I have been infected with some minor but hard to get rid of spyware. Basically cookies for Google and YouTube (and probably other sites, but I haven't been to any that save my username) won't work, and my sessions won't be saved, so I have to re-login which is quite annoying. Also, searches in the main bar in Firefox redirect to Yoog. Google Toolbar and Firefox search bar still work OK. Minor annoyances, but Spybot, Malwarebytes, and AVG haven't fixed them. Please help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:57 PM, on 8/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\ps2.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC07.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://hyvee.lifepics.com/net/Uploader/LPUploader45.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152662250812
O16 - DPF: {B030900C-746A-47BF-8B1D-EA3FB3395563} (CoxFastConnect20 Control) - https://fastconnect.cox.net/cd20/CoxFastConnect20.ocx
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - http://cnn-5.vo.llnwd.net/c1/static/cab_headless/GameTapWebUpdater.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/activex/virtools/CacheManager.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5181/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O24 - Desktop Component 0: (no name) - http://image.com.com/gamespot/images/2007/191/932377_20070711_embed005.jpg

--
End of file - 11706 bytes

Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------



Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1 (http://jpshortstuff.247fixes.com/GooredFix.exe)
Download Mirror #2 (http://downloads.securitycadets.com/GooredFix.exe) Ensure all Firefox windows are closed. To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista). When prompted to run the scan, click Yes. GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


Download and Run RSIT

Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:

log.txt will be opened maximized.
info.txt will be opened minimized.

Please post the contents of both log.txt and info.txt.
( They can also be found in the C:\RSIT folder )



SysProt Antirootkit

Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.
Double click Sysprot.exe to start the program.
Click on the Log tab. In the Write to log box select all items.
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.



----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

GooredFix Log
RSIT Logs
Sysprot Log
Do you have a Router ?

GooredFix by jpshortstuff (12.07.09)
Log created at 22:03 on 07/08/2009 (Owner)
Firefox version 3.5.2 (en-US)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [19:09 07/02/2006]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [01:29 02/07/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [22:56 31/12/2008]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [01:28 02/07/2009]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox" [04:18 04/08/2009]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [00:09 07/08/2009]

-=E.O.F=-


Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-08-07 22:05:17
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 48 GB (44%) free of 109 GB
Total RAM: 511 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:35 PM, on 8/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\ps2.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe
C:\Program Files\7-Zip\7zFM.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://hyvee.lifepics.com/net/Uploader/LPUploader45.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152662250812
O16 - DPF: {B030900C-746A-47BF-8B1D-EA3FB3395563} (CoxFastConnect20 Control) - https://fastconnect.cox.net/cd20/CoxFastConnect20.ocx
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - http://cnn-5.vo.llnwd.net/c1/static/cab_headless/GameTapWebUpdater.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/activex/virtools/CacheManager.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5181/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O24 - Desktop Component 0: (no name) - http://image.com.com/gamespot/images/2007/191/932377_20070711_embed005.jpg

--
End of file - 11850 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1139442623.job
C:\WINDOWS\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-03 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]
PCTools Site Guard - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{955BE0B8-BC85-4CAF-856E-8E0D8B610560}]
Encarta Web Companion Helper Object - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-03 228048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-26 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C333CF63-767F-4831-94AC-E683D962C63C}]
CoTGT_BHO Class - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll [2004-08-24 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-01 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP View - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll [2003-06-17 98304]
{147D6308-0614-4112-89B1-31402F9B82C4} - Encarta Web Companion - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-03 228048]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2008-05-16 13529088]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-21 29744]
"VX3000"=C:\WINDOWS\vVX3000.exe [2007-04-10 709992]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2008-05-16 86016]
"Sunkist2k"=C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2003-08-09 139264]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992]
"PS2"=C:\WINDOWS\system32\ps2.exe [2002-10-16 81920]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HPHUPD05"=c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe [2003-05-23 49152]
"HPHmon05"=C:\WINDOWS\System32\hphmon05.exe [2003-05-23 483328]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-04-07 114688]
"AutoTKit"=C:\hp\bin\AUTOTKIT.EXE [2003-06-18 53248]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-01 148888]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-03 2000152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-02 68856]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2008-10-31 50480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe [2003-06-22 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bjtlgievrlu]
C:\WINDOWS\System32\regsvr32.exe [2008-04-13 11776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe [2002-10-07 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
c:\Program Files\HP\HP Software Update\HPWuSchd.exe [2003-06-14 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE [2003-02-11 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [2003-02-24 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\MSMSGS.EXE [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-06-03 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RamBooster]
C:\Program Files\RamBooster 2.0\Rambooster.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
C:\Program Files\Real\RealOne Player\realplay.exe [2006-06-09 1003520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-07-23 21738792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [2007-09-20 132624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe [2004-10-04 1118208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2003-08-23 151597]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winhpdrv]
C:\Documents and Settings\Owner\Application Data\Google\xtgoj6119471.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2004-02-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpqtra08.exe [2003-06-13 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe [2003-04-06 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
C:\PROGRA~1\Quicken\bagent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
C:\PROGRA~1\UPDATE~1\137903\Program\BACKWE~1.EXE [2003-08-23 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^HP Organize.lnk]
C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\DISPLA~1.EXE -application core.hp.main/application.xml -appname eLife []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe -q []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-03 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-07 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll [2003-02-21 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"AllowLegacyWebView"=
"AllowUnhashedWebView"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Java\j2re1.4.1_02\bin\javaw.exe"="C:\Program Files\Java\j2re1.4.1_02\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe"="C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe:*:Enabled:SpamSubtract"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Electronic Arts\Need For Speed III\nfs3.exe"="C:\Program Files\Electronic Arts\Need For Speed III\nfs3.exe:*:Enabled:Need For Speed III for Win32"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\Program Files\Scholastic Digital Downloads\Gadgets\Gadgets.exe"="C:\Program Files\Scholastic Digital Downloads\Gadgets\Gadgets.exe:*:Enabled:Gadgets"
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe"="C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe"="C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
"C:\WINDOWS\system32\mshta.exe"="C:\WINDOWS\system32\mshta.exe:*:Enabled:Microsoft (R) HTML Application host"
"C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe"="C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe:*:Enabled:Microsoft Flight Simulator®"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\MusicBrainz Picard\picard.exe"="C:\Program Files\MusicBrainz Picard\picard.exe:*:Enabled:The next generation MusicBrainz tagger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2e7836d-956f-11dd-9bc6-000c6ec89c95}]
shell\AutoRun\command - K:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-08-07 22:05:17 ----D---- C:\rsit
2009-08-07 19:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-07 19:03:07 ----D---- C:\WINDOWS\LastGood
2009-08-06 19:08:04 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-06 19:07:57 ----D---- C:\Program Files\MSBuild
2009-08-06 19:07:46 ----D---- C:\Program Files\Reference Assemblies
2009-08-06 19:07:00 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-08-06 19:07:00 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-08-06 19:06:59 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-08-06 19:06:58 ----D---- C:\26d0a8f26d206a3dce1a8918c8853f
2009-08-03 23:47:24 ----HD---- C:\$AVG8.VAULT$
2009-08-03 23:19:22 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-08-03 23:18:54 ----D---- C:\Program Files\AVG
2009-08-03 23:08:31 ----D---- C:\Documents and Settings\Owner\Application Data\AVG8
2009-07-15 19:05:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 19:05:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 19:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

======List of files/folders modified in the last 1 months======

2009-08-07 22:06:15 ----D---- C:\WINDOWS\Prefetch
2009-08-07 22:03:35 ----D---- C:\Program Files\Mozilla Firefox
2009-08-07 19:18:04 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-07 19:09:26 ----HD---- C:\WINDOWS\inf
2009-08-07 19:09:23 ----D---- C:\WINDOWS
2009-08-07 19:09:21 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-07 19:09:12 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-07 19:08:32 ----D---- C:\WINDOWS\Temp
2009-08-07 19:07:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-07 19:02:18 ----SHD---- C:\WINDOWS\Installer
2009-08-07 18:55:59 ----D---- C:\Program Files\Mozilla Thunderbird
2009-08-07 10:35:21 ----SD---- C:\WINDOWS\Tasks
2009-08-07 10:35:16 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-08-07 02:05:25 ----RSD---- C:\WINDOWS\assembly
2009-08-06 19:25:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-06 19:16:24 ----D---- C:\WINDOWS\system32
2009-08-06 19:16:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-06 19:15:40 ----D---- C:\WINDOWS\WinSxS
2009-08-06 19:07:59 ----D---- C:\WINDOWS\system32\en-US
2009-08-06 19:07:57 ----D---- C:\Program Files
2009-08-06 19:07:53 ----RSD---- C:\WINDOWS\Fonts
2009-08-06 19:07:30 ----D---- C:\WINDOWS\system32\spool
2009-08-04 09:46:23 ----D---- C:\Program Files\Common Files
2009-08-03 23:47:28 ----D---- C:\Documents and Settings\Owner\Application Data\Google
2009-08-03 23:19:22 ----D---- C:\WINDOWS\system32\drivers
2009-08-03 23:18:52 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-08-03 22:38:07 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-02 22:54:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-02 00:00:34 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-01 23:53:30 ----D---- C:\Program Files\Microsoft Silverlight
2009-08-01 23:24:13 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-29 19:04:25 ----A---- C:\WINDOWS\imsins.BAK
2009-07-29 19:03:39 ----D---- C:\Program Files\Internet Explorer
2009-07-29 19:02:57 ----D---- C:\WINDOWS\ie8updates
2009-07-29 19:01:41 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-25 20:59:31 ----D---- C:\Documents and Settings\All Users\Application Data\TrackMania
2009-07-24 11:32:52 ----A---- C:\WINDOWS\ModemLog_Lucent Win Modem.txt
2009-07-24 11:25:53 ----D---- C:\WINDOWS\system32\FxsTmp
2009-07-20 10:52:55 ----D---- C:\rh
2009-07-19 18:48:58 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 08:18:59 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-03 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-03 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-08-03 108552]
R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2003-04-11 10624]
R1 StyleXPHelper;StyleXPHelper; \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ltmodem5;Lucent Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-03-31 625537]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2003-08-23 28276]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 NVENET;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2004-01-29 93764]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-03 10368]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 vidcap;vidcap; C:\WINDOWS\system32\DRIVERS\vidcap.sys [2006-12-27 9006]
R3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2007-04-10 1966696]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2003-05-21 253672]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2009-01-13 19336]
R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2009-01-13 49160]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 a8rc5px3;a8rc5px3; C:\WINDOWS\system32\drivers\a8rc5px3.sys []
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2003-05-14 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2003-05-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2003-05-14 21488]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-05-25 48640]
S3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-05-25 396032]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-04 166912]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-05-06 394752]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
S3 SYMIDSCO;SYMIDSCO; \??\C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS []
S3 TIEHDUSB;TIEHDUSB; C:\WINDOWS\system32\drivers\tiehdusb.sys [2004-02-04 49536]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2009-01-13 29192]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2009-01-13 14728]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-03 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-01 152984]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 omniserv;Softex OmniPass Service; C:\Program Files\Softex\OmniPass\Omniserv.exe [2003-02-21 68704]
R2 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [2004-10-04 307200]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-21 29744]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2003-05-14 65795]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-08-07 22:06:53

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\Sierra\RCRacersDemo\Uninst.isu
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Digital Editions-->"C:\Program Files\Adobe\Adobe Digital Editions\uninstall.exe"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Age of Mythology-->"C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
AIM 6-->C:\Program Files\AIM6\uninst.exe
Alphabet-->C:\WINDOWS\unvise.exe C:\Program Files\sz8009\uninstal.log
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft ShowBiz 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}\setup.exe" -l0x9
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Barbie(R) Pet Rescue-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Mattel Interactive\Barbie(R)\Barbie(R) Pet Rescue\Uninst.isu"
Barbie(TM) as Rapunzel-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\RapunzelUn.exe
Barbie® Super Sports(TM)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Barbie\Barbie® Super Sports(TM)\Uninst.isu"
Blasterball 2 Holidays (Free with HP Game Console)-->"C:\Program Files\HP Games\Blasterball 2 Holidays\Uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Centipede-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Centipede\CentUnin.isu"
Cheetah DVD Burner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}\Setup.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ConvertHelper 2.1-->"C:\Program Files\ConvertHelper\unins000.exe"
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Crayon Physics Deluxe Demo - release 52-->"C:\Program Files\Crayon Physics Deluxe Demo\unins000.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Disney Princess Royal Horse Show-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2387D970-F42D-4278-AA40-7B727F9721FC}\setup.exe" -l0x9 Disney Princess Royal Horse Show
Disney's Magic Artist-->C:\WINDOWS\uninst.exe -f"C:\Disney Interactive\Disney's Magic Artist\DeIsL1.isu"
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
Fisher-Price Petshop-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Fisher-Price®\Petshop\DeIsL1.isu"
Foxit PDF Creator-->C:\Program Files\Foxit Software\PDF Creator\FPC_Uninstall.exe
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
FREE Hi-Q Recorder 1.92-->"C:\Program Files\FREE Hi-Q Recorder\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GraphicView 32-->C:\PROGRA~1\GRAPHI~1\UNWISE.EXE C:\PROGRA~1\GRAPHI~1\INSTALL.LOG
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Photo & Imaging 3.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - hp psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
HP Software Update-->MsiExec.exe /X{C05E10AC-BD86-4564-9D16-EF11D7314FB2}
HP Unload DLL Patch-->MsiExec.exe /X{595D0DE8-C38A-4432-B851-47DECC1A99BD}
HPImageZone-->MsiExec.exe /X{11946FA8-329A-4DDF-B867-A32781FED8EE}
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD}
Java 2 Runtime Environment, SE v1.4.1_02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext
Java Web Start-->"C:\Program Files\Java Web Start\uninst-javaws.exe"
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
JumpStart Typing v1.1-->C:\WINDOWS\IsUninst.exe -fC:\KA\JSTYPING\DeIsL1.isu
KBD-->C:\HP\KBD\KBD.EXE uninstalled
Lame ACM MP3 Codec-->"C:\WINDOWS\IFinst26.exe" -UC:\Program Files\Lame MP3 Codec\IFUE.inf
LEGO Digital Designer-->C:\Program Files\LEGO Company\LEGO Digital Designer\Uninstall.exe
LEGO Racers-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\LEGO Media\Games\LEGO Racers\Uninst.isu"
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mario Forever v 2.16 !-->C:\Buziol Games\Mario Forever\UnMario.exe
McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Flight Simulator X: Acceleration-->C:\WINDOWS\system32\msiexec.exe /qb /l*vx "%TEMP%\FlightSimUninstall.log" /uninstall {A9729B90-D37B-4A69-B66A-7436AC1F7274}
Microsoft Flight Simulator X: Acceleration-->MsiExec.exe /I{A9729B90-D37B-4A69-B66A-7436AC1F7274}
Microsoft Flight Simulator X-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft LifeCam-->MsiExec.exe /X{63AFACBC-4795-4A1B-8037-5085DC03FC54}
Microsoft MPEG-4 VKI Video Codec V1/V2/V3-->rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\mpg4c32.inf
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! for Windows XP-->MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Student 2006 DVD-->MsiExec.exe /I{06041881-3E21-46D6-9A91-D927BA08F41D}
Microsoft Student Graphing Calculator-->MsiExec.exe /I{06043840-7A70-4AC6-9340-2EB7E1486914}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.22)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Multimedia Card Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E05895C5-FE97-4334-8D73-B0089FD07CE3}
MultiRes (remove only)-->C:\Program Files\MultiRes\uninstal.exe
MusicBrainz Picard 0.11-->C:\Program Files\MusicBrainz Picard\uninst.exe
MUSICMATCH® Jukebox-->C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
MyFreeCodec-->C:\Program Files\MyFree Codec\09b beta\uninstall.exe
Need For Speed III-->C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Electronic Arts\Need For Speed III\DeIsL1.isu" -c"C:\Program Files\Electronic Arts\Need For Speed III\eauninst.dll"
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Mega Plugin Pack-->MsiExec.exe /I{EF901A4B-A25A-4962-83C6-C6691D062ED9}
NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
NvMixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall
oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe
OmniPass-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\Setup.exe" -l0x9
Photosmart 140,240,7200,7600,7700,7900 Series-->C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
Protected Music Converter 1.0.0.21-->"C:\Program Files\WMA-MP3.com\Protected Music Converter\unins000.exe"
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quick Screen Capture 3.0-->"C:\Program Files\Quick Screen Capture\unins000.exe"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealOne Player-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
S3Display-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
Sabrina Animated-->C:\WINDOWS\UninstSabrinaAnim.exe
Samsung Media Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\Setup.exe" -l0x9
SDFormatter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A347920-4AFC-11D5-9FB0-800649886934}\setup.exe"
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spirit (remove only)-->"C:\Program Files\THQ\Spirit\uninstall.exe"
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Star Wars Battlefront-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C79CB9C7-10A4-4814-8402-F574672C2192}\Setup.exe" -l0x9
StyleXP (remove only)-->"C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TBS WMP Plug-in-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{13515135-48BB-4184-8C1F-2FAE0138E200}
TI Connect 1.6-->MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
TmNationsForever-->"C:\Program Files\TmNationsForever\unins000.exe"
toolkit-->c:\Windows\HPTK\unhptkit.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Updates from HP-->C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903
VIV Wizard v0.9.0.299-->"C:\Program Files\VIV Wizard\unins000.exe"
Weblink-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4FCC384C-18EA-4E25-9281-A06AE006D219}\setup.exe" -l0x9
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xiph QuickTime Components-->"C:\Program Files\QuickTime\QTComponents\XiphQTuninstall.exe"
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"
XviD MPEG-4 Video Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf
ZD Soft Screen Video Decoder-->rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\scrvid.inf
ZD Soft Video Recorder-->"C:\Program Files\ZD Soft\Video Recorder\Uninstall.exe"
Zoo Tycoon 2-->"C:\Program Files\Microsoft Games\Zoo Tycoon 2\UNINSTAL.EXE" /runtemp /uninstall

=====HijackThis Backups=====

O18 - Filter hijack: text/html - (no CLSID) - (no file) [2008-12-09]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: YOUR-XHTR8HVC4P
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk0\D.

Record Number: 137206
Source Name: Disk
Time Written: 20090803032434.000000-300
Event Type: error
User:

Computer Name: YOUR-XHTR8HVC4P
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk0\D.

Record Number: 137205
Source Name: Disk
Time Written: 20090803032433.000000-300
Event Type: error
User:

Computer Name: YOUR-XHTR8HVC4P
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk0\D.

Record Number: 137204
Source Name: Disk
Time Written: 20090803032433.000000-300
Event Type: error
User:

Computer Name: YOUR-XHTR8HVC4P
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk0\D.

Record Number: 137203
Source Name: Disk
Time Written: 20090803032432.000000-300
Event Type: error
User:

Computer Name: YOUR-XHTR8HVC4P
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk0\D.

Record Number: 137202
Source Name: Disk
Time Written: 20090803032432.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: YOUR-XHTR8HVC4P
Event Code: 1
Message:
Record Number: 100948
Source Name: nview_info
Time Written: 20081209172800.000000-360
Event Type: error
User:

Computer Name: YOUR-XHTR8HVC4P
Event Code: 1
Message:
Record Number: 100947
Source Name: nview_info
Time Written: 20081209172735.000000-360
Event Type: error
User:

Computer Name: YOUR-XHTR8HVC4P
Event Code: 1
Message:
Record Number: 100946
Source Name: nview_info
Time Written: 20081209172735.000000-360
Event Type: error
User:

Computer Name: YOUR-XHTR8HVC4P
Event Code: 1
Message:
Record Number: 100945
Source Name: nview_info
Time Written: 20081209172735.000000-360
Event Type: error
User:

Computer Name: YOUR-XHTR8HVC4P
Event Code: 1
Message:
Record Number: 100944
Source Name: nview_info
Time Written: 20081209172310.000000-360
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"VERSION"=3.0.0
"SESSIONID"=1229920156291g1u0355c.austin.hp.com-37f7dd63:11ea2dd6e62:-5f5f
"COLLECTIONID"=COL7878
"ITEMID"=ps-22590-2
"UPDATEDIR"=C:\DOCUME~1\Owner\LOCALS~1\Temp\radF5AC2.tmp
"TOOLPATH"=/C:/Program%20Files/HP/HP%20Software%20Update/install.htm
"HMSERVER"=https://vausnzisprob.austin.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.16.20030613
"OSVER"=winXPH
"LANG"=1033
"TIMEOUT"=0
"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.1_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.1_02\lib\ext\QTJava.zip

-----------------EOF-----------------

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 672
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 752
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 780
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 824
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 836
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 988
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1104
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1212
Hidden: No
Window Visible: No

Name: C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
PID: 1244
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1268
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1392
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1552
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1648
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 260
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 288
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
PID: 312
Hidden: No
Window Visible: No

Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 356
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\cisvc.exe
PID: 376
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 588
Hidden: No
Window Visible: No

Name: C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PID: 624
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PID: 632
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\nvsvc32.exe
PID: 800
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgrsx.exe
PID: 1032
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
PID: 1040
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgcsrvx.exe
PID: 1180
Hidden: No
Window Visible: No

Name: C:\Program Files\Softex\OmniPass\omniServ.exe
PID: 1184
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1372
Hidden: No
Window Visible: No

Name: C:\Program Files\Softex\OmniPass\OPXPApp.exe
PID: 2140
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 2216
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 2760
Hidden: No
Window Visible: No

Name: C:\WINDOWS\vVX3000.exe
PID: 3444
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\rundll32.exe
PID: 3464
Hidden: No
Window Visible: No

Name: C:\Program Files\Multimedia Card Reader\shwicon2k.exe
PID: 3480
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ps2.EXE
PID: 3536
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system\hpsysdrv.exe
PID: 3624
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\hphmon05.exe
PID: 3640
Hidden: No
Window Visible: No

Name: C:\Program Files\iTunes\iTunesHelper.exe
PID: 3760
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 3780
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgtray.exe
PID: 3824
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe
PID: 3832
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PID: 3852
Hidden: No
Window Visible: No

Name: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PID: 3860
Hidden: No
Window Visible: No

Name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PID: 3948
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
PID: 180
Hidden: No
Window Visible: No

Name: C:\Program Files\iPod\bin\iPodService.exe
PID: 1440
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PID: 1368
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PID: 2120
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\cidaemon.exe
PID: 3288
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\notepad.exe
PID: 4124
Hidden: No
Window Visible: Yes

Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 4148
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wbem\wmiprvse.exe
PID: 4280
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\notepad.exe
PID: 4504
Hidden: No
Window Visible: Yes

Name: C:\WINDOWS\system32\notepad.exe
PID: 4760
Hidden: No
Window Visible: Yes

Name: C:\Documents and Settings\Owner\Desktop\SysProt\SysProt.exe
PID: 4672
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \\?\globalroot\systemroot\system32\drivers\TDSStoehtabu.sys
Service Name: TDSSserv.sys
Module Base: ---
Module End: ---
Hidden: Yes

Module Name: \??\C:\Documents and Settings\Owner\Desktop\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: B9E58000
Module End: B9E63000
Hidden: No

Module Name: \WINDOWS\system32\ntoskrnl.exe
Service Name: ---
Module Base: 804D7000
Module End: 806ED700
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806EE000
Module End: 8070E300
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F899F000
Module End: F89A1000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F88AF000
Module End: F88B2000
Hidden: No

Module Name: spdg.sys
Service Name: ---
Module Base: F837E000
Module End: F847E000
Hidden: Yes

Module Name: \WINDOWS\System32\Drivers\WMILIB.SYS
Service Name: ---
Module Base: F89A1000
Module End: F89A3000
Hidden: No

Module Name: \WINDOWS\System32\Drivers\SCSIPORT.SYS
Service Name: ScsiPort
Module Base: F8366000
Module End: F837E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\imagesrv.sys
Service Name: imagesrv
Module Base: F8347000
Module End: F8366000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F8319000
Module End: F8347000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F849F000
Module End: F84A9000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F8308000
Module End: F8319000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F8A67000
Module End: F8A68000
Hidden: No

Module Name: \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F871F000
Module End: F8726000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F84AF000
Module End: F84BA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F82E9000
Module End: F8308000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F8727000
Module End: F872C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F84BF000
Module End: F84CC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F82D1000
Module End: F82E9000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\nvatabus.sys
Service Name: nvatabus
Module Base: F82BD000
Module End: F82D1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\imagedrv.sys
Service Name: imagedrv
Module Base: F89A3000
Module End: F89A5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F84CF000
Module End: F84D8000
Hidden: No

Module Name: \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F84DF000
Module End: F84EC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: F829D000
Module End: F82BD000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F828B000
Module End: F829D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: F84EF000
Module End: F84F8000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F8274000
Module End: F828B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\WudfPf.sys
Service Name: WudfPf
Module Base: F8261000
Module End: F8274000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F81D4000
Module End: F8261000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F81A7000
Module End: F81D4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\SISAGPX.sys
Service Name: SISAGP
Module Base: F84FF000
Module End: F8508000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\viaagp1.sys
Service Name: viaagp1
Module Base: F872F000
Module End: F8736000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sfvfs02.sys
Service Name: sfvfs02
Module Base: F8194000
Module End: F81A7000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sfhlp02.sys
Service Name: sfhlp02
Module Base: F8737000
Module End: F873F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sfdrv01.sys
Service Name: sfdrv01
Module Base: F8182000
Module End: F8194000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys
Service Name: ohci1394
Module Base: F850F000
Module End: F851F000
Hidden: No

Module Name: \WINDOWS\System32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: F851F000
Module End: F852D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\nv_agp.sys
Service Name: nv_agp
Module Base: F873F000
Module End: F8745000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F8168000
Module End: F8182000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\agp440.sys
Service Name: agp440
Module Base: F852F000
Module End: F853A000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\nic1394.sys
Service Name: NIC1394
Module Base: F856F000
Module End: F857F000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\amdk7.sys
Service Name: AmdK7
Module Base: F7CA8000
Module End: F7CB2000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\fdc.sys
Service Name: Fdc
Module Base: F88A7000
Module End: F88AE000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\parport.sys
Service Name: Parport
Module Base: F7725000
Module End: F7739000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: F7C98000
Module End: F7CA5000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\PS2.sys
Service Name: Ps2
Module Base: F7749000
Module End: F774D000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F874F000
Module End: F8755000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\serial.sys
Service Name: Serial
Module Base: F7C88000
Module End: F7C98000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\serenum.sys
Service Name: Serenum
Module Base: F7745000
Module End: F7749000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: F8757000
Module End: F875C000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F7701000
Module End: F7725000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F875F000
Module End: F8767000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\NVENET.sys
Service Name: NVENET
Module Base: F76EA000
Module End: F7701000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ALCXWDM.SYS
Service Name: ALCXWDM
Module Base: F72FB000
Module End: F76EA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: F72D7000
Module End: F72FB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F7C68000
Module End: F7C77000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ks.sys
Service Name: ---
Module Base: F72B4000
Module End: F72D7000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys
Service Name: ltmodem5
Module Base: F721F000
Module End: F72B4000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: F8767000
Module End: F876F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pfc.sys
Service Name: pfc
Module Base: F7741000
Module End: F7744000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\MxlW2k.SYS
Service Name: MxlW2k
Module Base: F876F000
Module End: F8776000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\AFS2K.SYS
Service Name: AFS2K
Module Base: F7C48000
Module End: F7C51000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F782B000
Module End: F783B000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F780B000
Module End: F781A000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: F77FB000
Module End: F7805000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F86FF000
Module End: F870A000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
Service Name: nv
Module Base: F687E000
Module End: F6EBF000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F686A000
Module End: F687E000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\a8rc5px3.SYS
Service Name: ---
Module Base: F6805000
Module End: F686A000
Hidden: Yes

Module Name: C:\WINDOWS\system32\DRIVERS\vidcap.sys
Service Name: vidcap
Module Base: F8104000
Module End: F8107000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\windrvr6.sys
Service Name: WinDriver6
Module Base: F67E3000
Module End: F6805000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F8A6D000
Module End: F8A6E000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F870F000
Module End: F871C000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F8100000
Module End: F8103000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F67CC000
Module End: F67E3000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F857F000
Module End: F858A000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F858F000
Module End: F859B000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F87EF000
Module End: F87F4000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\psched.sys
Service Name: PSched
Module Base: F67BB000
Module End: F67CC000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F859F000
Module End: F85A8000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F87F7000
Module End: F87FC000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F87FF000
Module End: F8804000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F85AF000
Module End: F85B9000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F8807000
Module End: F880D000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F8A19000
Module End: F8A1B000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\update.sys
Service Name: Update
Module Base: F675D000
Module End: F67BB000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F80F8000
Module End: F80FC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\WmBEnum.sys
Service Name: WmBEnum
Module Base: F895B000
Module End: F895F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\WmXlCore.sys
Service Name: WmXlCore
Module Base: F85BF000
Module End: F85CA000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F86CF000
Module End: F86D9000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F86DF000
Module End: F86EE000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F8A4F000
Module End: F8A51000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Service Name: Flpydisk
Module Base: F87AF000
Module End: F87B4000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F8A63000
Module End: F8A65000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: F87BF000
Module End: F87C6000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F87C7000
Module End: F87CD000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F8A65000
Module End: F8A67000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F89A5000
Module End: F89A7000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F87CF000
Module End: F87D4000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F87D7000
Module End: F87DF000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F66E1000
Module End: F66E4000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: F2512000
Module End: F2525000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: F24B9000
Module End: F2512000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgtdix.sys
Service Name: AvgTdiX
Module Base: F244C000
Module End: F2465000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: F23D4000
Module End: F23FA000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: F5586000
Module End: F5589000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: F5472000
Module End: F547B000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: F23AC000
Module End: F23D4000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: F238A000
Module End: F23AC000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F5462000
Module End: F546B000
Hidden: No

Module Name: \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe
Service Name: StyleXPHelper
Module Base: F54E2000
Module End: F54E7000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\srvkp.sys
Service Name: SiSkp
Module Base: F5582000
Module End: F5585000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: F235F000
Module End: F238A000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: F22EF000
Module End: F235F000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F322F000
Module End: F323A000
Hidden: No

Module Name: \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys
Service Name: SunkFilt
Module Base: F54DA000
Module End: F54E1000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Service Name: USBSTOR
Module Base: F54D2000
Module End: F54D9000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F5F95000
Module End: F5F9E000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\arp1394.sys
Service Name: Arp1394
Module Base: F5F75000
Module End: F5F84000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: F54C2000
Module End: F54CA000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Service Name: AvgMfx86
Module Base: F296F000
Module End: F2975000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: F319B000
Module End: F319E000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgldx86.sys
Service Name: AvgLdx86
Module Base: F14D6000
Module End: F1527000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VX3000.sys
Service Name: VX3000
Module Base: F12F8000
Module End: F14D6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\STREAM.SYS
Service Name: ---
Module Base: F5422000
Module End: F542F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\usbaudio.sys
Service Name: usbaudio
Module Base: F5482000
Module End: F5491000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: EB926000
Module End: EB94A000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_nvatabus.sys
Service Name: ---
Module Base: EB912000
Module End: EB926000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F89E7000
Module End: F89E9000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: F22D9000
Module End: F22DC000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F04C7000
Module End: F04CC000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: EFF8F000
Module End: EFF90000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: F0F16000
Module End: F0F1A000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: BAFD3000
Module End: BB000000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: F77EB000
Module End: F77FB000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\srv.sys
Service Name: ---
Module Base: BAF09000
Module End: BAF5B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: BAB5C000
Module End: BAB71000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: EFF5D000
Module End: EFF6C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: BA873000
Module End: BA8B4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: B8C8D000
Module End: B8CB8000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Service Name: ParVdm
Module Base: F8A3F000
Module End: F8A41000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F8BB4000
Module End: F8BB5000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: F837F0E0
Driver Base: F837E000
Driver End: F847E000
Driver Name: spdg.sys

Function Name: ZwEnumerateKey
Address: F839DCA2
Driver Base: F837E000
Driver End: F847E000
Driver Name: spdg.sys

Function Name: ZwEnumerateValueKey
Address: F839E030
Driver Base: F837E000
Driver End: F847E000
Driver Name: spdg.sys

Function Name: ZwOpenKey
Address: F837F0C0
Driver Base: F837E000
Driver End: F847E000
Driver Name: spdg.sys

Function Name: ZwQueryKey
Address: F839E108
Driver Base: F837E000
Driver End: F847E000
Driver Name: spdg.sys

Function Name: ZwQueryValueKey
Address: F839DF88
Driver Base: F837E000
Driver End: F847E000
Driver Name: spdg.sys

Function Name: ZwSetValueKey
Address: F839E19A
Driver Base: F837E000
Driver End: F847E000
Driver Name: spdg.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
IRP Hooks:
Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: F82CD950
Hooking Module: C:\WINDOWS\system32\drivers\nvatabus.sys

Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: F82CD950
Hooking Module: C:\WINDOWS\system32\drivers\nvatabus.sys

Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: F82CD950
Hooking Module: C:\WINDOWS\system32\drivers\nvatabus.sys

Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys
Hooked IRP: IRP_MJ_READ
Jump To: F82CD950
Hooking Module: C:\WINDOWS\system32\drivers\nvatabus.sys

Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: F82CD950
Hooking Module: C:\WINDOWS\system32\drivers\nvatabus.sys

Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: F82CD950
Hooking Module: C:\WINDOWS\system32\drivers\nvatabus.sys

Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: F82CD950
Hooking Module: C:\WINDOWS\system32\drivers\nvatabus.sys

Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: F82CD950
Hooking Module: C:\WINDOWS\system32\drivers\nvatabus.sys

Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys
Hooked IRP: IRP_MJ_SET_EA
Jump To: F82CD950
Hooking Module: C:\WINDOWS\system32\drivers\nvatabus.sys

Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: F82CD950
Hooking Module: C:\WINDOWS\system32\drivers\nvatabus.sys

Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: F82CD950
Hooking Module: C:\WINDOWS\system32\drivers\nvatabus.sys

Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: F82CD950
Hooking Module: C:\WINDOWS\system32\drivers\nvatabus.sys

Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: F82CD950
Hooking Module: C:\WINDOWS\system32\drivers\nvatabus.sys

Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: F82CD950
Hooking Module: C:\WINDOWS\system32\drivers\nvatabus.sys

Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: F82CD950
Hooking Module: C:\WINDOWS\system32\drivers\nvatabus.sys

Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: F82CD950
Hooking Module: C:\WINDOWS\system32\drivers\nvatabus.sys

Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: F82CD950
Hooking Module: C:\WINDOWS\system32\drivers\nvatabus.sys

Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: F82CD950
Hooking Module: C:\WINDOWS\system32\drivers\nvatabus.sys

Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: F82CD950
Hooking Module: C:\WINDOWS\system32\drivers\nvatabus.sys

Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: F82CD950
Hooking Module: C:\WINDOWS\system32\drivers\nvatabus.sys

Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: F82CD950
Hooking Module: C:\WINDOWS\system32\drivers\nvatabus.sys

Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: F82CD950
Hooking Module: C:\WINDOWS\system32\drivers\nvatabus.sys

Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys
Hooked IRP: IRP_MJ_POWER
Jump To: F82CD950
Hooking Module: C:\WINDOWS\system32\drivers\nvatabus.sys

Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: F82CD950
Hooking Module: C:\WINDOWS\system32\drivers\nvatabus.sys

Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: F82CD950
Hooking Module: C:\WINDOWS\system32\drivers\nvatabus.sys

Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: F82CD950
Hooking Module: C:\WINDOWS\system32\drivers\nvatabus.sys

Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: F82CD950
Hooking Module: C:\WINDOWS\system32\drivers\nvatabus.sys

Hooked Module: C:\WINDOWS\system32\drivers\imagedrv.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 82A861F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\imagedrv.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 82A861F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\imagedrv.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 82A861F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\imagedrv.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 82A861F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\imagedrv.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 82A861F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\imagedrv.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 82A861F8
Hooking Module: _unknown_

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE
Jump To: F837F000
Hooking Module: spdg.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: F837F000
Hooking Module: spdg.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLOSE
Jump To: F837F000
Hooking Module: spdg.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_READ
Jump To: F837F000
Hooking Module: spdg.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_WRITE
Jump To: F837F000
Hooking Module: spdg.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: F837F000
Hooking Module: spdg.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: F837F000
Hooking Module: spdg.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: F837F000
Hooking Module: spdg.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_EA
Jump To: F837F000
Hooking Module: spdg.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: F837F000
Hooking Module: spdg.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: F837F000
Hooking Module: spdg.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: F837F000
Hooking Module: spdg.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: F837F000
Hooking Module: spdg.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: F837F000
Hooking Module: spdg.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: F837F000
Hooking Module: spdg.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: F837F000
Hooking Module: spdg.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: F837F000
Hooking Module: spdg.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: F837F000
Hooking Module: spdg.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLEANUP
Jump To: F837F000
Hooking Module: spdg.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: F837F000
Hooking Module: spdg.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: F837F000
Hooking Module: spdg.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: F837F000
Hooking Module: spdg.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_POWER
Jump To: F837F000
Hooking Module: spdg.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: F837F000
Hooking Module: spdg.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: F837F000
Hooking Module: spdg.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: F837F000
Hooking Module: spdg.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: F837F000
Hooking Module: spdg.sys

Hooked Module: C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_CREATE
Jump To: 8219C1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8219C1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_READ
Jump To: 8219C1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_WRITE
Jump To: 8219C1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8219C1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8219C1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_POWER
Jump To: 8219C1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8219C1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8288F1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8288F1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8288F1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8288F1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8288F1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8288F1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 82AF81F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_READ
Jump To: 82AF81F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 82AF81F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 82AF81F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 82AF81F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 82AF81F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 82AF81F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 82AF81F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 82AF81F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 82AF81F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 824D2500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 824D2500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 824D2500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 824D2500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 824D2500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 827EB1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 827EB1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_READ
Jump To: 827EB1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 827EB1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 827EB1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 827EB1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 827EB1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 827EB1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 827EB1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 827EB1F8
Hooking Module: _unknown_

Hooked Module: \Driver\PCI_PNP0960
Hooked IRP: IRP_MJ_CREATE
Jump To: F83C2B1C
Hooking Module: spdg.sys

Hooked Module: \Driver\PCI_PNP0960
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: F83C2B1C
Hooking Module: spdg.sys

Hooked Module: \Driver\PCI_PNP0960
Hooked IRP: IRP_MJ_CLOSE
Jump To: F83C2B1C
Hooking Module: spdg.sys

Hooked Module: \Driver\PCI_PNP0960
Hooked IRP: IRP_MJ_READ
Jump To: F83C2B1C
Hooking Module: spdg.sys

Hooked Module: \Driver\PCI_PNP0960
Hooked IRP: IRP_MJ_WRITE
Jump To: F83C2B1C
Hooking Module: spdg.sys

Hooked Module: \Driver\PCI_PNP0960
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: F83C2B1C
Hooking Module: spdg.sys

Hooked Module: \Driver\PCI_PNP0960
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: F83C2B1C
Hooking Module: spdg.sys

Hooked Module: \Driver\PCI_PNP0960
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: F83C2B1C
Hooking Module: spdg.sys

Hooked Module: \Driver\PCI_PNP0960
Hooked IRP: IRP_MJ_SET_EA
Jump To: F83C2B1C
Hooking Module: spdg.sys

Hooked Module: \Driver\PCI_PNP0960
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: F83C2B1C
Hooking Module: spdg.sys

Hooked Module: \Driver\PCI_PNP0960
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: F83C2B1C
Hooking Module: spdg.sys

Hooked Module: \Driver\PCI_PNP0960
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: F83C2B1C
Hooking Module: spdg.sys

Hooked Module: \Driver\PCI_PNP0960
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: F83C2B1C
Hooking Module: spdg.sys

Hooked Module: \Driver\PCI_PNP0960
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: F83C2B1C
Hooking Module: spdg.sys

Hooked Module: \Driver\PCI_PNP0960
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: F83C2B1C
Hooking Module: spdg.sys

Hooked Module: \Driver\PCI_PNP0960
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: F83C2B1C
Hooking Module: spdg.sys

Hooked Module: \Driver\PCI_PNP0960
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: F83C2B1C
Hooking Module: spdg.sys

Hooked Module: \Driver\PCI_PNP0960
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: F83C2B1C
Hooking Module: spdg.sys

Hooked Module: \Driver\PCI_PNP0960
Hooked IRP: IRP_MJ_CLEANUP
Jump To: F83C2B1C
Hooking Module: spdg.sys

Hooked Module: \Driver\PCI_PNP0960
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: F83C2B1C
Hooking Module: spdg.sys

Hooked Module: \Driver\PCI_PNP0960
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: F83C2B1C
Hooking Module: spdg.sys

Hooked Module: \Driver\PCI_PNP0960
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: F83C2B1C
Hooking Module: spdg.sys

Hooked Module: \Driver\PCI_PNP0960
Hooked IRP: IRP_MJ_POWER
Jump To: F8386E1C
Hooking Module: spdg.sys

Hooked Module: \Driver\PCI_PNP0960
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: F839B514
Hooking Module: spdg.sys

Hooked Module: \Driver\PCI_PNP0960
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: F83C2B1C
Hooking Module: spdg.sys

Hooked Module: \Driver\PCI_PNP0960
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: F83C2B1C
Hooking Module: spdg.sys

Hooked Module: \Driver\PCI_PNP0960
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: F83C2B1C
Hooking Module: spdg.sys

Hooked Module: \SystemRoot\System32\Drivers\a8rc5px3.SYS
Hooked IRP: IRP_MJ_CREATE
Jump To: 8277D500
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\a8rc5px3.SYS
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8277D500
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\a8rc5px3.SYS
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8277D500
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\a8rc5px3.SYS
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8277D500
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\a8rc5px3.SYS
Hooked IRP: IRP_MJ_POWER
Jump To: 8277D500
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\a8rc5px3.SYS
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8277D500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 827FB1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 827FB1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 827FB1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 827FB1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 827FB1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 827FB1F8
Hooking Module: _unknown_

******************************************************************************************
******************************************************************************************
Ports:
Local Address: YOUR-XHTR8HVC4P.BELKIN:4730
Remote Address: IY-IN-F137.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P.BELKIN:4728
Remote Address: IY-IN-F100.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P.BELKIN:4726
Remote Address: IY-IN-F99.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P.BELKIN:4724
Remote Address: IY-IN-F103.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P.BELKIN:4722
Remote Address: IY-IN-F103.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P.BELKIN:4720
Remote Address: IY-IN-F103.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P.BELKIN:4718
Remote Address: IY-IN-F102.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P.BELKIN:4703
Remote Address: IY-IN-F99.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P.BELKIN:4699
Remote Address: IY-IN-F113.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P.BELKIN:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: YOUR-XHTR8HVC4P:27015
Remote Address: LOCALHOST:1031
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: YOUR-XHTR8HVC4P:18080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: YOUR-XHTR8HVC4P:13128
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: YOUR-XHTR8HVC4P:10080
Remote Address: LOCALHOST:4729
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P:10080
Remote Address: LOCALHOST:4727
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P:10080
Remote Address: LOCALHOST:4725
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P:10080
Remote Address: LOCALHOST:4723
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P:10080
Remote Address: LOCALHOST:4721
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P:10080
Remote Address: LOCALHOST:4719
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P:10080
Remote Address: LOCALHOST:4717
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P:10080
Remote Address: LOCALHOST:4709
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-XHTR8HVC4P:10080
Remote Address: LOCALHOST:4704
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-XHTR8HVC4P:10080
Remote Address: LOCALHOST:4702
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P:10080
Remote Address: LOCALHOST:4700
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-XHTR8HVC4P:10080
Remote Address: LOCALHOST:4698
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P:10080
Remote Address: LOCALHOST:4695
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-XHTR8HVC4P:10080
Remote Address: LOCALHOST:4693
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-XHTR8HVC4P:10080
Remote Address: LOCALHOST:4689
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-XHTR8HVC4P:10080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: YOUR-XHTR8HVC4P:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: YOUR-XHTR8HVC4P:5152
Remote Address: LOCALHOST:4688
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: CLOSE_WAIT

Local Address: YOUR-XHTR8HVC4P:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: YOUR-XHTR8HVC4P:4995
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
State: CLOSE_WAIT

Local Address: YOUR-XHTR8HVC4P:4729
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P:4727
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P:4725
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P:4723
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P:4721
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P:4719
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P:4717
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P:4702
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P:4698
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P:4692
Remote Address: LOCALHOST:4691
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P:4691
Remote Address: LOCALHOST:4692
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P:4687
Remote Address: LOCALHOST:4686
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P:4686
Remote Address: LOCALHOST:4687
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P:1031
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: YOUR-XHTR8HVC4P:1026
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: YOUR-XHTR8HVC4P:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: YOUR-XHTR8HVC4P:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: YOUR-XHTR8HVC4P.BELKIN:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: YOUR-XHTR8HVC4P.BELKIN:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: YOUR-XHTR8HVC4P.BELKIN:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: YOUR-XHTR8HVC4P.BELKIN:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: YOUR-XHTR8HVC4P.BELKIN:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: YOUR-XHTR8HVC4P:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: YOUR-XHTR8HVC4P:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: YOUR-XHTR8HVC4P:51376
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: YOUR-XHTR8HVC4P:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: YOUR-XHTR8HVC4P:1025
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: YOUR-XHTR8HVC4P:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: YOUR-XHTR8HVC4P:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\Owner\My Documents\TrackMania\Tracks\Replays\Autosaves\Owner_$s$009Attack Speed 2.Replay.gbx
Status: Hidden

Object: C:\System Volume Information\catalog.wci
Status: Access denied

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}
Status: Access denied

Disable Teatimer
We need to disable Teatimer as it may interfere with the cleaning.
Please do not re-enable it until I give instructions.

First step: Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident Second step, For Either Version : Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Click Link >>> HERE <<< Link (http://www.neoshine.co.uk/mina/Downloads/TTWipe.bat) and select "save as" and save it to your desktop
Double click TTWipe.bat
Reboot your machine for the changes to take effect.


----------------------------------------------------------------------------------------
Step 1

Malwarebytes' Anti-Malware
I notice that you have MBAM installed, please do the following

Start MalwareBytes AntiMalware

Update Malwarebytes' Anti-Malware
Select the Update tab
Click Update

When the update is complete, select the Scanner tab
Select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


----------------------------------------------------------------------------------------
Step 2


Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html)

----------------------------------------------------------------------------------------
Step 3

Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan (http://www.pandasecurity.com/activescan/index/) << LINK

Click the Scan Now button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
When the scan is finished, a report will be generated
Next to Scan Details click the small export to notepad button and save the report to your desktop.
Please post the report in your reply.


----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

MalwareBytes Log
Combofix Log
ActiveScan Log
How are things running now ?

Malwarebytes' Anti-Malware 1.40
Database version: 2583
Windows 5.1.2600 Service Pack 3

8/9/2009 2:43:01 PM
mbam-log-2009-08-09 (14-43-01).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 281760
Time elapsed: 16 hour(s), 39 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Owner\Application Data\Twain (Trojan.Matcash) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Sysvxd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


ComboFix 09-08-09.04 - Owner 08/09/2009 19:56.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.341 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\Google\T-Scan
c:\program files\INSTALL.LOG
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\desktop
c:\windows\Installer\128cb.msi
c:\windows\Installer\6b34a.msi
c:\windows\system32\iAlmcoin.dll
c:\windows\system32\muzapp.exe
c:\windows\system32\qpfswnbq.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.

2009-08-09 02:57 . 2009-08-09 02:57 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-08 03:05 . 2009-08-08 03:06 -------- d-----w- C:\rsit
2009-08-07 00:08 . 2009-08-07 00:08 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-08-07 00:08 . 2009-08-07 00:08 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-07 00:07 . 2009-08-07 00:07 -------- d-----w- c:\program files\MSBuild
2009-08-07 00:07 . 2009-08-07 00:07 -------- d-----w- c:\program files\Reference Assemblies
2009-08-07 00:07 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-07 00:07 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-07 00:07 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-07 00:07 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-07 00:07 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-07 00:06 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-07 00:06 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-07 00:06 . 2009-08-07 00:07 -------- d-----w- C:\26d0a8f26d206a3dce1a8918c8853f
2009-08-07 00:01 . 2009-08-07 00:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-04 04:47 . 2009-08-05 04:14 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-04 04:19 . 2009-08-09 22:55 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-04 04:19 . 2009-08-04 04:19 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-04 04:19 . 2009-08-04 04:19 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-04 04:19 . 2009-08-04 04:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-04 04:19 . 2009-08-04 04:19 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-04 04:18 . 2009-08-04 04:18 -------- d-----w- c:\program files\AVG
2009-08-04 04:08 . 2009-08-04 04:08 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8
2009-08-03 03:24 . 2009-03-24 19:43 43008 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2z7vkg4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
2009-08-03 03:24 . 2009-03-24 19:43 43008 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2z7vkg4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-08-03 03:24 . 2009-03-24 19:43 235520 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2z7vkg4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll
2009-08-03 03:24 . 2009-03-24 19:43 338432 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2z7vkg4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-08-03 03:24 . 2009-03-24 19:42 235008 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2z7vkg4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll
2009-08-03 03:24 . 2009-03-24 19:42 345088 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2z7vkg4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-09 22:05 . 2006-07-09 22:06 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-09 19:47 . 2008-12-31 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-09 02:57 . 2008-12-10 00:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-09 02:45 . 2008-12-05 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-07 06:36 . 2003-08-23 14:12 57488 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-06 17:42 . 2009-01-01 00:06 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-08-04 04:18 . 2009-05-13 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-04 03:38 . 2008-05-27 17:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-03 18:36 . 2008-12-10 00:40 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2008-12-10 00:41 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 05:00 . 2008-12-05 03:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-02 04:53 . 2008-08-09 18:10 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-26 01:59 . 2008-04-20 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\TrackMania
2009-07-04 20:30 . 2009-01-19 00:48 -------- d-----w- c:\program files\Crayon Physics Deluxe Demo
2009-07-03 17:09 . 2006-06-23 16:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 01:28 . 2009-07-02 01:29 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-02 01:28 . 2006-02-06 17:50 -------- d-----w- c:\program files\Java
2009-07-02 01:28 . 2009-07-02 01:26 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-28 23:57 . 2008-07-08 00:55 -------- d-----w- c:\program files\pluto
2009-06-28 23:04 . 2009-06-28 23:04 -------- d-----w- c:\documents and settings\Owner\Application Data\W Photo Studio Viewer
2009-06-20 23:14 . 2009-06-20 23:13 -------- d-----w- c:\program files\iTunes
2009-06-20 23:14 . 2009-06-20 23:14 -------- d-----w- c:\program files\iPod
2009-06-20 23:14 . 2007-11-17 03:02 -------- d-----w- c:\program files\Common Files\Apple
2009-06-20 23:10 . 2007-11-17 03:10 -------- d-----w- c:\program files\QuickTime
2009-06-20 23:01 . 2009-06-20 23:01 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-16 14:36 . 2003-08-08 16:18 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2003-08-08 15:35 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 02:09 . 2007-12-29 17:25 -------- d-----w- c:\program files\Microsoft Games
2009-06-03 19:09 . 2005-08-30 15:14 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-19 01:30 . 2009-05-19 00:16 191 ----a-w- c:\program files\wf.ini
2009-05-19 00:23 . 2009-05-19 00:16 148 ----a-w- c:\program files\wf.sco
2004-05-04 07:23 . 2004-05-02 16:40 506080 ----a-w- c:\program files\data.bin
2004-05-04 07:23 . 2004-05-02 16:40 421888 ----a-w- c:\program files\wf.exe
2004-05-04 07:22 . 2004-05-02 16:40 2949 ----a-w- c:\program files\readme.txt
2004-05-04 07:18 . 2004-05-02 16:40 19762 ----a-w- c:\program files\readme_j.txt
2008-08-21 19:46 . 2006-04-02 20:09 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-03-09 00:25 . 2006-02-09 01:35 56 --sh--r- c:\windows\system32\14D0DF8240.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-03 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-05-16 13529088]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-21 29744]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-05-16 86016]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 139264]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"AutoTKit"="c:\hp\bin\AUTOTKIT.EXE" [2003-06-19 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-02 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-04 2000152]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\program files\TGTSoft\StyleXP\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-04 04:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^HP Organize.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\HP Organize.lnk
backup=c:\windows\pss\HP Organize.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk
backup=c:\windows\pss\spamsubtract.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\j2re1.4.1_02\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MusicBrainz Picard\\picard.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/3/2009 11:19 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/3/2009 11:19 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/3/2009 11:18 PM 297752]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/31/2008 5:58 PM 210216]
R3 vidcap;vidcap;c:\windows\system32\drivers\vidcap.sys [12/27/2006 9:47 AM 9006]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/2/2006 3:08 PM 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2006-05-25 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8139442623.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 06:52]

2009-08-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-31 02:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://srch-us9.hpwis.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://srch-us9.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://hyvee.lifepics.com/net/Uploader/LPUploader45.cab
DPF: {B030900C-746A-47BF-8B1D-EA3FB3395563} - hxxps://fastconnect.cox.net/cd20/CoxFastConnect20.ocx
DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://cnn-5.vo.llnwd.net/c1/static/cab_headless/GameTapWebUpdater.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2z7vkg4i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?sourceid=navclient-ff&ie=UTF-8&rlz=1R0GGGL_en&hl=en
FF - prefs.js: keyword.URL - hxxp://www10.yoog.com/search.php?q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www10.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-09 20:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-525576053-3040792642-2766600285-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=

[HKEY_USERS\S-1-5-21-525576053-3040792642-2766600285-1003\Software\SecuROM\License information*]
"datasecu"=hex:a6,bc,04,8a,20,f2,76,1a,b7,f9,28,7a,ac,36,5b,47,ea,a7,17,45,48,
4f,f3,e6,37,99,70,30,e9,fe,ed,58,1d,b3,7c,52,89,dc,63,4e,c1,10,49,10,6a,27,\
"rkeysecu"=hex:e2,26,6d,94,9c,ba,ad,1d,64,79,70,1b,d8,19,de,23
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\program files\Softex\OmniPass\opxpgina.dll

- - - - - - - > 'explorer.exe'(1544)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Softex\OmniPass\omniServ.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Softex\OmniPass\OPXPApp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-10 20:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-10 01:36

Pre-Run: 51,531,300,864 bytes free
Post-Run: 51,862,327,296 bytes free

352 --- E O F --- 2009-08-08 00:09


;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-08-10 11:40:18
PROTECTIONS: 1
MALWARE: 3
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free 8.5 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP883\A0114522.sys
01692698 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\Owner\Application Data\Macromedia\Shockwave Player\xtras\download\TheGrooveAlliance\3DGrooveXtrav181\Groove.x32
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP884\A0114625.sys
;===================================================================================================================================================================================
SUSPECTS
Sent Location f
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description f
;===================================================================================================================================================================================
;===================================================================================================================================================================================

I am still having the same problems.

I think it also may be worth mentioning that I cannot locate

C:\Documents and Settings\Owner\Application Data\

Could it have been blocked?

I think it also may be worth mentioning that I cannot locate
It is a hidden folder.

Try this, and let me know if the problem still exists

Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:



File::
c:\documents and settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
c:\windows\pss\LimeWire On Startup.lnk
Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Java\\j2re1.4.1_02\\bin\\javaw.exe"=-
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
Folder::
C:\Documents and Settings\Owner\Application Data\Macromedia\Shockwave Player\xtras\download\TheGrooveAlliance\3DGrooveXtrav181
RegLock::
[HKEY_USERS\S-1-5-21-525576053-3040792642-2766600285-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
RegNull::
[HKEY_USERS\S-1-5-21-525576053-3040792642-2766600285-1003\Software\SecuROM\License information*]

Firefox::
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2z7vkg4i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: keyword.URL - hxxp://www10.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www10.yoog.com/search.php?q=
ADS::
Save this as CFScript.txt and place it on your desktop.


http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

ComboFix 09-08-10.01 - Owner 08/10/2009 18:54.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.333 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk"
"c:\windows\pss\LimeWire On Startup.lnk"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

?
c:\documents and settings\Owner\Application Data\Macromedia\Shockwave Player\xtras\download\TheGrooveAlliance\3DGrooveXtrav181


.
((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.

2009-08-09 02:57 . 2009-08-09 02:57 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-08 03:05 . 2009-08-08 03:06 -------- d-----w- C:\rsit
2009-08-07 00:08 . 2009-08-07 00:08 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-08-07 00:08 . 2009-08-07 00:08 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-07 00:07 . 2009-08-07 00:07 -------- d-----w- c:\program files\MSBuild
2009-08-07 00:07 . 2009-08-07 00:07 -------- d-----w- c:\program files\Reference Assemblies
2009-08-07 00:07 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-07 00:07 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-07 00:07 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-07 00:07 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-07 00:07 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-07 00:06 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-07 00:06 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-07 00:06 . 2009-08-07 00:07 -------- d-----w- C:\26d0a8f26d206a3dce1a8918c8853f
2009-08-07 00:01 . 2009-08-07 00:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-04 04:47 . 2009-08-05 04:14 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-04 04:19 . 2009-08-10 14:49 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-04 04:19 . 2009-08-04 04:19 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-04 04:19 . 2009-08-04 04:19 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-04 04:19 . 2009-08-04 04:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-04 04:19 . 2009-08-04 04:19 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-04 04:18 . 2009-08-04 04:18 -------- d-----w- c:\program files\AVG
2009-08-04 04:08 . 2009-08-04 04:08 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8
2009-08-03 03:24 . 2009-03-24 19:43 43008 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2z7vkg4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
2009-08-03 03:24 . 2009-03-24 19:43 43008 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2z7vkg4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-08-03 03:24 . 2009-03-24 19:43 235520 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2z7vkg4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll
2009-08-03 03:24 . 2009-03-24 19:43 338432 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2z7vkg4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-08-03 03:24 . 2009-03-24 19:42 235008 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2z7vkg4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll
2009-08-03 03:24 . 2009-03-24 19:42 345088 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2z7vkg4i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 22:45 . 2008-12-31 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-10 18:18 . 2006-07-09 22:06 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-10 01:40 . 2009-08-10 01:40 -------- d-----w- c:\program files\Panda Security
2009-08-09 02:57 . 2008-12-10 00:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-09 02:45 . 2008-12-05 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-07 06:36 . 2003-08-23 14:12 57488 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-06 17:42 . 2009-01-01 00:06 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-08-04 04:18 . 2009-05-13 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-04 03:38 . 2008-05-27 17:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-03 18:36 . 2008-12-10 00:40 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2008-12-10 00:41 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 05:00 . 2008-12-05 03:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-02 04:53 . 2008-08-09 18:10 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-26 01:59 . 2008-04-20 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\TrackMania
2009-07-04 20:30 . 2009-01-19 00:48 -------- d-----w- c:\program files\Crayon Physics Deluxe Demo
2009-07-03 17:09 . 2006-06-23 16:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 01:28 . 2009-07-02 01:29 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-02 01:28 . 2006-02-06 17:50 -------- d-----w- c:\program files\Java
2009-07-02 01:28 . 2009-07-02 01:26 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-28 23:57 . 2008-07-08 00:55 -------- d-----w- c:\program files\pluto
2009-06-28 23:04 . 2009-06-28 23:04 -------- d-----w- c:\documents and settings\Owner\Application Data\W Photo Studio Viewer
2009-06-20 23:14 . 2009-06-20 23:13 -------- d-----w- c:\program files\iTunes
2009-06-20 23:14 . 2009-06-20 23:14 -------- d-----w- c:\program files\iPod
2009-06-20 23:14 . 2007-11-17 03:02 -------- d-----w- c:\program files\Common Files\Apple
2009-06-20 23:10 . 2007-11-17 03:10 -------- d-----w- c:\program files\QuickTime
2009-06-20 23:01 . 2009-06-20 23:01 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-16 14:36 . 2003-08-08 16:18 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2003-08-08 15:35 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 02:09 . 2007-12-29 17:25 -------- d-----w- c:\program files\Microsoft Games
2009-06-03 19:09 . 2005-08-30 15:14 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-19 01:30 . 2009-05-19 00:16 191 ----a-w- c:\program files\wf.ini
2009-05-19 00:23 . 2009-05-19 00:16 148 ----a-w- c:\program files\wf.sco
2004-05-04 07:23 . 2004-05-02 16:40 506080 ----a-w- c:\program files\data.bin
2004-05-04 07:23 . 2004-05-02 16:40 421888 ----a-w- c:\program files\wf.exe
2004-05-04 07:22 . 2004-05-02 16:40 2949 ----a-w- c:\program files\readme.txt
2004-05-04 07:18 . 2004-05-02 16:40 19762 ----a-w- c:\program files\readme_j.txt
2008-08-21 19:46 . 2006-04-02 20:09 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-03-09 00:25 . 2006-02-09 01:35 56 --sh--r- c:\windows\system32\14D0DF8240.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-08-10_01.21.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-10 01:41 . 2008-06-19 22:24 28544 c:\windows\system32\drivers\pavboot.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-03 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-05-16 13529088]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-21 29744]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-05-16 86016]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 139264]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"AutoTKit"="c:\hp\bin\AUTOTKIT.EXE" [2003-06-19 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-02 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-04 2000152]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\program files\TGTSoft\StyleXP\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-04 04:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^HP Organize.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\HP Organize.lnk
backup=c:\windows\pss\HP Organize.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk
backup=c:\windows\pss\spamsubtract.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MusicBrainz Picard\\picard.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/3/2009 11:19 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/3/2009 11:19 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/3/2009 11:18 PM 297752]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/31/2008 5:58 PM 210216]
R3 vidcap;vidcap;c:\windows\system32\drivers\vidcap.sys [12/27/2006 9:47 AM 9006]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/2/2006 3:08 PM 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2006-05-25 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8139442623.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 06:52]

2009-08-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-31 02:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://srch-us9.hpwis.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://srch-us9.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://hyvee.lifepics.com/net/Uploader/LPUploader45.cab
DPF: {B030900C-746A-47BF-8B1D-EA3FB3395563} - hxxps://fastconnect.cox.net/cd20/CoxFastConnect20.ocx
DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://cnn-5.vo.llnwd.net/c1/static/cab_headless/GameTapWebUpdater.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2z7vkg4i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?sourceid=navclient-ff&ie=UTF-8&rlz=1R0GGGL_en&hl=en
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: keyword.enabled - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 19:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\program files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2009-08-11 19:23
ComboFix-quarantined-files.txt 2009-08-11 00:23
ComboFix2.txt 2009-08-10 01:36

Pre-Run: 51,746,930,688 bytes free
Post-Run: 51,729,248,256 bytes free

302 --- E O F --- 2009-08-08 00:09

Search is back to Google, but sites still won't remember my username.

but sites still won't remember my username.

Have you tried clearing cookies ?
Which browser is this in ?

I've been looking at the cookies and it seems like they are being deleted every time I close Firefox. All my settings are still the same and it should accept cookies. I'm not sure what is causing this.

Open Firefox

Click Tools >> Options
Select the Privacy tab

Make sure there is no tick against "Clear History When FireFox Closes"

Yes, there is no tick next to that setting, but cookies are still being deleted.

There are many reasons why Firefox may not be storing the cookies, you will get better assistance at the Mozilla site than I can provide.

http://forums.mozillazine.org/viewforum.php?f=38


----------------------------------------------------------------------------------------
Congratulations your logs look clean :)

Let's see if I can help you keep it that way

First lets tidy up



Uninstall Combofix
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png




OTCleanup
Please download OTCleanup from HERE (http://oldtimer.geekstogo.com/OTC.exe)
Click the OTC.exe icon and then click the CleanUp button.
If you get any pop ups asking if it is OK let the program proceed. At the end the program will ask to let it reboot the computer. Let it do so.
Let me know if there were any problems with OT CleanIt




You can also delete any logs we have produced, and empty your Recycle bin.

----------------------------------------------------------- -----------------------------------------------------------

The following is some info to help you stay safe and clean.


You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details

AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner

Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/index.php?option=com_content&view=article&id=15&Itemid=33) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections

Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.

Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

Thanks for the help.