I followed all direction on restore point and registry save. Ran Ad-aware and here is my hijackthis log:
Hope you can help. I've tried a lot of programs to clean this.
Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:53 PM, on 10/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\101 Clips\101Clips.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - S-1-5-18 Startup: 101Clips.lnk = C:\Program Files\101 Clips\101Clips.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: 101Clips.lnk = C:\Program Files\101 Clips\101Clips.exe (User 'Default user')
O4 - .DEFAULT Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: 101Clips.lnk = C:\Program Files\101 Clips\101Clips.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: FirePod Control Panel.lnk.disabled
O4 - Global Startup: Hawking Wireless Utility.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.4.lnk.disabled
O4 - Global Startup: REALTEK RTL8187 Wireless LAN Utility.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: M-Audio USB Installer (MAudioUSBService) - M-Audio - C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12657 bytes

Hi there,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt

Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:

• Double-click .exe that you downloaded
• Click rootkit-tab and then scan.
• Don't check
  Show All
  box while scanning in progress!
• When scanning is ready, click Copy.
• This copies log to clipboard
• Post log in your reply.

Here are the GMER scan results....
Thanks,
David

GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-16 09:02:53
Windows 5.1.2600 Service Pack 3
Running: u4gom64d.exe; Driver: C:\DOCUME~1\David\LOCALS~1\Temp\pwloipob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEF8B96B8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF884AD72]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF882B9A6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF882BB98]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF884B568]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF884B820]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEF8B914C]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF8849A80]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEF8B908C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEF8B90F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEF8B976E]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF884BC8A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEF8B972E]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF884B036]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF882B656]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xEE8AB6D0]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF88E6780]
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\STOPzilla!\STOPzilla.exe[436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [011F2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\STOPzilla!\STOPzilla.exe[436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [011F2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\STOPzilla!\STOPzilla.exe[436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [011F2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\STOPzilla!\STOPzilla.exe[436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [011F2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E02F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E02CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E02D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E02CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\services.exe[1112] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[1112] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000
IAT C:\Program Files\OpenOffice.org 3\program\soffice.exe[1668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [010E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\OpenOffice.org 3\program\soffice.exe[1668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [010E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\OpenOffice.org 3\program\soffice.exe[1668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [010E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\OpenOffice.org 3\program\soffice.exe[1668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [010E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2020] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C72F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2020] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C72CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2020] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C72D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2020] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C72CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[2504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[2504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[2504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[2504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A42F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A42CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A42D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A42CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[2868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D72F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[2868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D72CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[2868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D72D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[2868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D72CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[2876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C02F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[2876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C02CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[2876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C02D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[2876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C02CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe[3052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A22F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe[3052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A22CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe[3052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A22D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe[3052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A22CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe[3112] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe[3112] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe[3112] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe[3112] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A82F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A82CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A82D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A82CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[3188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A92F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[3188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A92CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[3188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A92D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[3188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A92CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\David\My Documents\davids stuff\computer stuff\malware stuff\AdAware\u4gom64d.exe[3208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\David\My Documents\davids stuff\computer stuff\malware stuff\AdAware\u4gom64d.exe[3208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\David\My Documents\davids stuff\computer stuff\malware stuff\AdAware\u4gom64d.exe[3208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\David\My Documents\davids stuff\computer stuff\malware stuff\AdAware\u4gom64d.exe[3208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\OpenOffice.org 3\program\soffice.bin[3604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02552F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\OpenOffice.org 3\program\soffice.bin[3604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02552CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\OpenOffice.org 3\program\soffice.bin[3604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02552D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\OpenOffice.org 3\program\soffice.bin[3604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02552CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\atapi \Device\Ide\IdePort0 [F88D9B3A] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F88D9B3A] atapi.sys[unknown section]

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Implemented Categories\{F2BB56D1-DB07-11D1-AA6B-006097DB9539}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@Class Microsoft.Office.Interop.Owc11.PivotTableClass
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@Assembly Microsoft.Office.Interop.Owc11, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32\11.0.0.0
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32\11.0.0.0@Assembly Microsoft.Office.Interop.Owc11, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32\11.0.0.0@Class Microsoft.Office.Interop.Owc11.PivotTableClass
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32\11.0.0.0@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\MiscStatus@ 0
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\MiscStatus\1
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\MiscStatus\1@ 131473
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\ProgID@ OWC11.PivotTable.11
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\ToolboxBitmap32@ C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL, 1010
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\TypeLib@ {0002E558-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Verb\1
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Verb\1@ &Edit,0,2
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Verb\2
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Verb\2@ Commands and &Options...,0,2
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Version@ 1.0
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\VersionIndependentProgID@ OWC11.PivotTable
Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\InprocServer32@Class Microsoft.Office.Interop.Publisher.ApplicationClass
Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\InprocServer32@Assembly Microsoft.Office.Interop.Publisher, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c
Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\InprocServer32@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\InprocServer32\11.0.0.0
Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\InprocServer32\11.0.0.0@Class Microsoft.Office.Interop.Publisher.ApplicationClass
Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\InprocServer32\11.0.0.0@Assembly Microsoft.Office.Interop.Publisher, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c
Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\InprocServer32\11.0.0.0@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\LocalServer32@ C:\PROGRA~1\MICROS~2\OFFICE11\MSPUB.EXE /Automation
Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\LocalServer32@LocalServer32 ']gAVn-}f(ZXfeAR6.jiPubPrimary>dic+V~SM09P_'_@$%)xK /Automation?
Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\NotInsertable@
Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\ProgID@ Publisher.Application.11
Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\Programmable@
Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\TypeLib@ {0002123C-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\VersionIndependentProgID@ Publisher.Application

---- EOF - GMER 1.0.15 ----

I followed your instructions and will paste the logs below:
Thanks,
DAvid

- - - - - - - - - -

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-13.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/31/2005 1:31:16 PM
System Uptime: 10/16/2009 2:40:05 PM (1 hours ago)

Motherboard: Dell Computer Corporation | | PPPPPP
Processor: Intel® Pentium® M processor 1.40GHz | U1 | 1398/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 0.376 GiB free.
D: is Removable
G: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\CCFC0F114380
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\CCFC0F114380
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/Wireless 2200BG Network Connection
Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27218086&REV_05\4&39A85202&0&20F0
Manufacturer: Intel® Corporation
Name: Intel® PRO/Wireless 2200BG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27218086&REV_05\4&39A85202&0&20F0
Service: w29n51

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: LARGAN Chameleon Video Camera
Device ID: ROOT\IMAGE00
Manufacturer: LARGAN
Name: LARGAN Chameleon Video Camera
PNP Device ID: ROOT\IMAGE00
Service: LARGANV

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Officejet J4680 series
Device ID: ROOT\IMAGE01
Manufacturer: HP
Name: HP Officejet J4680
PNP Device ID: ROOT\IMAGE01
Service: StillCam

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet J4680 series
Device ID: ROOT\MULTIFUNCTION00
Manufacturer: HP
Name: Officejet J4680 series
PNP Device ID: ROOT\MULTIFUNCTION00
Service:

Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
Description: Officejet J4680 series
Device ID: ROOT\PRINTER01
Manufacturer: HP
Name: Officejet J4680 series
PNP Device ID: ROOT\PRINTER01
Service:

==== System Restore Points ===================

RP899: 10/6/2009 9:58:31 PM - Advance System Optimizer Tue, Oct 06, 09 21:58
RP900: 10/6/2009 10:20:15 PM - Systweak System Cleaner Tue, Oct 06, 09 22:19
RP901: 10/7/2009 6:36:47 AM - Advanced Registry Optimizer - Before One Click
RP902: 10/8/2009 5:06:08 PM - System Checkpoint
RP903: 10/8/2009 10:56:11 PM - Spybot-S&D Spyware removal
RP904: 10/9/2009 10:58:07 PM - System Checkpoint
RP905: 10/11/2009 9:21:02 AM - System Checkpoint
RP906: 10/12/2009 10:51:23 AM - System Checkpoint
RP907: 10/13/2009 12:44:20 PM - Installed TurboTax 2008 wfliper
RP908: 10/14/2009 9:13:56 AM - Removed Adobe Reader 8.1.1
RP909: 10/14/2009 9:17:11 AM - Installed Adobe Reader 8.1.3
RP910: 10/14/2009 6:24:44 PM - Restore Operation
RP911: 10/15/2009 9:57:18 PM - Automatic Restore Point

==== Installed Programs ======================


101 Clips
32 Bit HP CIO Components Installer
3ivx MPEG-4 5.0.3 (remove only)
4660_4680_Help
ABBYY FineReader 6.0 Sprint
Ad-Aware
Adobe Audition 2.0
Adobe Audition 2.0 Loopology Content
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.0
Adobe Reader 8.1.3
Adobe Shockwave Player
Advanced Registry Optimizer
Advanced System Optimizer
Allway Sync version 8.4.3
Amazon MP3 Downloader 1.0.3
Apple Software Update
ASF
ASIO4ALL
Audacity 1.3.7 (Unicode)
AudibleManager
avast! Antivirus
AXIS Media Control Embedded
BIAS SoundSoap 2.0
BPD_HPSU
bpd_scan
BPDSoftware
BPDSoftware_2k
BPDSoftware_Ini
Brain Fitness Program
Broadcom Advanced Control Suite
Broadcom ASF Management Applications
BufferChm
CameraDrivers
CamStudio
Canon Camera Access Library
Canon Camera Support Core Library
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Conexant D480 MDC V.9x Modem
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_PrintOnCDConfig
cp_UpdateProjectsConfig
Creative Media Lite
Creative Software Update
Creative WebCam Control
Creative WebCam Monitor
Creative WebCam Vista Driver (1.04.05.0421)
Creative WebCam Vista User's Guide (English)
Creative ZEN Stone Plus User's Guide
Critical Update for Windows Media Player 11 (KB959772)
CueTour
CustomerResearchQFolder
Cut3D 1.025
CutePDF Writer 2.7
Data Lifeguard Diagnostic for Windows
Destination Component
DeviceDiscovery
Digital Line Detect
DigitImg
DocMgr
DocProc
DocumentViewer
DocumentViewerQFolder
DVD Ripper 4
DVDSentry
Easy CD Creator 5 Basic
Enterprise
EPSON Printer Software
ERUNT 1.1j
Fast Track Pro
Fax
Fret Calculator ver 1.0.1.12
FullDPAppQFolder
Functional Ear Trainer - Basic 1.2
Garmin Communicator Plugin
Garmin USB Drivers
Google Chrome
Google SketchUp 7
GPBaseService
Gtk+ Runtime Environment 2.12.9-1
Hawking Hi-Gain Wireless-G USB Dish Adapter
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Customer Participation Program 10.0
HP Document Manager 1.0
HP Document Viewer 7.0
HP Imaging Device Functions 10.0
HP Officejet All-In-One Series
HP Officejet J4500 AiO Series Corporate Edition 10.0
HP Photosmart Cameras 4.5
HP Photosmart Essential
HP Photosmart Essential 2.5
HP Photosmart Premier Software 6.5
HP Scanjet G3010 7.0
HP Smart Web Printing
HP Software Update
HP Solution Center 10.0
HP Update
hpg3010
hpg3010QFolder
HPProductAssistant
HPSSupply
ImageMixer 3 SE Ver.4 Transfer Utility
ImageMixer 3 SE Ver.4 Video Tools
InstantShareDevices
Intel® Extreme Graphics 2 Driver
Intel® PROSet/Wireless Software
Interactive User’s Guide
InterActual Player
InterVideo WinDVD
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 8
J4680
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 15
Juice 2.2
jZip
LADSPA_plugins-win-0.4.15
Learning TruboCAD v10 Professional
LiveUpdate 2.6 (Symantec Corporation)
Logitech MouseWare 9.79
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Resource Center
Malwarebytes' Anti-Malware
Managed DirectX (0901)
MarketResearch
mCore
mDrWiFi
MelodyneUno 1.8 Demo
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MillWizard 1.3
Mint Online TV 2.2
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mouse Suite
Moyea FLV Downloader version 1.15.0.15
Moyea FLV Player version 1.5.2.7
Mozilla Firefox (3.5.3)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
mToolkit
Music Transfer Utility Ver.1
muvee Plugin 1.0
MVision
mWlsSafe
mXML
My Oriental Guitar - The Shareware
mZConfig
NCH Tone Generator
NetDeviceManager
NetWaiting
Network Stumbler 0.4.0 (remove only)
Norton WMI Update
OCR Software by I.R.I.S. 10.0
OLYMPUS Master 2
OpenOffice.org 3.1
OptionalContentQFolder
Oxelon Media Converter 1.1
PageBreeze Free HTML Editor
PartWizard 3.0
PartWizard 3.2
Pen Tablet
PEV Tone Generator
Photo to Movie 3.5.6
PhotoFiltre
PhotoGallery
Photosmart 140,240,7200,7600,7700,7900 Series
PreSonus 1394 Audio Driver V2.14.25 (FIREPOD)
Presto! Mr. Photo
Prism Video Converter
ProductContext
PS7700
PSShortcuts
PSSWCORE
PSUsage
QuickSet
QuickTime Alternative 1.81
RandMap
RealPlayer
REALTEK RTL8187 Wireless LAN Driver and Utility
Rhapsody Player Engine
Sansa Updater
SBEditor2 1.3.1
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
ShareIns
Shop for HP Supplies
ShopBot 3 Version 3.6.5
Sketch Master 4.71
SkinsHP1
Skype™ 4.0
SlideShow
SlideShowMusic
SmartFTP Client 2.0
SmartWebPrintingOC
SolutionCenter
Sonic_PrimoSDK
Spybot - Search & Destroy
Spyware Doctor 6.1
Status
STOIK Video Converter 2
STOPzilla
StorageSync Backup Software
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
TablEdit 2.65
Toolbox
Total Recorder 4.5
TrayApp
TurboCAD Professional v10.2
TurboTax 2008
TurboTax 2008 wfliper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax Home & Business 2007
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
User Profile Hive Cleanup Service
ustc
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VST Bridge 1.1
WebFldrs XP
WebReg
WexTech AnswerWorks
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
XviD 1.1 final uninstall

==== Event Viewer Messages From Past Week ========

10/9/2009 4:09:07 PM, error: Service Control Manager [7000] - The HP Network Devices Support service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
10/9/2009 4:09:07 PM, error: DCOM [10005] - DCOM got error "%1083" attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882}
10/9/2009 4:08:45 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Mail Scanner service to connect.
10/9/2009 4:08:45 PM, error: Service Control Manager [7000] - The avast! Mail Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/9/2009 11:14:47 AM, error: Service Control Manager [7023] - The avast! Mail Scanner service terminated with the following error: Cannot create a file when that file already exists.
10/9/2009 11:11:00 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Media Player Network Sharing Service service to connect.
10/9/2009 11:11:00 AM, error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/9/2009 10:14:57 AM, error: System Error [1003] - Error code 1000000a, parameter1 e2e85b08, parameter2 00000002, parameter3 00000000, parameter4 804f434b.
10/16/2009 7:43:17 AM, error: System Error [1003] - Error code 10000050, parameter1 faef8005, parameter2 00000000, parameter3 edb76bb3, parameter4 00000000.
10/16/2009 7:38:47 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avast! Web Scanner service.
10/16/2009 2:46:12 PM, error: System Error [1003] - Error code 1000000a, parameter1 e31c4a78, parameter2 00000002, parameter3 00000000, parameter4 804f434b.
10/16/2009 2:45:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LVSrvLauncher service to connect.
10/16/2009 2:45:44 PM, error: Service Control Manager [7000] - The LVSrvLauncher service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/15/2009 7:34:37 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
10/14/2009 6:00:37 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Installer service to connect.
10/14/2009 6:00:37 PM, error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/14/2009 6:00:33 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/14/2009 5:30:01 PM, error: Service Control Manager [7023] - The Lavasoft Ad-Aware Service service terminated with the following error: Cannot create a file when that file already exists.
10/14/2009 5:29:52 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/14/2009 5:22:53 PM, error: System Error [1003] - Error code 1000000a, parameter1 e2f5cba0, parameter2 00000002, parameter3 00000001, parameter4 805166cc.
10/14/2009 5:22:22 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SymWMI Service service to connect.
10/14/2009 4:24:59 PM, error: System Error [1003] - Error code 1000000a, parameter1 e3b36de8, parameter2 00000002, parameter3 00000000, parameter4 804f434b.
10/14/2009 4:20:43 PM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 804e37f3, parameter3 f8f6eb38, parameter4 f8f6e834.
10/13/2009 7:25:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HP Network Devices Support service to connect.
10/13/2009 7:25:07 AM, error: Service Control Manager [7000] - The HP Network Devices Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/13/2009 7:25:01 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882}
10/13/2009 7:18:53 AM, error: System Error [1003] - Error code 1000000a, parameter1 e2fc2570, parameter2 00000002, parameter3 00000000, parameter4 804f434b.
10/13/2009 7:18:51 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Intuit Update Service service to connect.
10/13/2009 7:18:51 AM, error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/13/2009 6:26:48 PM, error: Service Control Manager [7034] - The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s).
10/13/2009 6:20:53 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
10/13/2009 6:20:53 PM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/13/2009 6:15:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
10/13/2009 6:15:45 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
10/13/2009 6:14:23 PM, error: Service Control Manager [7000] - The Largan.sys Digital Still Camera service failed to start due to the following error: The system cannot find the file specified.
10/13/2009 6:14:23 PM, error: Service Control Manager [7000] - The LARGAN Chameleon Video Camera service failed to start due to the following error: The system cannot find the file specified.
10/13/2009 6:01:24 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
10/13/2009 5:50:16 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/13/2009 5:50:15 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
10/12/2009 7:43:24 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the HPSLPSVC service.
10/11/2009 8:38:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.
10/11/2009 8:38:23 PM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/11/2009 8:33:51 AM, error: Service Control Manager [7034] - The Fax service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

DDS (Ver_09-10-13.01) - NTFSx86
Run by David at 15:24:35.16 on Fri 10/16/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.630.121 [GMT -4:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! antivirus 4.8.1351 [VPS 091015-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\101 Clips\101Clips.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Documents and Settings\David\My Documents\davids stuff\computer stuff\malware stuff\AdAware\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.windstream.net/
uDefault_Page_URL = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Catcher Class: {adecbed6-0366-4377-a739-e69dfba04663} - c:\program files\moyea\flv downloader\MoyeaCth.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [CTZDetec.exe] c:\program files\creative\creative media lite\CTZDetec.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [hpqSRMon] c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\david\startm~1\programs\startup\101clips.lnk - c:\program files\101 clips\101Clips.exe
StartupFolder: c:\docume~1\david\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\FirePod Control Panel.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Hawking Wireless Utility.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\ImageMixer 3 SE Camera Monitor Ver.4.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\REALTEK RTL8187 Wireless LAN Utility.lnk.disabled
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\buhegavu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\david\applic~1\mozilla\firefox\profiles\o26b083y.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mail2web.com/
FF - prefs.js: keyword.URL -
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\david\application data\mozilla\firefox\profiles\o26b083y.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\david\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\common files\parallelgraphics\cortona\npCortona.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-9 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-6 206256]
R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-5-27 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-27 20560]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2009-1-28 13088]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1028432]
R2 MAudioUSBService;M-Audio USB Installer;c:\program files\m-audio\fast track pro\MAUSBInst.exe [2006-7-28 49152]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-6-23 1373480]
S2 LARGAN;Largan.sys Digital Still Camera;c:\windows\system32\drivers\largan.sys --> c:\windows\system32\drivers\largan.sys [?]
S2 LARGANV;LARGAN Chameleon Video Camera;c:\windows\system32\drivers\larganv.sys --> c:\windows\system32\drivers\larganv.sys [?]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2007-11-27 20608]
S3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);c:\windows\system32\drivers\mausb.sys [2006-7-28 102528]
S3 pae_1394;pae_1394;c:\windows\system32\drivers\pae_1394.sys [2006-9-15 111616]
S3 pae_avs;pae_avs;c:\windows\system32\drivers\pae_avs.sys [2006-9-15 27136]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2006-9-9 16384]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [2006-9-9 10240]
S3 ps_1394;ps_1394;c:\windows\system32\drivers\ps_1394.sys [2006-9-12 97152]
S3 ps_avs;ps_avs;c:\windows\system32\drivers\ps_avs.sys [2006-9-12 24576]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2007-12-22 269824]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-10-6 348824]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2007-12-22 13532]
S3 V0010bVd;Creative WebCam Vista #2;c:\windows\system32\drivers\V0010bVd.sys [2005-4-14 186551]
S3 ZD1211BU(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking);c:\windows\system32\drivers\ZD1211BU.sys [2007-11-27 402432]
S3 ZMHHPAudioSrv;ZOOM H Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmhhpau.sys --> c:\windows\system32\drivers\zmhhpau.sys [?]

=============== Created Last 30 ================

2009-10-16 14:53 520 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-10-15 08:23 54,156 a---h--- c:\windows\QTFont.qfn
2009-10-15 08:23 1,409 a------- c:\windows\QTFont.for
2009-10-12 08:31 408,576 a------- c:\windows\system32\Smab.dll
2009-10-12 08:24 240,128 a------- c:\windows\system32\x.264.exe
2009-10-11 21:01 0 a---h--- C:\aaw7boot.cmd
2009-10-09 11:00 15,688 a------- c:\windows\system32\lsdelete.exe
2009-10-09 09:47 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-10-09 09:37 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-10-09 09:35 <DIR> --d----- c:\program files\Lavasoft
2009-10-08 07:04 128 a------- c:\windows\CODEJO~3.INI
2009-10-07 21:59 36 a------- c:\windows\SB_Previewer.INI
2009-10-07 21:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ShopBot
2009-10-07 21:54 396,960 a------- c:\windows\system32\MyCommandButton.ocx
2009-10-07 21:54 2,119,600 a------- c:\windows\system32\Codejock.CommandBars.v12.0.2.ocx
2009-10-07 21:54 1,652,656 a------- c:\windows\system32\Codejock.Controls.v12.0.2.ocx
2009-10-07 21:54 829,360 a------- c:\windows\system32\Codejock.SyntaxEdit.v12.0.2.ocx
2009-10-07 21:54 49,152 a------- c:\windows\system32\CP210xRuntime.dll
2009-10-06 22:30 4 a------- C:\WINDOWSRegDefrag.dat
2009-10-06 21:58 <DIR> --d----- c:\docume~1\david\applic~1\Systweak
2009-10-06 21:56 <DIR> --d----- c:\program files\Advanced System Optimizer
2009-10-06 21:10 <DIR> --d----- c:\docume~1\david\applic~1\Sammsoft
2009-10-06 21:09 <DIR> --d----- c:\program files\Advanced Registry Optimizer
2009-10-06 17:08 262,144 a------- c:\windows\system32\default_user_class.dat
2009-10-06 17:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-10-06 17:01 <DIR> --d----- c:\program files\STOPzilla!
2009-10-06 17:01 <DIR> --d----- c:\program files\common files\iS3
2009-10-06 17:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-10-06 13:35 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-10-06 13:35 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-10-06 13:35 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-06 13:35 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-10-06 13:35 <DIR> --d----- c:\program files\common files\PC Tools
2009-10-06 13:35 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-10-06 13:34 <DIR> --d----- c:\program files\Spyware Doctor
2009-10-06 13:34 <DIR> --d----- c:\docume~1\david\applic~1\PC Tools
2009-10-06 13:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-10-06 03:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-05 19:33 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-10-05 19:23 <DIR> --d----- C:\GTK
2009-10-05 17:41 <DIR> --d----- C:\fixwareout
2009-10-05 15:42 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-10-05 15:42 <DIR> --d----- c:\docume~1\david\applic~1\SUPERAntiSpyware.com
2009-10-05 09:04 <DIR> --d----- c:\program files\Sony Setup
2009-10-05 08:24 <DIR> --d----- c:\program files\PhotoshopPortable
2009-10-05 08:16 <DIR> --d----- c:\program files\Sony
2009-09-28 17:07 <DIR> --d----- c:\docume~1\david\applic~1\uTorrent
2009-09-27 11:33 <DIR> --d----- c:\docume~1\david\applic~1\Thinstall
2009-09-26 13:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PIXELA
2009-09-26 12:45 65,536 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-26 12:45 49,152 a------- c:\windows\system32\QuickTime.qts
2009-09-26 12:44 <DIR> --d----- c:\program files\Media Player Classic
2009-09-26 12:44 <DIR> --d----- c:\program files\QuickTime Alternative
2009-09-26 12:33 <DIR> --d----- c:\docume~1\david\applic~1\MPEG Streamclip
2009-09-26 11:32 <DIR> --d----- c:\docume~1\david\applic~1\ZoomBrowser EX
2009-09-26 11:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ZoomBrowser
2009-09-26 11:10 <DIR> --d----- c:\program files\Canon
2009-09-26 11:08 <DIR> --d----- c:\program files\common files\Canon
2009-09-26 10:43 <DIR> --d----- c:\program files\PIXELA

==================== Find3M ====================

2009-10-08 08:14 178,454 ac------ c:\windows\hpwins20.dat
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 ac------ c:\windows\system32\drivers\mbam.sys
2009-09-01 15:00 13,696 a------- c:\windows\system32\drivers\wpsnuio.sys
2009-08-06 19:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 19:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 19:24 35,552 a------- c:\windows\system32\dllcache\wups.dll
2009-08-06 19:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 19:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll
2009-08-06 19:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 19:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-20 14:57 17,408 a----r-- c:\windows\system32\SZIO5.dll
2009-07-20 14:56 311,296 a----r-- c:\windows\system32\SZBase5.dll
2009-07-20 14:56 540,672 a----r-- c:\windows\system32\SZComp5.dll
2008-04-21 17:37 32 ac------ c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-03-22 21:54 218 ac------ c:\documents and settings\david\fet_settings.dat
2008-08-17 17:03 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081720080818\index.dat

============= FINISH: 15:28:43.37 ===============
GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-16 09:02:53
Windows 5.1.2600 Service Pack 3
Running: u4gom64d.exe; Driver: C:\DOCUME~1\David\LOCALS~1\Temp\pwloipob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEF8B96B8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF884AD72]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF882B9A6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF882BB98]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF884B568]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF884B820]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEF8B914C]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF8849A80]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEF8B908C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEF8B90F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEF8B976E]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF884BC8A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEF8B972E]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF884B036]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF882B656]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xEE8AB6D0]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF88E6780]
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\STOPzilla!\STOPzilla.exe[436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [011F2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\STOPzilla!\STOPzilla.exe[436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [011F2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\STOPzilla!\STOPzilla.exe[436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [011F2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\STOPzilla!\STOPzilla.exe[436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [011F2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E02F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E02CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E02D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E02CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\services.exe[1112] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[1112] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000
IAT C:\Program Files\OpenOffice.org 3\program\soffice.exe[1668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [010E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\OpenOffice.org 3\program\soffice.exe[1668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [010E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\OpenOffice.org 3\program\soffice.exe[1668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [010E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\OpenOffice.org 3\program\soffice.exe[1668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [010E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2020] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C72F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2020] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C72CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2020] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C72D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2020] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C72CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[2504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[2504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[2504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\WMPNSCFG.exe[2504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A42F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A42CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A42D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A42CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[2868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D72F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[2868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D72CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[2868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D72D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[2868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D72CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[2876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C02F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[2876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C02CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[2876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C02D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[2876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C02CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe[3052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A22F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe[3052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A22CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe[3052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A22D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe[3052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A22CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe[3112] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe[3112] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe[3112] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe[3112] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A82F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A82CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A82D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A82CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[3188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A92F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[3188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A92CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[3188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A92D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[3188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A92CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\David\My Documents\davids stuff\computer stuff\malware stuff\AdAware\u4gom64d.exe[3208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\David\My Documents\davids stuff\computer stuff\malware stuff\AdAware\u4gom64d.exe[3208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\David\My Documents\davids stuff\computer stuff\malware stuff\AdAware\u4gom64d.exe[3208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\David\My Documents\davids stuff\computer stuff\malware stuff\AdAware\u4gom64d.exe[3208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\OpenOffice.org 3\program\soffice.bin[3604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02552F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\OpenOffice.org 3\program\soffice.bin[3604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02552CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\OpenOffice.org 3\program\soffice.bin[3604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02552D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\OpenOffice.org 3\program\soffice.bin[3604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02552CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\atapi \Device\Ide\IdePort0 [F88D9B3A] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F88D9B3A] atapi.sys[unknown section]

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Implemented Categories\{F2BB56D1-DB07-11D1-AA6B-006097DB9539}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@Class Microsoft.Office.Interop.Owc11.PivotTableClass
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@Assembly Microsoft.Office.Interop.Owc11, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32\11.0.0.0
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32\11.0.0.0@Assembly Microsoft.Office.Interop.Owc11, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32\11.0.0.0@Class Microsoft.Office.Interop.Owc11.PivotTableClass
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32\11.0.0.0@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\MiscStatus@ 0
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\MiscStatus\1
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\MiscStatus\1@ 131473
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\ProgID@ OWC11.PivotTable.11
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\ToolboxBitmap32@ C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL, 1010
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\TypeLib@ {0002E558-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Verb\1
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Verb\1@ &Edit,0,2
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Verb\2
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Verb\2@ Commands and &Options...,0,2
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\Version@ 1.0
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\VersionIndependentProgID@ OWC11.PivotTable
Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\InprocServer32@Class Microsoft.Office.Interop.Publisher.ApplicationClass
Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\InprocServer32@Assembly Microsoft.Office.Interop.Publisher, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c
Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\InprocServer32@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\InprocServer32\11.0.0.0
Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\InprocServer32\11.0.0.0@Class Microsoft.Office.Interop.Publisher.ApplicationClass
Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\InprocServer32\11.0.0.0@Assembly Microsoft.Office.Interop.Publisher, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c
Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\InprocServer32\11.0.0.0@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\LocalServer32@ C:\PROGRA~1\MICROS~2\OFFICE11\MSPUB.EXE /Automation
Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\LocalServer32@LocalServer32 ']gAVn-}f(ZXfeAR6.jiPubPrimary>dic+V~SM09P_'_@$%)xK /Automation?
Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\NotInsertable@
Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\ProgID@ Publisher.Application.11
Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\Programmable@
Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\TypeLib@ {0002123C-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\CLSID\{EA07B874-F404-0975-0E56-7458120EC520}\VersionIndependentProgID@ Publisher.Application

---- EOF - GMER 1.0.15 ----

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

I followed all instructions to run ComboFix and here is the resulting log:
thanks...

ComboFix 09-10-16.09 - David 10/17/2009 9:10.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.630.281 [GMT -4:00]
Running from: c:\documents and settings\David\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091016-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\NPROTECT
c:\recycler\S-1-5-21-1687564141-13397147-3217773370-1005
c:\windows\Installer\3bcfe.msi
c:\windows\Installer\3bd01.msi
c:\windows\Installer\WinRMSrv.msi
c:\windows\jestertb.dll
c:\windows\system32\drivers\fad.sys

Infected copy of c:\windows\SYSTEM32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :^)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2009-09-17 to 2009-10-17 )))))))))))))))))))))))))))))))
.

2009-10-16 20:56 . 2009-10-16 20:56 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-16 02:04 . 2009-10-16 02:04 -------- d-----w- c:\program files\ERUNT
2009-10-13 23:38 . 2009-10-13 23:39 -------- d-----w- c:\documents and settings\David\Application Data\Media Player Classic
2009-10-12 12:31 . 2008-02-07 20:15 408576 ----a-w- c:\windows\system32\Smab.dll
2009-10-12 12:24 . 2005-02-28 17:16 240128 ----a-w- c:\windows\system32\x.264.exe
2009-10-12 01:01 . 2009-10-12 01:01 0 ---ha-w- C:\aaw7boot.cmd
2009-10-09 15:00 . 2009-09-03 09:17 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-09 13:47 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-09 13:35 . 2009-10-09 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-09 13:35 . 2009-10-09 13:35 -------- d-----w- c:\program files\Lavasoft
2009-10-08 01:58 . 2009-10-08 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\ShopBot
2009-10-08 01:54 . 2005-02-10 00:00 49152 ----a-w- c:\windows\system32\CP210xRuntime.dll
2009-10-07 02:30 . 2009-10-07 02:31 4 ----a-w- C:\WINDOWSRegDefrag.dat
2009-10-07 01:58 . 2009-10-07 01:58 -------- d-----w- c:\documents and settings\David\Application Data\Systweak
2009-10-07 01:56 . 2009-10-07 01:57 -------- d-----w- c:\program files\Advanced System Optimizer
2009-10-07 01:10 . 2009-10-07 01:10 -------- d-----w- c:\documents and settings\David\Application Data\Sammsoft
2009-10-07 01:09 . 2009-10-07 01:42 -------- d-----w- c:\program files\Advanced Registry Optimizer
2009-10-06 21:08 . 2009-10-06 21:10 262144 ----a-w- c:\windows\system32\default_user_class.dat
2009-10-06 21:03 . 2009-10-07 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-10-06 21:01 . 2009-10-06 21:01 -------- d-----w- c:\program files\STOPzilla!
2009-10-06 21:01 . 2009-10-06 21:01 -------- d-----w- c:\program files\Common Files\iS3
2009-10-06 21:01 . 2009-10-17 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-10-06 17:35 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-06 17:35 . 2009-08-24 18:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-06 17:35 . 2009-08-19 15:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-06 17:35 . 2009-10-06 17:36 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-06 17:35 . 2008-12-10 15:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-06 17:34 . 2009-10-07 02:21 -------- d-----w- c:\program files\Spyware Doctor
2009-10-06 17:34 . 2009-10-06 17:34 -------- d-----w- c:\documents and settings\David\Application Data\PC Tools
2009-10-06 17:34 . 2009-10-06 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-06 07:36 . 2009-10-06 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-05 23:33 . 2009-10-05 23:33 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-05 23:23 . 2009-10-05 23:23 -------- d-----w- C:\GTK
2009-10-05 21:41 . 2009-10-06 13:11 -------- d-----w- C:\fixwareout
2009-10-05 19:42 . 2009-10-06 07:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-05 19:42 . 2009-10-05 19:42 -------- d-----w- c:\documents and settings\David\Application Data\SUPERAntiSpyware.com
2009-10-05 13:04 . 2009-10-05 13:04 -------- d-----w- c:\program files\Sony Setup
2009-10-05 12:24 . 2009-10-05 23:31 -------- d-----w- c:\program files\PhotoshopPortable
2009-10-05 12:16 . 2009-10-05 23:31 -------- d-----w- c:\program files\Sony
2009-10-05 11:00 . 2009-10-05 11:00 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-28 21:07 . 2009-09-28 22:14 -------- d-----w- c:\documents and settings\David\Application Data\uTorrent
2009-09-27 15:33 . 2009-09-27 15:33 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\Thinstall
2009-09-27 15:33 . 2009-09-27 15:33 -------- d-----w- c:\documents and settings\David\Application Data\Thinstall
2009-09-26 17:12 . 2009-09-26 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PIXELA
2009-09-26 16:44 . 2009-09-26 16:44 -------- d-----w- c:\program files\Media Player Classic
2009-09-26 16:44 . 2009-09-26 16:45 -------- d-----w- c:\program files\QuickTime Alternative
2009-09-26 16:33 . 2009-09-26 16:33 -------- d-----w- c:\documents and settings\David\Application Data\MPEG Streamclip
2009-09-26 15:32 . 2009-09-26 16:29 -------- d-----w- c:\documents and settings\David\Application Data\ZoomBrowser EX
2009-09-26 15:11 . 2009-09-26 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-09-26 15:10 . 2009-09-26 15:14 -------- d-----w- c:\program files\Canon
2009-09-26 15:08 . 2009-09-26 15:08 -------- d-----w- c:\program files\Common Files\Canon
2009-09-26 15:07 . 2009-09-26 15:07 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\PIXELA
2009-09-26 14:43 . 2009-09-26 14:44 -------- d-----w- c:\program files\PIXELA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-17 12:26 . 2009-04-21 00:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-14 13:17 . 2005-02-21 18:08 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-08 12:14 . 2009-07-09 15:18 178454 -c--a-w- c:\windows\hpwins20.dat
2009-10-08 01:56 . 2006-12-18 10:45 -------- d-----w- c:\program files\ShopBot
2009-10-07 02:21 . 2007-08-28 01:22 -------- d-----w- c:\program files\SBEditor2
2009-10-06 07:33 . 2006-04-15 14:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-05 23:52 . 2009-03-25 11:51 -------- d-----w- c:\program files\AnimatorDVSimple+
2009-10-05 23:23 . 2009-04-22 20:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-05 17:02 . 2009-06-17 14:40 -------- d-----w- c:\program files\Axis Communications
2009-10-01 13:32 . 2009-04-21 09:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-01 12:28 . 2008-01-14 15:46 -------- d-----w- c:\program files\Common Files\Real
2009-09-28 23:49 . 2008-11-14 10:40 -------- d-----w- c:\program files\VisEdit
2009-09-26 16:45 . 2007-02-26 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-26 16:44 . 2009-02-03 13:29 -------- d-----w- c:\documents and settings\David\Application Data\Apple Computer
2009-09-26 16:39 . 2007-02-26 21:28 -------- d-----w- c:\program files\QuickTime
2009-09-26 14:56 . 2005-01-22 05:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-24 02:34 . 2009-05-07 11:01 -------- d-----w- c:\documents and settings\David\Application Data\Skype
2009-09-20 15:34 . 2009-07-22 01:15 -------- d-----w- c:\program files\NCH Software
2009-09-17 19:25 . 2009-05-31 17:50 -------- d-----w- c:\documents and settings\David\Application Data\Audacity
2009-09-15 21:05 . 2009-09-15 21:04 -------- d-----w- c:\program files\Audible
2009-09-10 18:54 . 2009-04-22 20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-04-22 20:07 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-09-01 19:00 . 2009-09-01 19:00 13696 ----a-w- c:\windows\system32\drivers\wpsnuio.sys
2009-08-27 12:28 . 2009-08-27 12:28 -------- d--h--w- c:\documents and settings\All Users\Application Data\{F40E9D30-5DFC-4B21-BFDB-A5CDEE6440A6}
2009-08-27 12:28 . 2005-04-15 00:27 -------- d-----w- c:\program files\Creative
2009-08-23 01:40 . 2005-01-22 05:03 -------- d-----w- c:\program files\Dell
2009-08-23 01:37 . 2009-04-07 12:54 -------- d-----w- c:\program files\Amazon
2009-08-22 14:01 . 2009-01-30 12:31 86368 -c--a-w- c:\documents and settings\David\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-21 23:01 . 2009-08-21 23:01 -------- d-----w- c:\program files\MSBuild
2009-08-21 23:00 . 2009-08-21 23:00 -------- d-----w- c:\program files\Reference Assemblies
2009-08-17 16:10 . 2009-05-27 21:01 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-05-27 21:01 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-05-27 21:01 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-05-27 21:01 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-05-27 21:01 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-05-27 21:01 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-05-27 21:01 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-05-27 21:01 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-05-27 21:01 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-06 23:24 . 2004-08-04 11:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-04 11:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2005-01-31 18:36 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2004-08-04 11:00 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-04 11:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2005-01-31 18:36 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2004-08-04 11:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-04 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 09:23 . 2008-12-06 01:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-20 18:57 . 2009-07-20 18:57 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-07-20 18:56 . 2009-07-20 18:56 311296 ----a-r- c:\windows\system32\SZBase5.dll
2009-07-20 18:56 . 2009-07-20 18:56 540672 ----a-r- c:\windows\system32\SZComp5.dll
2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2008-04-24 368640]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-01 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

c:\documents and settings\David\Start Menu\Programs\Startup\
101Clips.lnk - c:\program files\101 Clips\101Clips.exe [2009-7-2 729088]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-1-22 24576]
FirePod Control Panel.lnk.disabled [2006-9-15 801]
Hawking Wireless Utility.lnk.disabled [2007-11-27 1576]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
HP Photosmart Premier Fast Start.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
ImageMixer 3 SE Camera Monitor Ver.4.lnk.disabled [2009-9-26 747]
REALTEK RTL8187 Wireless LAN Utility.lnk.disabled [2007-12-23 1771]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"SansaDispatch"=c:\documents and settings\David\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe"
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Documents and Settings\\David\\My Documents\\davids stuff\\computer stuff\\wifi info\\hawking trouble shooting\\SetupUI.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [10/9/2009 9:47 AM 64288]
R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [10/6/2009 1:35 PM 206256]
R0 szkg5;szkg;c:\windows\SYSTEM32\DRIVERS\SZKG.sys [5/12/2009 2:13 PM 61328]
R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [5/27/2009 5:01 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [5/27/2009 5:01 PM 20560]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [1/28/2009 11:11 PM 13088]
R2 MAudioUSBService;M-Audio USB Installer;c:\program files\M-Audio\Fast Track Pro\MAUSBInst.exe [7/28/2006 8:32 PM 49152]
R2 TabletServicePen;TabletServicePen;c:\windows\SYSTEM32\Pen_Tablet.exe [6/23/2008 5:39 PM 1373480]
S2 LARGAN;Largan.sys Digital Still Camera;c:\windows\system32\Drivers\largan.sys --> c:\windows\system32\Drivers\largan.sys [?]
S2 LARGANV;LARGAN Chameleon Video Camera;c:\windows\system32\DRIVERS\larganv.sys --> c:\windows\system32\DRIVERS\larganv.sys [?]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\SYSTEM32\DRIVERS\BRGSp50.sys [11/27/2007 4:58 PM 20608]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 7:17 AM 1170768]
S3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);c:\windows\SYSTEM32\DRIVERS\mausb.sys [7/28/2006 8:32 PM 102528]
S3 pelmouse;Mouse Suite Driver;c:\windows\SYSTEM32\DRIVERS\PELMOUSE.SYS [9/9/2006 8:45 PM 16384]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\SYSTEM32\DRIVERS\pelusblf.sys [9/9/2006 8:45 PM 10240]
S3 ps_1394;ps_1394;c:\windows\SYSTEM32\DRIVERS\ps_1394.sys [9/12/2006 3:50 PM 97152]
S3 ps_avs;ps_avs;c:\windows\SYSTEM32\DRIVERS\ps_avs.sys [9/12/2006 3:50 PM 24576]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\SYSTEM32\DRIVERS\RTL8187.sys [12/22/2007 9:02 AM 269824]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/6/2009 1:34 PM 348824]
S3 SjyPkt;SjyPkt;c:\windows\SYSTEM32\DRIVERS\SjyPkt.sys [12/22/2007 9:01 AM 13532]
S3 V0010bVd;Creative WebCam Vista #2;c:\windows\SYSTEM32\DRIVERS\V0010bVd.sys [4/14/2005 8:28 PM 186551]
S3 ZD1211BU(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking);c:\windows\SYSTEM32\DRIVERS\ZD1211BU.sys [11/27/2007 4:58 PM 402432]
S3 ZMHHPAudioSrv;ZOOM H Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmhhpau.sys --> c:\windows\system32\drivers\zmhhpau.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-16 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe [2004-01-06 18:05]

2009-10-16 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-01-22 18:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.windstream.net/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\o26b083y.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mail2web.com/
FF - prefs.js: keyword.URL -
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\o26b083y.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\David\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCIG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-17 09:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|ù•Ôw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1132)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(1724)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\SmartFTP Client 2.0\smarthook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\windows\SYSTEM32\BAsfIpM.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\SYSTEM32\WTablet\Pen_TabletUser.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-10-17 9:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-17 13:40

Pre-Run: 379,146,240 bytes free
Post-Run: 346,759,168 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=4 Default=4 Failed=1 LastKnownGood=5 Sets=1,2,4,5
342 --- E O F --- 2009-09-02 12:13

Post a fresh dds.txt log too

OH yes, forgot that part.
It does appear that my redirect symptoms have stopped.
I'm very hopful for the first time in two weeks... thanks.

Here my DDS txt:


DDS (Ver_09-10-13.01) - NTFSx86
Run by David at 10:08:49.90 on Sat 10/17/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.630.166 [GMT -4:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! antivirus 4.8.1351 [VPS 091016-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
svchost.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\David\My Documents\davids stuff\computer stuff\malware stuff\AdAware\dds.scr
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.windstream.net/
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Catcher Class: {adecbed6-0366-4377-a739-e69dfba04663} - c:\program files\moyea\flv downloader\MoyeaCth.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [CTZDetec.exe] c:\program files\creative\creative media lite\CTZDetec.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [hpqSRMon] c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\david\startm~1\programs\startup\101clips.lnk - c:\program files\101 clips\101Clips.exe
StartupFolder: c:\docume~1\david\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\FirePod Control Panel.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Hawking Wireless Utility.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\ImageMixer 3 SE Camera Monitor Ver.4.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\REALTEK RTL8187 Wireless LAN Utility.lnk.disabled
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\david\applic~1\mozilla\firefox\profiles\o26b083y.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mail2web.com/
FF - prefs.js: keyword.URL -
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-9 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-6 206256]
R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-5-27 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-27 20560]
S2 LARGAN;Largan.sys Digital Still Camera;c:\windows\system32\drivers\largan.sys --> c:\windows\system32\drivers\largan.sys [?]
S2 LARGANV;LARGAN Chameleon Video Camera;c:\windows\system32\drivers\larganv.sys --> c:\windows\system32\drivers\larganv.sys [?]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2007-11-27 20608]
S3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);c:\windows\system32\drivers\mausb.sys [2006-7-28 102528]
S3 pae_1394;pae_1394;c:\windows\system32\drivers\pae_1394.sys [2006-9-15 111616]
S3 pae_avs;pae_avs;c:\windows\system32\drivers\pae_avs.sys [2006-9-15 27136]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2006-9-9 16384]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [2006-9-9 10240]
S3 ps_1394;ps_1394;c:\windows\system32\drivers\ps_1394.sys [2006-9-12 97152]
S3 ps_avs;ps_avs;c:\windows\system32\drivers\ps_avs.sys [2006-9-12 24576]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2007-12-22 269824]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2007-12-22 13532]
S3 V0010bVd;Creative WebCam Vista #2;c:\windows\system32\drivers\V0010bVd.sys [2005-4-14 186551]
S3 ZD1211BU(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking);c:\windows\system32\drivers\ZD1211BU.sys [2007-11-27 402432]
S3 ZMHHPAudioSrv;ZOOM H Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmhhpau.sys --> c:\windows\system32\drivers\zmhhpau.sys [?]

=============== Created Last 30 ================

2009-10-17 08:56 <DIR> a-dshr-- C:\cmdcons
2009-10-17 08:51 236,544 a------- c:\windows\PEV.exe
2009-10-17 08:51 161,792 a------- c:\windows\SWREG.exe
2009-10-17 08:51 98,816 a------- c:\windows\sed.exe
2009-10-17 08:50 <DIR> --d----- C:\ComboFix
2009-10-16 16:56 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-15 08:23 54,156 a---h--- c:\windows\QTFont.qfn
2009-10-15 08:23 1,409 a------- c:\windows\QTFont.for
2009-10-12 08:31 408,576 a------- c:\windows\system32\Smab.dll
2009-10-12 08:24 240,128 a------- c:\windows\system32\x.264.exe
2009-10-11 21:01 0 a---h--- C:\aaw7boot.cmd
2009-10-09 11:00 15,688 a------- c:\windows\system32\lsdelete.exe
2009-10-09 09:47 64,288 a------- c:\windows\system32\drivers\Lbd.sys
2009-10-09 09:35 <DIR> --d----- c:\program files\Lavasoft
2009-10-08 07:04 128 a------- c:\windows\CODEJO~3.INI
2009-10-07 21:59 36 a------- c:\windows\SB_Previewer.INI
2009-10-07 21:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ShopBot
2009-10-07 21:54 396,960 a------- c:\windows\system32\MyCommandButton.ocx
2009-10-07 21:54 2,119,600 a------- c:\windows\system32\Codejock.CommandBars.v12.0.2.ocx
2009-10-07 21:54 1,652,656 a------- c:\windows\system32\Codejock.Controls.v12.0.2.ocx
2009-10-07 21:54 829,360 a------- c:\windows\system32\Codejock.SyntaxEdit.v12.0.2.ocx
2009-10-07 21:54 49,152 a------- c:\windows\system32\CP210xRuntime.dll
2009-10-06 22:30 4 a------- C:\WINDOWSRegDefrag.dat
2009-10-06 21:58 <DIR> --d----- c:\docume~1\david\applic~1\Systweak
2009-10-06 21:56 <DIR> --d----- c:\program files\Advanced System Optimizer
2009-10-06 21:10 <DIR> --d----- c:\docume~1\david\applic~1\Sammsoft
2009-10-06 21:09 <DIR> --d----- c:\program files\Advanced Registry Optimizer
2009-10-06 17:08 262,144 a------- c:\windows\system32\default_user_class.dat
2009-10-06 17:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-10-06 17:01 <DIR> --d----- c:\program files\STOPzilla!
2009-10-06 17:01 <DIR> --d----- c:\program files\common files\iS3
2009-10-06 17:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-10-06 13:35 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-10-06 13:35 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-10-06 13:35 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-06 13:35 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-10-06 13:35 <DIR> --d----- c:\program files\common files\PC Tools
2009-10-06 13:35 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-10-06 13:34 <DIR> --d----- c:\program files\Spyware Doctor
2009-10-06 13:34 <DIR> --d----- c:\docume~1\david\applic~1\PC Tools
2009-10-06 13:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-10-06 03:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-05 19:33 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-10-05 19:23 <DIR> --d----- C:\GTK
2009-10-05 17:41 <DIR> --d----- C:\fixwareout
2009-10-05 15:42 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-10-05 15:42 <DIR> --d----- c:\docume~1\david\applic~1\SUPERAntiSpyware.com
2009-10-05 09:04 <DIR> --d----- c:\program files\Sony Setup
2009-10-05 08:24 <DIR> --d----- c:\program files\PhotoshopPortable
2009-10-05 08:16 <DIR> --d----- c:\program files\Sony
2009-09-28 17:07 <DIR> --d----- c:\docume~1\david\applic~1\uTorrent
2009-09-27 11:33 <DIR> --d----- c:\docume~1\david\applic~1\Thinstall
2009-09-26 13:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PIXELA
2009-09-26 12:45 65,536 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-26 12:45 49,152 a------- c:\windows\system32\QuickTime.qts
2009-09-26 12:44 <DIR> --d----- c:\program files\Media Player Classic
2009-09-26 12:44 <DIR> --d----- c:\program files\QuickTime Alternative
2009-09-26 12:33 <DIR> --d----- c:\docume~1\david\applic~1\MPEG Streamclip
2009-09-26 11:32 <DIR> --d----- c:\docume~1\david\applic~1\ZoomBrowser EX
2009-09-26 11:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ZoomBrowser
2009-09-26 11:10 <DIR> --d----- c:\program files\Canon
2009-09-26 11:08 <DIR> --d----- c:\program files\common files\Canon
2009-09-26 10:43 <DIR> --d----- c:\program files\PIXELA

==================== Find3M ====================

2009-10-08 08:14 178,454 ac------ c:\windows\hpwins20.dat
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 ac------ c:\windows\system32\drivers\mbam.sys
2009-09-01 15:00 13,696 a------- c:\windows\system32\drivers\wpsnuio.sys
2009-08-06 19:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 19:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 19:24 35,552 a------- c:\windows\system32\dllcache\wups.dll
2009-08-06 19:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 19:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll
2009-08-06 19:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 19:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-20 14:57 17,408 a----r-- c:\windows\system32\SZIO5.dll
2009-07-20 14:56 311,296 a----r-- c:\windows\system32\SZBase5.dll
2009-07-20 14:56 540,672 a----r-- c:\windows\system32\SZComp5.dll
2008-04-21 17:37 32 ac------ c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-03-22 21:54 218 ac------ c:\documents and settings\david\fet_settings.dat
2008-08-17 17:03 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081720080818\index.dat

============= FINISH: 10:12:57.24 ===============

Good. Let's do some extra checks.

Uninstall old Adobe Reader versions and get the latest one (9.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Uninstall your current Adobe shockwave player and get the fresh one here if needed.

Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.


Uninstall following old Javas:
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2_03


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.

Post back the report & fresh dds.txt log. How's the system running?

Hey Blade -
I followed all the suggestions, except I couldn't get Kaspersky scan to run. It would get part way thru downloading the updates and the % on the screen would go out of sync with the amount download then, when the size of the download had completed - approx. 73 MB the "to be downloaded" amount doubled and then it would freeze.

I did the ATFcleaner and the dds and the log is below. In general my system is running much better.

If you wouldn't mind, I was wondering if you have an opinion of the hand full of programs I picked up before Ad-Aware, while trying to solve this. SpyBot, Spyware Doctor, SuperAntiSpyware, StopZilla, Malwarebytes, Check PC & Advanced System Optimizer... I think that's it.

Thanks again for your help.

DDS log follows:


DDS (Ver_09-10-13.01) - NTFSx86
Run by David at 18:56:23.50 on Sat 10/17/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.630.94 [GMT -4:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! antivirus 4.8.1351 [VPS 091016-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
svchost.exe
C:\WINDOWS\system32\basfipm.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dumprep.exe
C:\Documents and Settings\David\My Documents\davids stuff\computer stuff\malware stuff\AdAware\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.windstream.net/
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Catcher Class: {adecbed6-0366-4377-a739-e69dfba04663} - c:\program files\moyea\flv downloader\MoyeaCth.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [CTZDetec.exe] c:\program files\creative\creative media lite\CTZDetec.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [hpqSRMon] c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
StartupFolder: c:\docume~1\david\startm~1\programs\startup\101clips.lnk - c:\program files\101 clips\101Clips.exe
StartupFolder: c:\docume~1\david\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\FirePod Control Panel.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Hawking Wireless Utility.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\ImageMixer 3 SE Camera Monitor Ver.4.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\REALTEK RTL8187 Wireless LAN Utility.lnk.disabled
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\david\applic~1\mozilla\firefox\profiles\o26b083y.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mail2web.com/
FF - prefs.js: keyword.URL -
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\david\application data\mozilla\firefox\profiles\o26b083y.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\david\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-9 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-6 206256]
R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-5-27 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-27 20560]
S2 LARGAN;Largan.sys Digital Still Camera;c:\windows\system32\drivers\largan.sys --> c:\windows\system32\drivers\largan.sys [?]
S2 LARGANV;LARGAN Chameleon Video Camera;c:\windows\system32\drivers\larganv.sys --> c:\windows\system32\drivers\larganv.sys [?]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2007-11-27 20608]
S3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);c:\windows\system32\drivers\mausb.sys [2006-7-28 102528]
S3 pae_1394;pae_1394;c:\windows\system32\drivers\pae_1394.sys [2006-9-15 111616]
S3 pae_avs;pae_avs;c:\windows\system32\drivers\pae_avs.sys [2006-9-15 27136]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2006-9-9 16384]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [2006-9-9 10240]
S3 ps_1394;ps_1394;c:\windows\system32\drivers\ps_1394.sys [2006-9-12 97152]
S3 ps_avs;ps_avs;c:\windows\system32\drivers\ps_avs.sys [2006-9-12 24576]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2007-12-22 269824]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2007-12-22 13532]
S3 V0010bVd;Creative WebCam Vista #2;c:\windows\system32\drivers\V0010bVd.sys [2005-4-14 186551]
S3 ZD1211BU(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking);c:\windows\system32\drivers\ZD1211BU.sys [2007-11-27 402432]
S3 ZMHHPAudioSrv;ZOOM H Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmhhpau.sys --> c:\windows\system32\drivers\zmhhpau.sys [?]

=============== Created Last 30 ================

2009-10-17 17:43 808 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-10-17 17:17 <DIR> --d----- c:\program files\SumatraPDF
2009-10-17 17:14 <DIR> --d----- c:\windows\system32\Adobe
2009-10-17 08:56 <DIR> a-dshr-- C:\cmdcons
2009-10-17 08:51 236,544 a------- c:\windows\PEV.exe
2009-10-17 08:51 161,792 a------- c:\windows\SWREG.exe
2009-10-17 08:51 98,816 a------- c:\windows\sed.exe
2009-10-17 08:50 <DIR> --d----- C:\ComboFix
2009-10-16 16:56 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-15 08:23 54,156 a---h--- c:\windows\QTFont.qfn
2009-10-15 08:23 1,409 a------- c:\windows\QTFont.for
2009-10-12 08:31 408,576 a------- c:\windows\system32\Smab.dll
2009-10-12 08:24 240,128 a------- c:\windows\system32\x.264.exe
2009-10-11 21:01 0 a---h--- C:\aaw7boot.cmd
2009-10-09 11:00 15,688 a------- c:\windows\system32\lsdelete.exe
2009-10-09 09:47 64,288 a------- c:\windows\system32\drivers\Lbd.sys
2009-10-09 09:35 <DIR> --d----- c:\program files\Lavasoft
2009-10-08 07:04 128 a------- c:\windows\CODEJO~3.INI
2009-10-07 21:59 36 a------- c:\windows\SB_Previewer.INI
2009-10-07 21:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ShopBot
2009-10-07 21:54 396,960 a------- c:\windows\system32\MyCommandButton.ocx
2009-10-07 21:54 2,119,600 a------- c:\windows\system32\Codejock.CommandBars.v12.0.2.ocx
2009-10-07 21:54 1,652,656 a------- c:\windows\system32\Codejock.Controls.v12.0.2.ocx
2009-10-07 21:54 829,360 a------- c:\windows\system32\Codejock.SyntaxEdit.v12.0.2.ocx
2009-10-07 21:54 49,152 a------- c:\windows\system32\CP210xRuntime.dll
2009-10-06 22:30 4 a------- C:\WINDOWSRegDefrag.dat
2009-10-06 21:58 <DIR> --d----- c:\docume~1\david\applic~1\Systweak
2009-10-06 21:56 <DIR> --d----- c:\program files\Advanced System Optimizer
2009-10-06 21:10 <DIR> --d----- c:\docume~1\david\applic~1\Sammsoft
2009-10-06 21:09 <DIR> --d----- c:\program files\Advanced Registry Optimizer
2009-10-06 17:08 262,144 a------- c:\windows\system32\default_user_class.dat
2009-10-06 17:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-10-06 17:01 <DIR> --d----- c:\program files\STOPzilla!
2009-10-06 17:01 <DIR> --d----- c:\program files\common files\iS3
2009-10-06 17:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-10-06 13:35 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-10-06 13:35 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-10-06 13:35 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-06 13:35 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-10-06 13:35 <DIR> --d----- c:\program files\common files\PC Tools
2009-10-06 13:35 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-10-06 13:34 <DIR> --d----- c:\program files\Spyware Doctor
2009-10-06 13:34 <DIR> --d----- c:\docume~1\david\applic~1\PC Tools
2009-10-06 13:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-10-06 03:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-05 19:33 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-10-05 19:23 <DIR> --d----- C:\GTK
2009-10-05 17:41 <DIR> --d----- C:\fixwareout
2009-10-05 15:42 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-10-05 15:42 <DIR> --d----- c:\docume~1\david\applic~1\SUPERAntiSpyware.com
2009-10-05 09:04 <DIR> --d----- c:\program files\Sony Setup
2009-10-05 08:24 <DIR> --d----- c:\program files\PhotoshopPortable
2009-10-05 08:16 <DIR> --d----- c:\program files\Sony
2009-09-28 17:07 <DIR> --d----- c:\docume~1\david\applic~1\uTorrent
2009-09-27 11:33 <DIR> --d----- c:\docume~1\david\applic~1\Thinstall
2009-09-26 13:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PIXELA
2009-09-26 12:45 65,536 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-26 12:45 49,152 a------- c:\windows\system32\QuickTime.qts
2009-09-26 12:44 <DIR> --d----- c:\program files\Media Player Classic
2009-09-26 12:44 <DIR> --d----- c:\program files\QuickTime Alternative
2009-09-26 12:33 <DIR> --d----- c:\docume~1\david\applic~1\MPEG Streamclip
2009-09-26 11:32 <DIR> --d----- c:\docume~1\david\applic~1\ZoomBrowser EX
2009-09-26 11:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ZoomBrowser
2009-09-26 11:10 <DIR> --d----- c:\program files\Canon
2009-09-26 11:08 <DIR> --d----- c:\program files\common files\Canon
2009-09-26 10:43 <DIR> --d----- c:\program files\PIXELA

==================== Find3M ====================

2009-10-08 08:14 178,454 ac------ c:\windows\hpwins20.dat
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 ac------ c:\windows\system32\drivers\mbam.sys
2009-09-01 15:00 13,696 a------- c:\windows\system32\drivers\wpsnuio.sys
2009-08-06 19:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 19:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 19:24 35,552 a------- c:\windows\system32\dllcache\wups.dll
2009-08-06 19:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 19:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll
2009-08-06 19:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 19:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-20 14:57 17,408 a----r-- c:\windows\system32\SZIO5.dll
2009-07-20 14:56 311,296 a----r-- c:\windows\system32\SZBase5.dll
2009-07-20 14:56 540,672 a----r-- c:\windows\system32\SZComp5.dll
2008-04-21 17:37 32 ac------ c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-03-22 21:54 218 ac------ c:\documents and settings\david\fet_settings.dat
2008-08-17 17:03 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081720080818\index.dat

============= FINISH: 18:58:48.21 ===============

Since Kaspersky didn't work as hoped let's use ESET scanner instead.

* Go here to run an online scanner from ESET.

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• Make sure that the option Remove found threats is UNchecked.
• Click Scan
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic.

Of that group of other programs Spybot, SuperAntiSpyware and Malwarebytes' Anti-Malware are good ones. Two antispyware programs installed should be enough in one system.

Ok, ESET did work for me.
It found two problems, but one of them:
"ShopBot 3\ControlBoxLoader\LOAD_ControlBox.exe"
Is part of some CNC software I use. Ad-aware tags it too, but I have reported it as a false positive.
And the other is in quarantine by another program I think?
My symptoms are still gone, and the system is running well.
Thanks again...

Here's the log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6208
# api_version=3.0.2
# EOSSerial=98e29071a8d6d245bdd5be97d3f0137d
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-18 01:53:33
# local_time=2009-10-18 09:53:33 (-0500, Eastern Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 15346387 15346387 0 0
# compatibility_mode=1023 16777215 0 0 0 0 0 0
# compatibility_mode=2815 16777215 0 0 0 0 0 0
# compatibility_mode=3839 16777215 0 0 0 0 0 0
# compatibility_mode=5890 16777214 0 0 0 0 0 0
# compatibility_mode=8447 16777215 0 0 0 0 0 0
# scanned=128210
# found=2
# cleaned=0
# scan_time=5913
C:\Program Files\ShopBot\ShopBot 3\ControlBoxLoader\LOAD_ControlBox.exe probably a variant of Win32/IRCBot trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\atapi.sys.vir Win32/Olmarik.OF virus 00000000000000000000000000000000 I

Quarantined item will be cleaned when you uninstall ComboFix (instructions below)



THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis



Now lets uninstall ComboFix:

• Click START then RUN
• Now copy-paste Combofix /u in the runbox and click OK

Please download OTC and save it to desktop.

• Double-click OTC.exe.
• Click the CleanUp! button.
• Select Yes when the
  Begin cleanup Process?
  prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.



UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

• hosts file:
  • Every version of windows has a hosts file as part of them.
  • In a very basic sense, they are used to locate webpages.
  • We can customize a hosts file so that it blocks certain webpages.
  • However, it can slow down certain computers.
  • This is why using a hosts file is optional!!
  Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
  If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
  1. Click the start button (at the lower left hand corner of your screen)
  2. Click run
  3. In the dialog box, type services.msc
  4. hit enter, then locate dns client
  5. Highlight it, then double-click it.
  6. On the dropdown box, change the setting from automatic to manual.
  7. Click ok

Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade

Well I followed all your recommendations except the "hosts file" program... which I'm still trying to figure out if it will slow down my system since I run on XP?

RE: Updates
The last time I did a windows update, my system stopped working and a couple of thousand emails in Outlook express disappeared. I ended up reverting to a restore point and had been reluctant to update since. (My machine ran again but the emails were still gone?)

These are among the updates Windows recommended and they seem to have been problems with FireFox, as I've read.

Microsoft .NET Framework 1.1

Windows Media Format Runtime

But I guess having them turned off in options in FireFox works.

Then there's this one...
Windows Malicious Software Remvoval Tool
Do you have an opinion on it?

In any case, I did download and install the updates and it seems to have gone without incident, other than it taking up half a gig of hard drive space, which is a bit of a pain.

I can't thank you enough for all your help with this.
Wishing you all the best.
djb

You're welcome



I believe Firefox will disable those automatically if it notices incompatibilities with them.



New version of that tool is released monthly together with security updates. It's recommended to install it when offered.

Hey Blade,
I did go ahead and try the "hosts" site you recommended and it seems to be making browsing faster rather than slower. It even blocks certain ads while letting the main content of the site function.

One last question before this goes into the "stubborn virus solved" archive.
Did the final work that ComboFix did reveal the name of the malware it found? My wife asked "what was it?" And I realized I couldn't really tell her. Or do infections sometimes get cleared without actually finding out what they were?

Just curious.
Knowing there are folks like you out there helping to alleviate mal-ware suffering - balances out my frustration with the people that use so much creative energy making these bugs to begin with.

So thanks again...
djb

Glad to hear hosts file had positive impact

The issue there was caused by a variant of TDSS rootkit.

This is most likely unrelated to the problem I had before, don't know.

While doing all that I did with your helpful guidance before, I would occasionally get a blue screen, with "A problem has been detected and windows has been shut down to prevent damage..."

On restart the problem seemed to correct itself.

Now I'm getting the screen again. Details are:

REGISTRY_ERROR

Tech Info:
*** STOP: 0x00000051 (0x00000001,0xE2179008,0x02566000,0x000001D6)

Now I can't even get it to start in safe mode, or safe with command prompt.
I was able to get to some diagnostics and when it ran all "blue screen" tests they all passed.

As I watch it try to start in safe mode it always seems to hang when it gets to "agpcpq.sys"

I've run across some suggestions online but they all assume I can get into my system somehow.
I do have the original Dell system CD that I can boot with, and I can get to DOS with that, but I don't know what to tell it?
If you can help or steer me to a resource I'd greatly appreciate it.
Thanks,
David

Hi David,

I recommend you create a topic in some forum that deals with general issues too. Tech Support Guy would be one of such forums.

Thanks Blade, I'll do that.
David

You're welcome and good luck with solving the problem.