\system32\btmmhook.dll (Multimedia Keys Hook DLL/Broadcom Corporation.) 0x03760000
Library C:\Program Files\Mozilla Firefox\softokn3.dll (NSS PKCS #11 Library/Mozilla Foundation) 0x04710000
Library C:\Program Files\Mozilla Firefox\nssdbm3.dll (Legacy Database Driver/Mozilla Foundation) 0x04740000
Library C:\Program Files\Mozilla Firefox\freebl3.dll (NSS freebl Library/Mozilla Foundation) 0x04760000
Library C:\Program Files\Mozilla Firefox\nssckbi.dll (NSS Builtin Trusted Root CAs/Mozilla Foundation) 0x047B0000

Process C:\WINDOWS\system32\devldr32.exe (DevLdr32/Creative Technology Ltd.) 3008
Library C:\WINDOWS\system32\devldr32.exe (DevLdr32/Creative Technology Ltd.) 0x01000000
Library C:\WINDOWS\system32\DEVCON32.DLL (DevCon32/Creative Technology Ltd.) 0x74230000
Library C:\WINDOWS\system32\SFMAN32.DLL (SoundFont(R) Master Manager /Creative Technology Ltd.) 0x74210000

Process C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Web Player Beta/Veoh Networks) 3016
Library C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Web Player Beta/Veoh Networks) 0x00400000
Library C:\Program Files\Veoh Networks\VeohWebPlayer\BugSplat.dll (Crash reporting module, BugSplat.DLL/BugSplat, LLC) 0x10000000
Library C:\Program Files\Veoh Networks\VeohWebPlayer\QtWebKit4.dll 0x005F0000
Library C:\Program Files\Veoh Networks\VeohWebPlayer\phonon4.dll 0x00380000
Library C:\Program Files\Veoh Networks\VeohWebPlayer\QtGui4.dll 0x65000000
Library C:\Program Files\Veoh Networks\VeohWebPlayer\QtCore4.dll 0x67000000
Library C:\Program Files\Veoh Networks\VeohWebPlayer\QtNetwork4.dll 0x64000000
Library C:\WINDOWS\system32\btmmhook.dll (Multimedia Keys Hook DLL/Broadcom Corporation.) 0x01820000
Library C:\Program Files\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll 0x01A50000
Library C:\Program Files\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll 0x01A70000
Library C:\Program Files\Veoh Networks\VeohWebPlayer\ssleay32.dll (OpenSSL Shared Library/The OpenSSL Project, http://www.openssl.org/) 0x02A50000
Library C:\Program Files\Veoh Networks\VeohWebPlayer\LIBEAY32.dll (OpenSSL Shared Library/The OpenSSL Project, http://www.openssl.org/) 0x02AA0000
Library C:\WINDOWS\system32\macromed\Flash\NPSWF32.dll 0x03460000

Process C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Bluetooth Tray Application/Broadcom Corporation.) 3080
Library C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Bluetooth Tray Application/Broadcom Corporation.) 0x00400000
Library C:\WINDOWS\system32\wbtapi.dll (WBTApi DLL/Broadcom Corporation.) 0x10000000
Library C:\WINDOWS\system32\btosif.dll (BTOSIF DLL/Broadcom Corporation.) 0x00350000
Library C:\WINDOWS\system32\btwhidcs.DLL (Bluetooth HID Power Control Suite dll/Broadcom Corporation.) 0x00370000
Library C:\Program Files\WIDCOMM\Bluetooth Software\BtBalloon.dll (Balloon Tooltip Routine DLL/Broadcom Corporation.) 0x003C0000
Library C:\WINDOWS\system32\btrez.dll (btrez DLL/Broadcom Corporation.) 0x00B70000
Library C:\WINDOWS\system32\btwicons.dll 0x00D00000
Library C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll 0x010C0000
Library C:\WINDOWS\system32\btmmhook.dll (Multimedia Keys Hook DLL/Broadcom Corporation.) 0x011F0000

Process C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Windows Search System Tray/Microsoft Corporation) 3100
Library C:\WINDOWS\System32\msidntld.dll (Microsoft Identity Manager/Microsoft Corporation) 0x60890000
Library C:\WINDOWS\system32\btmmhook.dll (Multimedia Keys Hook DLL/Broadcom Corporation.) 0x01C30000

Process C:\Documents and Settings\Daddy\Application Data\mjusbsp\magicJack.exe (magicJack USB Softphone/magicJack L.P.) 3204
Library C:\Documents and Settings\Daddy\Application Data\mjusbsp\magicJack.exe (magicJack USB Softphone/magicJack L.P.) 0x00400000
Library C:\WINDOWS\system32\btmmhook.dll (Multimedia Keys Hook DLL/Broadcom Corporation.) 0x10000000
Library C:\Documents and Settings\Daddy\Application Data\mjusbsp\SJHandsetMagicJack.dll (SJHandsetMagicJack DLL/SJ Labs) 0x02700000
Library C:\Documents and Settings\Daddy\Application Data\mjusbsp\TjIpSys.dll (TjIpSys DLL/TigerJet Network Inc.) 0x02830000
Library C:\Documents and Settings\Daddy\Application Data\mjusbsp\octvqe1_apiw.DLL 0x04A50000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\DRIVERS\3c1807pd.sys (U.S. Robotics port driver/U.S. Robotics Corporation) [MANUAL] 3c1807pd
Service (avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP/ALWIL Software) [SYSTEM] Aavmker4
Service C:\WINDOWS\System32\DRIVERS\amdagp.sys (AMD Win2000 AGP Filter/Advanced Micro Devices, Inc.) [BOOT] amdagp
Service C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (avast! File System Access Blocking Driver/ALWIL Software) [AUTO] aswFsBlk
Service (avast! File System Filter Driver for Windows XP/ALWIL Software) [AUTO] aswMon2
Service (avast! TDI RDR Driver/ALWIL Software) [MANUAL] aswRdr
Service (avast! self protection module/ALWIL Software) [SYSTEM] aswSP
Service (avast! TDI Filter Driver/ALWIL Software) [SYSTEM] aswTdi
Service C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (avast! Antivirus updating service/ALWIL Software) [AUTO] aswUpdSv
Service C:\Program Files\Alwil Software\Avast4\ashServ.exe (avast! antivirus service/ALWIL Software) [AUTO] avast! Antivirus
Service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (avast! e-Mail Scanner Service/ALWIL Software) [MANUAL] avast! Mail Scanner
Service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (avast! Web Scanner/ALWIL Software) [MANUAL] avast! Web Scanner
Service C:\WINDOWS\system32\drivers\btaudio.sys (Bluetooth Audio Device/Broadcom Corporation.) [MANUAL] btaudio
Service C:\WINDOWS\system32\DRIVERS\btport.sys (Bluetooth BTPORT Driver for Windows 2000/Broadcom Corporation.) [MANUAL] BTDriver
Service C:\WINDOWS\system32\DRIVERS\btkrnl.sys (Bluetooth Bus Enumerator/Broadcom Corporation.) [MANUAL] BTKRNL
Service C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Bluetooth Support Server/Broadcom Corporation.) [AUTO] btwdins
Service C:\WINDOWS\system32\DRIVERS\btwdndis.sys (Bluetooth LAN Access Server Driver/Broadcom Corporation.) [MANUAL] BTWDNDIS
Service C:\WINDOWS\system32\DRIVERS\btwhid.sys (Bluetooth Virtual HID Minidriver/Broadcom Corporation.) [MANUAL] btwhid
Service C:\WINDOWS\System32\Drivers\btwusb.sys (Driver for Bluetooth USB Devices/Broadcom Corporation.) [MANUAL] BTWUSB
Service C:\456out\catchme.sys [MANUAL] catchme
Service C:\WINDOWS\System32\DRIVERS\ctljystk.sys (Creative Joyport Enabler/Creative Technology Ltd.) [MANUAL] ctljystk
Service ctlntsvc
Service C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative SB Live! Adapter Driver/Creative Technology Ltd.) [MANUAL] emu10k
Service C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative SB Live! Interface Driver/Creative Technology Ltd.) [MANUAL] emu10k1
Service C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT
Service C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService
Service C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Ad-Aware Service Application/Lavasoft) [AUTO] Lavasoft Ad-Aware Service
Service C:\WINDOWS\system32\DRIVERS\Lbd.sys (Boot Driver/Lavasoft AB) [BOOT] Lbd
Service System32\DRIVERS\MRVW245.sys [MANUAL] MRVW245
Service MSDTC Bridge 3.0.0.0
Service Outlook
Service C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
Service C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys (Realtek 10/100/1000 NDIS 5.1 Driver /Realtek Semiconductor Corporation ) [MANUAL] RTL8023xp
Service C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek RTL8139 NDIS 5.0 Driver/Realtek Semiconductor Corporation) [MANUAL] rtl8139
Service C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service C:\WINDOWS\system32\drivers\sfmanm.sys (SoundFont(R) Manager/Creative Technology Ltd.) [MANUAL] sfman
Service C:\WINDOWS\System32\DRIVERS\SiSV.sys (SiS SVGA Miniport Driver/Silicon Integrated Systems Corporation) [MANUAL] SiSV
Service SMSvcHost 3.0.0.0
Service C:\WINDOWS\System32\Drivers\StkAMini.sys (Syntek Universal Serial Bus 2.0 Video Mini Driver/Syntek America Inc.) [MANUAL] StkAMini
Service C:\WINDOWS\System32\StkASv2K.exe (Syntek Hardware Snapshot Launch Application Services/Syntek America Inc.) [AUTO] StkASSrv
Service C:\WINDOWS\System32\Drivers\StkScan.sys (Syntek USB 2.0 Still Image Driver/Syntek America Inc.) [MANUAL] StkScan
Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip
Service system32\DRIVERS\lgusbbus.sys [MANUAL] usbbus
Service system32\DRIVERS\lgusbdiag.sys [MANUAL] UsbDiag
Service system32\DRIVERS\lgusbmodem.sys [MANUAL] USBModem
Service C:\WINDOWS\System32\DRIVERS\USRpdA.sys (U.S. Robotics port driver/U.S. Robotics Corporation) [MANUAL] USRpdA
Service C:\WINDOWS\system32\DRIVERS\V0260Vid.sys (Video streaming and Capture Device Driver/Creative Technology Ltd.) [MANUAL] V0260VID
Service C:\WINDOWS\System32\DRIVERS\viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] ViaIde
Service C:\WINDOWS\system32\drivers\viaudio.sys (VIA AC'97 Enhanced Audio WDM Driver /VIA Technologies, Inc.) [MANUAL] VIAudio
Service Windows Workflow Foundation 3.0.0.0
Service C:\WINDOWS\system32\drivers\windrvr6.sys (WinDriver Device Driver 6.02/Jungo) [MANUAL] WinDriver6
Service WSearchIdxPi

---- EOF - GMER 1.0.15 ----