This is my first post.
Virtumonde infected my Win XP. I keep getting popups to a site called reditty.com.
Kasperstky Online scan was completed, however,the text is too long. Please advise how to submit it. Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:50 PM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\OO Software\CleverCache\OOCCSVC.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\RemotelyAnywhere\RaMaint.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\Slave.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RemotelyAnywhere\RAGui.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Promise\Promise Disk Controller Manager\UtMsgAgt.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\Program Files\WinFax\WFXMOD32.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Noël Danjou\DynSite\DynSite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Assistant\Nassi.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\FOLDER~1\BETA1~1\bxExpHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Anonymizer Proxy - {0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\NetConeal\Anonymity Shield\ProxyNew.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {379E2B31-3561-4E41-8850-E657A1A5C215} - C:\WINDOWS\system32\pmnmjGYO.dll (file missing)
O2 - BHO: (no name) - {51126754-66B8-4BDC-A197-17426524CDC9} - C:\WINDOWS\system32\qoMcaxYp.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SubClass Explorer - {5E15C29A-B33F-45A3-A540-A6E66832FC3B} - C:\PROGRA~1\FOLDER~1\BETA1~1\SUBCLA~1.DLL
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79E9BB14-A5F2-46E0-B996-FB3D571DD3E1} - C:\WINDOWS\system32\ssqRIyAP.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VideoRaptorIePlugin Class - {90C8E8F8-A7C9-41E4-92E4-C679AE6FB78D} - C:\Program Files\RapidSolution\Videoraptor\VideoRaptorIePlugin.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: {a2e6ce6f-8cea-1bba-d3f4-e828cff6d81b} - {b18d6ffc-828e-4f3d-abb1-aec8f6ec6e2a} - C:\WINDOWS\system32\gpcklbws.dll
O2 - BHO: (no name) - {BBE59AF5-EE22-4A3A-AB26-3F774D1B4216} - C:\PROGRA~1\FOLDER~1\FOLDER~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DAA3F754-1FFF-4CEF-8F9D-F0F3500E0689} - C:\WINDOWS\system32\qoMdExVo.dll
O2 - BHO: (no name) - {E69A3062-B248-4277-BA12-2A9394F34C7F} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O3 - Toolbar: Systran40premi.IEPlugIn - {D3919E1A-D6A5-11D6-AC3E-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll
O3 - Toolbar: &Liquid Surf - {B9F633F6-EA44-45F4-91EB-FABFC65A0634} - C:\Program Files\LiquidSurf\sybil.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~2\TAForIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Get Anonymous - {8892C699-6978-4DD9-8EB2-951C93DB4F62} - C:\Program Files\GetAnonymous 2.1 Professional\IEToolBar.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RemotelyAnywhere GUI] "C:\Program Files\RemotelyAnywhere\RAGui.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [40b9f88d] rundll32.exe "C:\WINDOWS\system32\nqfvxlvp.dll",b
O4 - HKLM\..\Run: [BM438acb11] Rundll32.exe "C:\WINDOWS\system32\kkiwqina.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DynSite] "C:\Program Files\Noël Danjou\DynSite\DynSite.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Network Assistant] "C:\Program Files\Network Assistant\Nassi.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add this link to WebWhacker... - C:\Program Files\Blue Squirrel\WebWhacker 5.0\Art\wwieextlink.html
O8 - Extra context menu item: Add this page to WebWhacker... - C:\Program Files\Blue Squirrel\WebWhacker 5.0\Art\wwieext.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with ImTOO YouTube to iPod Converter - C:\Program Files\ImTOO\Youtube to iPod Converter\upod_link.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Print Using ClickBook - {180E1E16-F536-4B51-9723-6025D98AA375} - C:\Program Files\Blue Squirrel\ClickBook\macros\ieprint.htm
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise/products/housecall_pre.php (file missing)
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: WebWhacker - {E5336D32-0CBE-4E1F-A2C7-38DCAA8B07EF} - C:\Program Files\Blue Squirrel\WebWhacker 5.0\Art\wwietb.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: LinkStash - {4874F370-402D-4d09-A73E-FAB439934E56} - C:\Program Files\LinkStash\lsshow.exe (HKCU)
O9 - Extra 'Tools' menuitem: LinkStash - {4874F370-402D-4d09-A73E-FAB439934E56} - C:\Program Files\LinkStash\lsshow.exe (HKCU)
O9 - Extra button: Add URLs - {957DCFA2-39F7-4443-9677-1B14E83A2F87} - C:\Program Files\LinkStash\lsgrab.exe (HKCU)
O9 - Extra 'Tools' menuitem: LinkStash Add URLs - {957DCFA2-39F7-4443-9677-1B14E83A2F87} - C:\Program Files\LinkStash\lsgrab.exe (HKCU)
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {5FB1CBF5-750C-45F0-BE0A-5EF88B23B469} (CUEUpdate Control) - http://www.myottomate.com/cabfiles/ottoupdate.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
O16 - DPF: {F9546CC6-0791-43EC-90B4-2759F17837AA} (OttoUpdate Control) - http://www.myottomate.com/myOtto/cabs/myottoupdate.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://slc-main:2000/activex/RACtrl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: OPNotifier - C:\WINDOWS\SYSTEM32\OPWinLogon.dll
O20 - Winlogon Notify: ssqRIyAP - C:\WINDOWS\SYSTEM32\ssqRIyAP.dll
O21 - SSODL: Urlodfav - {4A8CE92D-C832-4E79-9096-FC5531C4760B} - C:\WINDOWS\system32\movelavi.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec pcAnywhere Gateway Service (AWGateway) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere Gateway\AWGateway.exe
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: gusvc - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBService - Unknown owner - C:\Program Files\Invisible Browsing\servers\IBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: O&O CleverCache Pro (OOCleverCache) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\OOCCSVC.exe
O23 - Service: WebCCTV Storage Service (OPStorage) - Quadrox NV - C:\Program Files\Quadrox\WebCCTV\Bin\OPStorage.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - LogMeIn, Inc. - C:\Program Files\RemotelyAnywhere\RaMaint.exe
O23 - Service: RemotelyAnywhere - LogMeIn, Inc. - C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxLiveShare - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: RA Server (Slave) - TWD Industries SAS - C:\WINDOWS\Slave.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: UtMsgAgt (UtMsgSvc) - Promise Technology Inc. - C:\Program Files\Promise\Promise Disk Controller Manager\UtMsgAgt.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
O24 - Desktop Component 0: (no name) - http://www.adobe.com/images/nav/us_mainMainNav.gif
O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

--
End of file - 31111 bytes

Thank you.
Stephen

Hi

1. Download combofix from any of these links and save it to Desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log & a fresh hjt log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Here is the ComboFix log.

Please note that I had to run ComboFix several times because during the first run we had a 6 hour power failure when it was about half finished. Then after the system rebooted I could not run ComboFix until I realized that the clock had been changed to 2001. After reseting the clock I restarted ComboFix and it completed fine. I hope this does not affect the repair.


Please that I forgot to turn off Norton Antivirus when I ran Combofix.

Another curious thing has changed since being infected with Vurtumonde - the Language Bar cannot be removed. I have tried changing the settings by "unchecking" the "display language bar" box, clicking "Apply", but it still continues to display it. Do you have any suggestions on how to fix this?


ComboFix 08-04-20.5 - STEPHEN 2008-04-21 23:06:44.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.712 [GMT -5:00]
Running from: C:\Documents and Settings\STEPHEN\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\internet explorer\keygen.exe
C:\WINDOWS\Downloaded Program Files\setup.dll
C:\WINDOWS\install.exe
C:\WINDOWS\pp.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\fLkjRXyb.ini
C:\WINDOWS\system32\fLkjRXyb.ini2
C:\WINDOWS\system32\gpcklbws.dll
C:\WINDOWS\system32\kkiwqina.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nqfvxlvp.dll
C:\WINDOWS\system32\oVxEdMoq.ini
C:\WINDOWS\system32\oVxEdMoq.ini2
C:\WINDOWS\system32\OYGjmnmp.ini
C:\WINDOWS\system32\OYGjmnmp.ini2
C:\WINDOWS\system32\pvlxvfqn.ini
C:\WINDOWS\system32\pYxacMoq.ini
C:\WINDOWS\system32\pYxacMoq.ini2
C:\WINDOWS\system32\qoMdExVo.dll
C:\WINDOWS\system32\ssqRIyAP.dll
C:\WINDOWS\system32\Tuxadfii.ini
C:\WINDOWS\system32\Tuxadfii.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PERFMONS
-------\Legacy_ROUTING


((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
.

2008-04-20 06:34 . 2008-04-20 06:34 294 --ahs---- C:\WINDOWS\system32\pjndfuay.ini
2008-04-19 10:44 . 2008-04-19 14:44 998 --ahs---- C:\WINDOWS\system32\xddncmjc.ini
2008-04-19 10:42 . 2008-04-20 20:01 109,734 --a------ C:\WINDOWS\BM438acb11.xml
2008-04-18 15:40 . 2008-04-18 15:40 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-18 15:40 . 2008-04-18 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-18 06:42 . 2008-04-19 10:43 646 --ahs---- C:\WINDOWS\system32\lihlytjq.ini
2008-04-18 01:00 . 2008-04-18 01:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-17 22:47 . 2008-04-18 04:16 <DIR> d-------- C:\VundoFix Backups
2008-04-17 21:43 . 2008-04-18 06:52 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-04-17 17:07 . 2004-08-04 02:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-04-17 17:07 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-04-17 17:07 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-04-17 17:07 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-04-17 17:07 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-04-17 17:05 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-04-17 17:04 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-04-17 17:03 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-04-17 17:02 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-04-17 17:01 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2008-04-17 17:00 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-04-17 16:59 . 2001-08-23 07:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-04-17 16:58 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-04-17 16:57 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-04-17 16:56 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-04-17 16:55 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-04-17 16:54 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-04-17 15:51 . 2008-04-18 04:25 1,282 --ahs---- C:\WINDOWS\system32\novfkfek.ini
2008-04-17 15:02 . 2008-04-17 15:02 94,208 --a------ C:\WINDOWS\system32\drivers\ezplay.sys
2008-04-17 15:02 . 2008-04-17 15:02 94,208 --a------ C:\Documents and Settings\STEPHEN\Application Data\ezplay.sys
2008-04-17 14:54 . 2008-04-17 14:57 <DIR> d-------- C:\Program Files\WinSnap
2008-04-17 03:08 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-04-17 03:08 . 2006-05-20 17:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-04-17 03:08 . 2006-05-11 20:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-04-17 03:08 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-04-17 00:25 . 2008-04-17 00:27 <DIR> d-------- C:\Documents and Settings\STEPHEN\Application Data\ooVoo Details
2008-04-17 00:24 . 2008-04-17 00:24 <DIR> d-------- C:\Program Files\ooVoo
2008-04-16 23:24 . 2008-04-16 23:24 12,288 --a------ C:\WINDOWS\system32\aplib.dll
2008-04-16 22:51 . 2008-04-16 22:53 <DIR> d-------- C:\Documents and Settings\STEPHEN\Application Data\Hide IP NG
2008-04-16 22:50 . 2008-04-17 00:02 <DIR> d-------- C:\Program Files\Hide IP NG
2008-04-16 22:43 . 2008-04-16 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\1Click DVDTOIPOD
2008-04-16 22:10 . 2008-04-16 22:10 <DIR> d-------- C:\Program Files\SharpC
2008-04-16 21:52 . 2008-04-16 21:52 <DIR> d-------- C:\Program Files\AL-Software
2008-04-15 00:35 . 2008-04-15 14:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-15 00:35 . 2008-04-15 00:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-15 00:33 . 2008-04-15 00:33 <DIR> d-------- C:\Program Files\iTunes
2008-04-14 10:34 . 2008-04-14 10:34 <DIR> d-------- C:\Program Files\Microsoft IntelliType Pro
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-23 10:09 . 2008-03-23 10:09 1,025 --a------ C:\WINDOWS\system32\clauth2.dll
2008-03-23 10:09 . 2008-03-23 10:09 1,025 --a------ C:\WINDOWS\system32\clauth1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 20:02 --------- d-----w C:\Program Files\SnadBoy's Revelation v2
2008-04-17 20:32 --------- d-----w C:\Documents and Settings\STEPHEN\Application Data\Azureus
2008-04-17 20:19 --------- d-----w C:\Documents and Settings\STEPHEN\Application Data\Vso
2008-04-17 20:02 87,608 ----a-w C:\Documents and Settings\STEPHEN\Application Data\inst.exe
2008-04-17 20:01 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-04-17 20:01 47,360 ----a-w C:\Documents and Settings\STEPHEN\Application Data\pcouffin.sys
2008-04-17 20:00 --------- d-----w C:\Program Files\vso
2008-04-17 17:41 --------- d-----w C:\Program Files\Azureus
2008-04-17 07:21 --------- d-----w C:\Program Files\VueScan
2008-04-17 06:32 --------- d-----w C:\Program Files\UltraISO
2008-04-17 06:31 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-04-17 05:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-17 04:25 --------- d-----w C:\Program Files\winscv
2008-04-17 03:40 --------- d-----w C:\Program Files\LG Software Innovations
2008-04-17 03:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-16 22:32 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-16 07:13 --------- d-----w C:\Program Files\badcdrepair
2008-04-15 15:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-15 05:33 --------- d-----w C:\Program Files\iPod
2008-04-15 05:29 --------- d-----w C:\Program Files\QuickTime
2008-03-31 08:49 --------- d-----w C:\Program Files\FolderSizes
2008-03-30 01:38 1,882,904 ----a-w C:\WINDOWS\system32\AutoPartNt.exe
2008-03-28 02:30 --------- d-----w C:\Program Files\Ontrack
2008-03-26 19:49 2,280 ----a-w C:\WINDOWS\AUTOLNCH.REG
2008-03-24 10:00 --------- d-----w C:\Program Files\Norton SystemWorks
2008-03-23 08:02 --------- d-----w C:\Program Files\Safari
2008-03-23 01:12 --------- d-----w C:\Program Files\PowerArchiver
2008-03-21 23:14 --------- d-----w C:\Program Files\Java
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-03 08:14 --------- d-----w C:\Program Files\Phone Call Recorder
2008-03-03 02:00 --------- d-----w C:\Program Files\Smart Phone Recorder Demo
2008-03-03 01:50 --------- d-----w C:\Documents and Settings\STEPHEN\Application Data\Advanced Phone Recorder
2008-03-03 01:45 --------- d-----w C:\Program Files\Concel Systems
2008-03-03 01:15 --------- d-----w C:\Program Files\EzPhone Recorder 1.1
2008-03-03 00:41 --------- d-----w C:\Documents and Settings\STEPHEN\Application Data\Modem Spy
2008-03-02 22:58 --------- d-----w C:\Documents and Settings\STEPHEN\Application Data\DVD Profiler
2008-03-02 22:20 --------- d-----w C:\Program Files\DVD Profiler
2008-03-02 22:07 --------- d-----w C:\Documents and Settings\STEPHEN\Application Data\Desktopicon
2008-03-02 22:03 --------- d-----w C:\Program Files\Unlocker
2008-03-02 10:41 --------- d-----w C:\Program Files\Call Corder
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-01 02:45 --------- d-----w C:\Documents and Settings\STEPHEN\Application Data\DigitalPersona
2008-03-01 01:55 --------- d-----w C:\Program Files\DigitalPersona
2008-03-01 01:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-01 01:08 --------- d-----w C:\Program Files\RAXCO
2008-02-29 08:19 --------- d-----w C:\Program Files\QuickTax 2007
2008-02-29 06:54 --------- d-----w C:\Program Files\QuickTax 2005
2008-02-29 06:54 --------- d-----w C:\Program Files\Quicken
2008-02-29 06:43 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-02-29 03:02 --------- d--h--w C:\Program Files\Zero G Registry
2008-02-29 03:02 --------- d-----w C:\Program Files\T4_Internet_T4_ par_Internet_6.1
2008-02-27 07:54 --------- d-----w C:\Program Files\Opera
2008-02-27 07:14 --------- d-----w C:\Program Files\Steam
2008-02-27 06:28 --------- d-----w C:\Program Files\Windows Live
2008-02-26 09:30 --------- d-----w C:\Program Files\QU5D47~1
2008-02-26 09:10 --------- d-----w C:\Documents and Settings\STEPHEN\Application Data\Intuit Canada
2008-02-26 09:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit Canada
2008-02-26 01:33 --------- d-----w C:\Program Files\T4_Internet_T4_ par_Internet_8.1
2008-02-24 08:56 --------- d-----w C:\Documents and Settings\STEPHEN\Application Data\XnView
2008-02-24 06:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI MMC
2008-02-24 06:31 --------- d-----w C:\Documents and Settings\STEPHEN\Application Data\ATI MMC
2008-02-24 05:36 --------- d-----w C:\Program Files\Common Files\ATI
2008-02-24 05:36 --------- d-----w C:\Program Files\ATI Multimedia
2008-02-24 02:39 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2008-02-24 02:36 --------- d-----w C:\Program Files\Common Files\CyberLink
2008-02-24 02:26 --------- d-----w C:\Program Files\TitanTV
2008-02-24 02:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-02-24 01:50 --------- d-----w C:\Program Files\ATI Technologies
2008-02-23 19:45 --------- d--h--w C:\Program Files\Creative Installation Information
2008-02-23 19:40 --------- d-----w C:\Program Files\Creative
2008-02-23 19:39 --------- d-----w C:\Program Files\Common Files\Creative
2008-02-23 18:30 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-02-23 18:30 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-02-23 18:29 --------- d-----w C:\Documents and Settings\STEPHEN\Application Data\Creative
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-13 12:27 27,262,976 ----a-w C:\VIRTPART.DAT
2008-02-01 17:11 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-29 17:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2008-01-22 20:44 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-01-22 20:43 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-01-22 20:42 593,920 ----a-w C:\WINDOWS\system32\ati2sgag.exe
2008-01-22 20:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-01-22 20:36 9,949,184 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-01-22 20:35 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-01-22 20:35 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-01-22 20:35 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-01-22 20:34 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-01-22 20:33 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-01-22 20:25 3,121,920 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-01-22 20:14 1,664,256 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-01-22 20:04 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-01-22 20:01 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-01-22 19:59 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-01-22 19:58 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-01-22 19:57 163,840 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-01-22 19:53 503,808 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-01-20 18:05 219 ----a-w C:\Program Files\2RU44SFN.bat
2006-05-24 21:38 233,472 ----a-w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-18 22:00 204,895 ----a-w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 19:41 77,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-05-18 21:59 426,081 ----a-w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 17:19 458,752 ----a-w C:\Program Files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 23:35 139,264 ----a-w C:\Program Files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 16:10 204,800 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 16:42 106,496 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 16:22 212,992 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 16:21 167,936 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2004-08-19 20:25 220 --sh--w C:\WINDOWS\dwin.sys
2001-08-23 12:00 989 --sha-r C:\WINDOWS\ntosboot.dat
2003-02-15 14:08 3,958 --sha-w C:\WINDOWS\rreg64.dll
2003-02-15 14:08 1,057 --sha-w C:\WINDOWS\utapi64.dll
2008-01-21 20:31 2 --shatr C:\WINDOWS\winstart.bat
2003-02-28 19:49 32 --sha-w C:\WINDOWS\{13FEA7F5-3455-4F16-B9F2-F38D736EB683}.dat
2003-02-28 19:48 32 --sha-w C:\WINDOWS\{3397F6B4-E5EF-4D1A-956E-33A924C3FCD8}.dat
2003-02-28 19:52 32 --sha-w C:\WINDOWS\{3EBD59AC-EC26-4900-9168-5E5B8A27609A}.dat
2003-02-28 19:51 32 --sha-w C:\WINDOWS\{6C508746-7EF1-439C-8A5C-6CE60858ED9C}.dat
2003-02-28 19:51 32 --sha-w C:\WINDOWS\{6F40350B-AD67-4A15-8351-FA3547E91933}.dat
2003-02-28 19:49 32 --sha-w C:\WINDOWS\{93D76E51-EB68-4780-8BDD-5E6B6557B74E}.dat
2003-02-28 19:49 32 --sha-w C:\WINDOWS\{9AFE5258-F07C-4EF7-8CF3-83A89E03964A}.dat
2006-05-08 01:00 56 --sha-r C:\WINDOWS\system32\FF074B50CF.sys
2006-05-08 01:00 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2004-08-04 07:56 22,528 --sha-r C:\WINDOWS\system32\wsock32.dll
2003-02-28 19:51 32 --sha-w C:\WINDOWS\system32\{2BA47833-53C1-4DE9-B8D2-2CEA4C27925E}.dat
2003-02-28 19:52 32 --sha-w C:\WINDOWS\system32\{371696FE-D158-45C0-B4E7-3732A6A9507F}.dat
2003-02-28 19:49 32 --sha-w C:\WINDOWS\system32\{50861BDB-DC6B-4407-B42A-999E0E8F8F99}.dat
2003-02-28 19:51 32 --sha-w C:\WINDOWS\system32\{7CD86ABA-4C4A-41B1-B135-636648E44446}.dat
2003-02-28 19:49 32 --sha-w C:\WINDOWS\system32\{84478FED-A3BB-40C8-912B-3066701D7F3F}.dat
2003-02-28 19:48 32 --sha-w C:\WINDOWS\system32\{A4EEE221-EF03-4C60-B3DD-219A779664FA}.dat
2003-02-28 19:49 32 --sha-w C:\WINDOWS\system32\{A9CE5FE7-40C9-4B63-AE34-A2ACEB5F8061}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{379E2B31-3561-4E41-8850-E657A1A5C215}]
C:\WINDOWS\system32\pmnmjGYO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51126754-66B8-4BDC-A197-17426524CDC9}]
C:\WINDOWS\system32\qoMcaxYp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5E15C29A-B33F-45A3-A540-A6E66832FC3B}]
2003-12-05 19:35 174080 --a------ C:\PROGRA~1\FOLDER~1\BETA1~1\SUBCLA~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90C8E8F8-A7C9-41E4-92E4-C679AE6FB78D}]
2007-10-26 18:17 83248 --a------ C:\Program Files\RapidSolution\Videoraptor\VideoRaptorIePlugin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Adobe]
@={8AB18ADC-402A-4B52-A63A-155F45C07F4E}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DynSite"="C:\Program Files\Noël Danjou\DynSite\DynSite.exe" [2006-07-05 04:44 1376256]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Network Assistant"="C:\Program Files\Network Assistant\Nassi.exe" [2005-10-06 12:30 2450944]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-22 05:55 68856]
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [2006-10-31 22:24 57344]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-08 18:33 53096]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RemotelyAnywhere GUI"="C:\Program Files\RemotelyAnywhere\RAGui.exe" [2006-05-02 18:40 377608]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 21:06 2595616]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 21:11 909208]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 21:07 140568]
"Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [2008-01-10 05:43 2037088]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 13:01 1037736]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"DPAgnt"="C:\Program Files\DigitalPersona\Bin\DPAgnt.exe" [2006-10-09 17:27 807440]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 12:13 988584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 02:56 15360]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-02-04 02:37 160592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 03:48 53760 C:\WINDOWS\system32\narrator.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 00:59 44544]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-09-03 14:56:06 499779]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-04-22 05:55:08 124912]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 20:28:24 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"LoginPrompt"= DADEDADADCD4D8D9

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Urlodfav"= {4A8CE92D-C832-4E79-9096-FC5531C4760B} - C:\WINDOWS\system32\movelavi.dll [2007-04-16 10:52 1490944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]
C:\WINDOWS\system32\DPWLEvHd.dll 2006-10-09 17:27 99856 C:\WINDOWS\system32\DPWLEvHd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPNotifier]
OPWinLogon.dll 2004-04-21 10:42 45056 C:\WINDOWS\system32\OPWinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2006-02-14 12:00 8704 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RAinit]
RAinit.dll 2006-05-02 18:40 10496 C:\WINDOWS\system32\RAinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
"VIDC.VDOM"= vdowave.drv
"VIDC.NSVI"= nsvideo.dll
"vidc.dvsd"= dvc.dll
"msacm.msnaudio"= msnaudio.acm
"vidc.XVID"= xvid.dll
"msacm.divxa32"= divxa32.acm
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.UV12"= SCDeluxe.ax
"SENTINEL"= snti386.dll
"msacm.lameacm"= lameACM.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"vidc.CDVC"= cdvccodc.dll
"msacm.enc"= ITIG726.acm
"vidc.aflc"= flccodec32.dll
"vidc.afli"= flccodec32.dll
"vidc.aasc"= aasc32.dll
"VIDC.CFHD"= CFHD.dll
"msacm.mkdmp3enc"= C:\PROGRA~1\CYBERL~1\MakeDVD\Kernel\Burner\MKDMP3Enc.ACM
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"MSVideo1"= CSvidcap.dll
"VIDC.ACDV"= ACDV.dll
"VIDC.VCR2"= ATIVCR2.DLL
"VIDC.DRAW"= DVIDEO.DLL
"VIDC.VCR1"= ATIVCR1.DLL
"VIDC.YV12"= ATIYUV12.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup=C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\40b9f88d]
C:\WINDOWS\system32\cjmcnddx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2006-01-12 21:52 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
-ra------ 2007-02-13 15:00 61440 C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
--a------ 2005-04-04 19:58 856064 C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect]
--a------ 2006-10-31 22:24 57344 C:\Program Files\ATI Multimedia\main\ATIDtct.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Scheduler]
--a------ 2006-10-31 22:25 26624 C:\Program Files\ATI Multimedia\main\ATISched.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM438acb11]
C:\WINDOWS\system32\afjnfupf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 19:23 102400 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
--------- 2006-11-09 11:19 204800 C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
--------- 2003-06-18 02:00 45056 C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-08-11 15:56 17920 C:\WINDOWS\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-08-11 15:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-03-12 22:43 81920 C:\Program Files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Directory Opus Desktop Dblclk]
--a------ 2007-09-13 15:41 275984 C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2006-05-05 12:19 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InvisibleBrowsing]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-02-16 16:15 221184 c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-10-12 16:52 53248 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\modemspy]
C:\Program Files\Modem Spy\modemspy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nitro PDF Printer Monitor]
--a------ 2007-10-31 21:18 204800 C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Opware15]
--a------ 2005-07-06 00:58 69632 C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2006-05-05 12:18 36864 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pfp.exe]
C:\Program Files\Protect Files Pro\pfp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
--------- 2004-08-17 16:07 143360 C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2006-01-18 08:47 1687552 C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2006-01-18 21:17 163840 C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeePassword]
--a------ 2005-06-25 18:18 1347584 C:\Program Files\SeePassword\SeePassword.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMPAutoStart]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-02-23 21:16 1266936 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
--a------ 2005-05-18 14:51 81920 C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVR SchSvr]
--a------ 2003-06-09 13:23 151552 C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{1290A33C-85F5-4164-A1BE-7DD299D4986A}]
--------- 2005-04-11 15:34 69721 C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"perfmons"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\mirc for DVDtorrents\\mirc.exe"=
"C:\\Program Files\\Mirc for sattech\\Sattech.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Capturix VideoSpy\\cvs.exe"=
"C:\\Program Files\\Capturix VideoSpy\\cvs2.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Symantec\\pcAnywhere\\Winaw32.exe"=
"C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"=
"C:\\Program Files\\Call of Duty\\CoDUOMP.exe"=
"C:\\Program Files\\webcamXP\\webcamXP.exe"=
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\g3torrent\\g3torrent.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"C:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\CyberLink\\MakeDVD\\MakeDVD.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Network Assistant\\Nassi.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"50000:TCP"= 50000:TCP:AZUREUS

R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys [2004-03-12 22:41]
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys [2004-03-12 22:41]
R0 dontgo;Promise Removable Disk Control Driver;C:\WINDOWS\system32\DRIVERS\DontGo.sys [2004-06-29 15:25]
R0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys [2007-05-16 12:42]
R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-01-24 21:08]
R0 ulsata2;ulsata2;C:\WINDOWS\system32\DRIVERS\ulsata2.sys [2005-06-29 17:44]
R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 17:24]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-23 02:15]
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 21:27]
R1 CINEMSUP;Cinemsup;C:\WINDOWS\System32\drivers\cinemsup.sys [2002-07-19 08:10]
R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 16:11]
R1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\lvsound2.sys [2002-06-10 14:20]
R1 Myscope;Myscope;C:\Program Files\U.S. Robotics\U.S. Robotics Internet Call Notification\W2k\myscope.sys [2002-09-02 19:42]
R1 pivot;pivot;C:\WINDOWS\system32\drivers\pivot.sys [2005-11-10 11:37]
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 18:09]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 18:09]
R2 OOCleverCache;O&O CleverCache Pro;C:\Program Files\OO Software\CleverCache\OOCCSVC.exe [2002-04-11 14:55]
R2 pardrv;pardrv;C:\WINDOWS\system32\drivers\pardrv.sys [2006-01-10 14:59]
R2 PD91Agent;PD91Agent;"C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe" [2008-01-16 11:52]
R2 RAInfo;RemotelyAnywhere Kernel Information Provider;C:\Program Files\RemotelyAnywhere\RaInfo.sys [2006-05-02 18:41]
R2 TryAndDecideService;Acronis Try And Decide Service;"C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe" [2007-10-30 21:51]
R2 UtMsgSvc;UtMsgAgt;"C:\Program Files\Promise\Promise Disk Controller Manager\UtMsgAgt.exe" [2004-09-22 18:06]
R2 V7;V7;C:\WINDOWS\system32\drivers\V7.sys [2000-03-10 01:24]
R2 wfxsvc;WinFax PRO;C:\WINDOWS\system32\WFXSVC.EXE [2000-09-29 00:58]
R3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys [2002-12-30 11:53]
R3 dpK0Bx01;Fingerprint Reader Filter Driver;C:\WINDOWS\system32\DRIVERS\dpK0Bx01.sys [2006-09-16 18:25]
R3 EuMusDesignVirtualAudioCableWdm_jrm;MuvEnum Virtual Cable;C:\WINDOWS\system32\DRIVERS\vacjrmkd.sys [2007-04-07 13:17]
R3 hpusbfd;Hewlett-Packard USB Filter Class;C:\WINDOWS\system32\DRIVERS\hpusbfd.sys [2002-05-22 10:40]
R3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-06-10 14:21]
R3 LVVI500A;LVVI500A Service;C:\WINDOWS\system32\DRIVERS\lvvi500a.sys [2002-06-10 14:24]
R3 ramirr;ramirr;C:\WINDOWS\system32\DRIVERS\ramirr.sys [2006-05-02 18:41]
R3 UsbdpFP;Fingerprint Reader Class Driver;C:\WINDOWS\system32\DRIVERS\UsbdpFP.sys [2006-09-16 18:23]
R3 uscsc108;uscsc108;C:\WINDOWS\system32\DRIVERS\uscsc108.sys [2003-03-09 18:41]
R3 UTDpcService;ULEVTBDG;C:\Program Files\Promise\Promise Disk Controller Manager\ULEVTBDG.sys [2004-09-20 16:54]
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys []
S0 SI3112;SiI-3112 SATALink Controller;C:\WINDOWS\system32\DRIVERS\SI3112.sys []
S2 Parclass;Parclass;C:\WINDOWS\system32\Drivers\Parclass.sys [2003-02-10 15:30]
S3 ASUSHWIO;ASUSHWIO;C:\WINDOWS\System32\drivers\ASUSHWIO.sys []
S3 AWGateway;Symantec pcAnywhere Gateway Service;"C:\Program Files\Symantec\pcAnywhere Gateway\AWGateway.exe" [2006-05-01 13:40]
S3 bepldr;BCL easyPDF SDK 5 Loader;"C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe" [2007-08-22 17:19]
S3 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 16:19]
S3 FTD2XX;HiLo Systems -- USB Drivers;C:\WINDOWS\system32\Drivers\FTD2XX.sys [2004-10-15 16:49]
S3 IBService;IBService;C:\Program Files\Invisible Browsing\servers\IBService.exe [2007-01-09 15:38]
S3 LV506AV;Logitech QuickCam Cordless(PID_0430);C:\WINDOWS\system32\DRIVERS\LV506AV.SYS [2002-12-10 17:56]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\59.tmp []
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-07 15:11]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 15:22]
S3 OPStorage;WebCCTV Storage Service;C:\Program Files\Quadrox\WebCCTV\Bin\OPStorage.exe [2004-05-07 15:46]
S3 OV681;EZMega Cam;C:\WINDOWS\system32\Drivers\om681vid.sys []
S3 PCD61X2;PCD61X2;C:\DOCUME~1\STEPHEN\LOCALS~1\Temp\PCD61X2.sys []
S3 PD91Engine;PD91Engine;"C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe" [2008-01-16 11:52]
S3 Pg4uUSB;BK PRECISION driver;C:\WINDOWS\system32\DRIVERS\pg4uusb.sys [2006-10-18 10:04]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2004-02-14 12:09]
S3 pivotmou;Pivot Mouse/Pointers Filter Driver;C:\WINDOWS\System32\drivers\pivotmou.sys [2005-11-10 11:37]
S3 SCDELUXES;SiPix StyleCam Deluxe (still);C:\WINDOWS\system32\DRIVERS\se402sc.sys []
S3 SCDELUXEV;SiPix StyleCam Deluxe (video);C:\WINDOWS\system32\DRIVERS\se402vc.sys []
S3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys [2001-08-17 13:53]
S3 SMTPSVC;SMTPSVC;C:\WINDOWS\System32\inetsrv\inetinfo.exe [2004-08-04 02:56]
S3 TEC9120;TECV35Q Digital Camera;C:\WINDOWS\system32\Drivers\SQcaptur.sys [2002-05-06 13:58]
S3 Usrserft;Myscope Upper Filter Driver;C:\Program Files\U.S. Robotics\U.S. Robotics Internet Call Notification\W2k\usrserft.sys [2002-09-02 19:41]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E3A395C2-0AF7-DCBB-57DA-004281800B55}]
C:\Program Files\winscv\install.exe s
.
Contents of the 'Scheduled Tasks' folder
"2008-03-22 14:00:22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-31 08:01:39 C:\WINDOWS\Tasks\BACKUP OF C DRIVE - DOCUMENTS & SETTINGS.job"
- C:\WINDOWS\system32\ntbackup.exe?backup
"2008-04-15 08:01:15 C:\WINDOWS\Tasks\BACKUP OF C DRIVE - SYSTEM STATE.job"
- C:\WINDOWS\system32\ntbackup.exe?backup
"2008-04-16 08:22:02 C:\WINDOWS\Tasks\BACKUP OF D DRIVE.job"
- C:\WINDOWS\system32\ntbackup.exeSbackup
"2008-04-21 17:40:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2002-01-01 05:15:23 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-04-19 01:44:07 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - STEPHEN.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
"2008-03-31 10:00:20 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
"2008-04-17 15:27:55 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
"2008-04-21 05:00:00 C:\WINDOWS\Tasks\Symantec Drmc.job"
- C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-21 23:17:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\explorer.exe [5252] 0x869D2020

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc]
"ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\59.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.exe
-> C:\Program Files\Network Assistant\HOOKS.DLL
.
Completion time: 2008-04-21 23:22:43
ComboFix-quarantined-files.txt 2008-04-22 04:22:25

Pre-Run: 39,414,878,208 bytes free
Post-Run: 39,353,331,712 bytes free

575 --- E O F --- 2008-04-18 00:08:44

Another curious thing has changed since being infected with Vurtumonde - the Language Bar cannot be removed. I have tried changing the settings by "unchecking" the "display language bar" box, clicking "Apply", but it still continues to display it. Do you have any suggestions on how to fix this?

Hi

We can take a look at that after your system is clean. :)

Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Upload following file to http://virusscan.jotti.org and post back the results:
C:\WINDOWS\system32\movelavi.dll


Open notepad and copy/paste the text in the quotebox below into it:


Driver::
MEMSWEEP2

File::
C:\WINDOWS\system32\pjndfuay.ini
C:\WINDOWS\system32\xddncmjc.ini
C:\WINDOWS\BM438acb11.xml
C:\WINDOWS\system32\lihlytjq.ini
C:\WINDOWS\system32\novfkfek.ini
C:\WINDOWS\system32\59.tmp

Folder:
C:\VundoFix Backups

DirLook::
C:\Program Files\winscv

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{379E2B31-3561-4E41-8850-E657A1A5C215}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51126754-66B8-4BDC-A197-17426524CDC9}]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\40b9f88d]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM438acb11]



Save this as
CFScript


http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Run Kaspersky online scanner and post back its report & a fresh hjt log (without forgetting ComboFix resultant log meantioned above).

The scan of movelavi.dll did not complete.
Here is result of the Upload of the file to http://virusscan.jotti.org found in:
C:\WINDOWS\system32\movelavi.dll

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file.

All steps were completed except the Kaspersky online scan. It has been running for 5 hours and is only at 54%. It should take another 5 hours and then I can try to post it. I predict it will exceed the 64,000 character limit and will not post similat to the first scan. Please advise if you would prefer me to send the log as a text file. It is important to note that the first Kaspersy scan found over 100 viruses and*300 infected files - however, these were primarily already in quarantine in by Norton.

Here is the log of the new ComboFix which completed successfully.

ComboFix 08-04-20.5 - 2008-04-22 5:06:17.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.730 [GMT -5:00]Running from: C:\Documents and Settings\STEPHEN\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\STEPHEN\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\BM438acb11.xml
C:\WINDOWS\system32\59.tmp
C:\WINDOWS\system32\lihlytjq.ini
C:\WINDOWS\system32\novfkfek.ini
C:\WINDOWS\system32\pjndfuay.ini
C:\WINDOWS\system32\xddncmjc.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\STEPHEN\Application Data\inst.exe
C:\WINDOWS\BM438acb11.xml
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\lihlytjq.ini
C:\WINDOWS\system32\novfkfek.ini
C:\WINDOWS\system32\pjndfuay.ini
C:\WINDOWS\system32\ssprs.dll
C:\WINDOWS\system32\xddncmjc.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
.

2008-04-18 15:40 . 2008-04-18 15:40 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-18 15:40 . 2008-04-18 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-18 01:00 . 2008-04-18 01:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-17 22:47 . 2008-04-18 04:16 <DIR> d-------- C:\VundoFix Backups
2008-04-17 21:43 . 2008-04-18 06:52 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-04-17 17:07 . 2004-08-04 02:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-04-17 17:07 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-04-17 17:07 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-04-17 17:07 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-04-17 17:07 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-04-17 17:05 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-04-17 17:04 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-04-17 17:03 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-04-17 17:02 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-04-17 17:01 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2008-04-17 17:00 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-04-17 16:59 . 2001-08-23 07:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-04-17 16:58 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-04-17 16:57 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-04-17 16:56 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-04-17 16:55 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-04-17 16:54 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-04-17 15:02 . 2008-04-17 15:02 94,208 --a------ C:\WINDOWS\system32\drivers\ezplay.sys
2008-04-17 15:02 . 2008-04-17 15:02 94,208 --a------ C:\Documents and Settings\STEPHEN\Application Data\ezplay.sys
2008-04-17 14:54 . 2008-04-17 14:57 <DIR> d-------- C:\Program Files\WinSnap
2008-04-17 03:08 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-04-17 03:08 . 2006-05-20 17:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-04-17 03:08 . 2006-05-11 20:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-04-17 03:08 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-04-17 00:25 . 2008-04-17 00:27 <DIR> d-------- C:\Documents and Settings\STEPHEN\Application Data\ooVoo Details
2008-04-17 00:24 . 2008-04-17 00:24 <DIR> d-------- C:\Program Files\ooVoo
2008-04-16 23:24 . 2008-04-16 23:24 12,288 --a------ C:\WINDOWS\system32\aplib.dll
2008-04-16 22:51 . 2008-04-16 22:53 <DIR> d-------- C:\Documents and Settings\STEPHEN\Application Data\Hide IP NG
2008-04-16 22:50 . 2008-04-17 00:02 <DIR> d-------- C:\Program Files\Hide IP NG
2008-04-16 22:43 . 2008-04-16 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\1Click DVDTOIPOD
2008-04-16 22:10 . 2008-04-16 22:10 <DIR> d-------- C:\Program Files\SharpC
2008-04-16 21:52 . 2008-04-16 21:52 <DIR> d-------- C:\Program Files\AL-Software
2008-04-15 00:35 . 2008-04-15 14:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-15 00:35 . 2008-04-15 00:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-15 00:33 . 2008-04-15 00:33 <DIR> d-------- C:\Program Files\iTunes
2008-04-14 10:34 . 2008-04-14 10:34 <DIR> d-------- C:\Program Files\Microsoft IntelliType Pro
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-23 10:09 . 2008-03-23 10:09 1,025 --a------ C:\WINDOWS\system32\clauth2.dll
2008-03-23 10:09 . 2008-03-23 10:09 1,025 --a------ C:\WINDOWS\system32\clauth1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 09:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-22 08:03 --------- d-----w C:\Program Files\RemotelyAnywhere
2008-04-18 20:02 --------- d-----w C:\Program Files\SnadBoy's Revelation v2
2008-04-17 20:32 --------- d-----w C:\Documents and Settings\STEPHEN\Application Data\Azureus
2008-04-17 20:19 --------- d-----w C:\Documents and Settings\STEPHEN\Application Data\Vso
2008-04-17 20:01 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-04-17 20:01 47,360 ----a-w C:\Documents and Settings\STEPHEN\Application Data\pcouffin.sys
2008-04-17 20:00 --------- d-----w C:\Program Files\vso
2008-04-17 17:41 --------- d-----w C:\Program Files\Azureus
2008-04-17 07:21 --------- d-----w C:\Program Files\VueScan
2008-04-17 06:32 --------- d-----w C:\Program Files\UltraISO
2008-04-17 06:31 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-04-17 05:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-17 04:25 --------- d-----w C:\Program Files\winscv
2008-04-17 03:40 --------- d-----w C:\Program Files\LG Software Innovations
2008-04-17 03:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-16 22:32 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-16 07:13 --------- d-----w C:\Program Files\badcdrepair
2008-04-15 15:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-15 05:33 --------- d-----w C:\Program Files\iPod
2008-04-15 05:29 --------- d-----w C:\Program Files\QuickTime
2008-03-31 08:49 --------- d-----w C:\Program Files\FolderSizes
2008-03-30 01:38 1,882,904 ----a-w C:\WINDOWS\system32\AutoPartNt.exe
2008-03-28 02:30 --------- d-----w C:\Program Files\Ontrack
2008-03-26 19:49 2,280 ----a-w C:\WINDOWS\AUTOLNCH.REG
2008-03-24 10:00 --------- d-----w C:\Program Files\Norton SystemWorks
2008-03-23 08:02 --------- d-----w C:\Program Files\Safari
2008-03-23 01:12 --------- d-----w C:\Program Files\PowerArchiver
2008-03-21 23:14 --------- d-----w C:\Program Files\Java
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-03 08:14 --------- d-----w C:\Program Files\Phone Call Recorder
2008-03-03 02:00 --------- d-----w C:\Program Files\Smart Phone Recorder Demo
2008-03-03 01:50 --------- d-----w C:\Documents and Settings\STEPHEN\Application Data\Advanced Phone Recorder
2008-03-03 01:45 --------- d-----w C:\Program Files\Concel Systems
2008-03-03 01:15 --------- d-----w C:\Program Files\EzPhone Recorder 1.1
2008-03-03 00:41 --------- d-----w C:\Documents and Settings\STEPHEN\Application Data\Modem Spy
2008-03-02 22:58 --------- d-----w C:\Documents and Settings\STEPHEN\Application Data\DVD Profiler
2008-03-02 22:20 --------- d-----w C:\Program Files\DVD Profiler
2008-03-02 22:07 --------- d-----w C:\Documents and Settings\STEPHEN\Application Data\Desktopicon
2008-03-02 22:03 --------- d-----w C:\Program Files\Unlocker
2008-03-02 10:41 --------- d-----w C:\Program Files\Call Corder
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-01 02:45 --------- d-----w C:\Documents and Settings\STEPHEN\Application Data\DigitalPersona
2008-03-01 01:55 --------- d-----w C:\Program Files\DigitalPersona
2008-03-01 01:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-01 01:08 --------- d-----w C:\Program Files\RAXCO
2008-02-29 08:19 --------- d-----w C:\Program Files\QuickTax 2007
2008-02-29 06:54 --------- d-----w C:\Program Files\QuickTax 2005
2008-02-29 06:54 --------- d-----w C:\Program Files\Quicken
2008-02-29 06:43 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-02-29 03:02 --------- d--h--w C:\Program Files\Zero G Registry
2008-02-29 03:02 --------- d-----w C:\Program Files\T4_Internet_T4_ par_Internet_6.1
2008-02-27 07:54 --------- d-----w C:\Program Files\Opera
2008-02-27 07:14 --------- d-----w C:\Program Files\Steam
2008-02-27 06:28 --------- d-----w C:\Program Files\Windows Live
2008-02-26 09:30 --------- d-----w C:\Program Files\QU5D47~1
2008-02-26 09:10 --------- d-----w C:\Documents and Settings\STEPHEN\Application Data\Intuit Canada
2008-02-26 09:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit Canada
2008-02-26 01:33 --------- d-----w C:\Program Files\T4_Internet_T4_ par_Internet_8.1
2008-02-24 08:56 --------- d-----w C:\Documents and Settings\STEPHEN\Application Data\XnView
2008-02-24 06:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI MMC
2008-02-24 06:31 --------- d-----w C:\Documents and Settings\STEPHEN\Application Data\ATI MMC
2008-02-24 05:36 --------- d-----w C:\Program Files\Common Files\ATI
2008-02-24 05:36 --------- d-----w C:\Program Files\ATI Multimedia
2008-02-24 02:39 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2008-02-24 02:36 --------- d-----w C:\Program Files\Common Files\CyberLink
2008-02-24 02:26 --------- d-----w C:\Program Files\TitanTV
2008-02-24 02:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-02-24 01:50 --------- d-----w C:\Program Files\ATI Technologies
2008-02-23 19:45 --------- d--h--w C:\Program Files\Creative Installation Information
2008-02-23 19:40 --------- d-----w C:\Program Files\Creative
2008-02-23 19:39 --------- d-----w C:\Program Files\Common Files\Creative
2008-02-23 18:30 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-02-23 18:30 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-02-23 18:29 --------- d-----w C:\Documents and Settings\STEPHEN\Application Data\Creative
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-13 12:27 27,262,976 ----a-w C:\VIRTPART.DAT
2008-02-01 17:11 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-29 17:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2008-01-22 20:44 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-01-22 20:43 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-01-22 20:42 593,920 ----a-w C:\WINDOWS\system32\ati2sgag.exe
2008-01-22 20:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-01-22 20:36 9,949,184 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-01-22 20:35 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-01-22 20:35 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-01-22 20:35 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-01-22 20:34 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-01-22 20:33 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-01-22 20:25 3,121,920 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-01-22 20:14 1,664,256 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-01-22 20:04 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-01-22 20:01 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-01-22 19:59 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-01-22 19:58 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-01-22 19:57 163,840 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-01-22 19:53 503,808 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2006-05-24 21:38 233,472 ----a-w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-18 22:00 204,895 ----a-w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 19:41 77,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-05-18 21:59 426,081 ----a-w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 17:19 458,752 ----a-w C:\Program Files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 23:35 139,264 ----a-w C:\Program Files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 16:10 204,800 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 16:42 106,496 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 16:22 212,992 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 16:21 167,936 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2004-08-19 20:25 220 --sh--w C:\WINDOWS\dwin.sys
2001-08-23 12:00 989 --sha-r C:\WINDOWS\ntosboot.dat
2003-02-15 14:08 3,958 --sha-w C:\WINDOWS\rreg64.dll
2003-02-15 14:08 1,057 --sha-w C:\WINDOWS\utapi64.dll
2008-01-21 20:31 2 --shatr C:\WINDOWS\winstart.bat
2003-02-28 19:49 32 --sha-w C:\WINDOWS\{13FEA7F5-3455-4F16-B9F2-F38D736EB683}.dat
2003-02-28 19:48 32 --sha-w C:\WINDOWS\{3397F6B4-E5EF-4D1A-956E-33A924C3FCD8}.dat
2003-02-28 19:52 32 --sha-w C:\WINDOWS\{3EBD59AC-EC26-4900-9168-5E5B8A27609A}.dat
2003-02-28 19:51 32 --sha-w C:\WINDOWS\{6C508746-7EF1-439C-8A5C-6CE60858ED9C}.dat
2003-02-28 19:51 32 --sha-w C:\WINDOWS\{6F40350B-AD67-4A15-8351-FA3547E91933}.dat
2003-02-28 19:49 32 --sha-w C:\WINDOWS\{93D76E51-EB68-4780-8BDD-5E6B6557B74E}.dat
2003-02-28 19:49 32 --sha-w C:\WINDOWS\{9AFE5258-F07C-4EF7-8CF3-83A89E03964A}.dat
2006-05-08 01:00 56 --sha-r C:\WINDOWS\system32\FF074B50CF.sys
2006-05-08 01:00 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2004-08-04 07:56 22,528 --sha-r C:\WINDOWS\system32\wsock32.dll
2003-02-28 19:51 32 --sha-w C:\WINDOWS\system32\{2BA47833-53C1-4DE9-B8D2-2CEA4C27925E}.dat
2003-02-28 19:52 32 --sha-w C:\WINDOWS\system32\{371696FE-D158-45C0-B4E7-3732A6A9507F}.dat
2003-02-28 19:49 32 --sha-w C:\WINDOWS\system32\{50861BDB-DC6B-4407-B42A-999E0E8F8F99}.dat
2003-02-28 19:51 32 --sha-w C:\WINDOWS\system32\{7CD86ABA-4C4A-41B1-B135-636648E44446}.dat
2003-02-28 19:49 32 --sha-w C:\WINDOWS\system32\{84478FED-A3BB-40C8-912B-3066701D7F3F}.dat
2003-02-28 19:48 32 --sha-w C:\WINDOWS\system32\{A4EEE221-EF03-4C60-B3DD-219A779664FA}.dat
2003-02-28 19:49 32 --sha-w C:\WINDOWS\system32\{A9CE5FE7-40C9-4B63-AE34-A2ACEB5F8061}.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\winscv ----

2008-04-16 23:25 0 --ahs---- C:\Program Files\winscv\winini.dat
2007-06-13 05:23 56189 --a------ C:\Program Files\winscv\install.exe


((((((((((((((((((((((((((((( snapshot@2008-04-21_23.21.53.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-04-16 15:52:53 158,070 ----a-w C:\WINDOWS\system32\delipwiz32.dll
+ 2007-04-16 15:52:53 158,526 ----a-w C:\WINDOWS\system32\delipwiz32.dll
+ 2008-04-22 10:13:04 53,248 ----a-w C:\WINDOWS\Temp\catchme.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5E15C29A-B33F-45A3-A540-A6E66832FC3B}]
2003-12-05 19:35 174080 --a------ C:\PROGRA~1\FOLDER~1\BETA1~1\SUBCLA~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90C8E8F8-A7C9-41E4-92E4-C679AE6FB78D}]
2007-10-26 18:17 83248 --a------ C:\Program Files\RapidSolution\Videoraptor\VideoRaptorIePlugin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Adobe]
@={8AB18ADC-402A-4B52-A63A-155F45C07F4E}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DynSite"="C:\Program Files\Noël Danjou\DynSite\DynSite.exe" [2006-07-05 04:44 1376256]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Network Assistant"="C:\Program Files\Network Assistant\Nassi.exe" [2005-10-06 12:30 2450944]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-22 05:55 68856]
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [2006-10-31 22:24 57344]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-08 18:33 53096]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RemotelyAnywhere GUI"="C:\Program Files\RemotelyAnywhere\RAGui.exe" [2006-05-02 18:40 377608]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 21:06 2595616]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 21:11 909208]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 21:07 140568]
"Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [2008-01-10 05:43 2037088]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 13:01 1037736]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"DPAgnt"="C:\Program Files\DigitalPersona\Bin\DPAgnt.exe" [2006-10-09 17:27 807440]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 12:13 988584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 02:56 15360]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-02-04 02:37 160592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 03:48 53760 C:\WINDOWS\system32\narrator.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 00:59 44544]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-09-03 14:56:06 499779]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-04-22 05:55:08 124912]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 20:28:24 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"LoginPrompt"= DADEDADADCD4D8D9

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Urlodfav"= {4A8CE92D-C832-4E79-9096-FC5531C4760B} - C:\WINDOWS\system32\movelavi.dll [2007-04-16 10:52 1490944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]
C:\WINDOWS\system32\DPWLEvHd.dll 2006-10-09 17:27 99856 C:\WINDOWS\system32\DPWLEvHd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPNotifier]
OPWinLogon.dll 2004-04-21 10:42 45056 C:\WINDOWS\system32\OPWinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2006-02-14 12:00 8704 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RAinit]
RAinit.dll 2006-05-02 18:40 10496 C:\WINDOWS\system32\RAinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
"VIDC.VDOM"= vdowave.drv
"VIDC.NSVI"= nsvideo.dll
"vidc.dvsd"= dvc.dll
"msacm.msnaudio"= msnaudio.acm
"vidc.XVID"= xvid.dll
"msacm.divxa32"= divxa32.acm
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.UV12"= SCDeluxe.ax
"SENTINEL"= snti386.dll
"msacm.lameacm"= lameACM.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"vidc.CDVC"= cdvccodc.dll
"msacm.enc"= ITIG726.acm
"vidc.aflc"= flccodec32.dll
"vidc.afli"= flccodec32.dll
"vidc.aasc"= aasc32.dll
"VIDC.CFHD"= CFHD.dll
"msacm.mkdmp3enc"= C:\PROGRA~1\CYBERL~1\MakeDVD\Kernel\Burner\MKDMP3Enc.ACM
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"MSVideo1"= CSvidcap.dll
"VIDC.ACDV"= ACDV.dll
"VIDC.VCR2"= ATIVCR2.DLL
"VIDC.DRAW"= DVIDEO.DLL
"VIDC.VCR1"= ATIVCR1.DLL
"VIDC.YV12"= ATIYUV12.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup=C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2006-01-12 21:52 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
-ra------ 2007-02-13 15:00 61440 C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
--a------ 2005-04-04 19:58 856064 C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect]
--a------ 2006-10-31 22:24 57344 C:\Program Files\ATI Multimedia\main\ATIDtct.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Scheduler]
--a------ 2006-10-31 22:25 26624 C:\Program Files\ATI Multimedia\main\ATISched.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 19:23 102400 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
--------- 2006-11-09 11:19 204800 C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
--------- 2003-06-18 02:00 45056 C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-08-11 15:56 17920 C:\WINDOWS\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-08-11 15:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-03-12 22:43 81920 C:\Program Files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Directory Opus Desktop Dblclk]
--a------ 2007-09-13 15:41 275984 C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2006-05-05 12:19 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InvisibleBrowsing]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-02-16 16:15 221184 c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-10-12 16:52 53248 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\modemspy]
C:\Program Files\Modem Spy\modemspy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nitro PDF Printer Monitor]
--a------ 2007-10-31 21:18 204800 C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Opware15]
--a------ 2005-07-06 00:58 69632 C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2006-05-05 12:18 36864 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pfp.exe]
C:\Program Files\Protect Files Pro\pfp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
--------- 2004-08-17 16:07 143360 C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2006-01-18 08:47 1687552 C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2006-01-18 21:17 163840 C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeePassword]
--a------ 2005-06-25 18:18 1347584 C:\Program Files\SeePassword\SeePassword.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMPAutoStart]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-02-23 21:16 1266936 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
--a------ 2005-05-18 14:51 81920 C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVR SchSvr]
--a------ 2003-06-09 13:23 151552 C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{1290A33C-85F5-4164-A1BE-7DD299D4986A}]
--------- 2005-04-11 15:34 69721 C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"perfmons"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\mirc for DVDtorrents\\mirc.exe"=
"C:\\Program Files\\Mirc for sattech\\Sattech.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Capturix VideoSpy\\cvs.exe"=
"C:\\Program Files\\Capturix VideoSpy\\cvs2.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Symantec\\pcAnywhere\\Winaw32.exe"=
"C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"=
"C:\\Program Files\\Call of Duty\\CoDUOMP.exe"=
"C:\\Program Files\\webcamXP\\webcamXP.exe"=
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\g3torrent\\g3torrent.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"C:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\CyberLink\\MakeDVD\\MakeDVD.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Network Assistant\\Nassi.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"50000:TCP"= 50000:TCP:AZUREUS

R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys [2004-03-12 22:41]
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys [2004-03-12 22:41]
R0 dontgo;Promise Removable Disk Control Driver;C:\WINDOWS\system32\DRIVERS\DontGo.sys [2004-06-29 15:25]
R0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys [2007-05-16 12:42]
R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-01-24 21:08]
R0 ulsata2;ulsata2;C:\WINDOWS\system32\DRIVERS\ulsata2.sys [2005-06-29 17:44]
R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 17:24]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-23 02:15]
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 21:27]
R1 CINEMSUP;Cinemsup;C:\WINDOWS\System32\drivers\cinemsup.sys [2002-07-19 08:10]
R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 16:11]
R1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\lvsound2.sys [2002-06-10 14:20]
R1 Myscope;Myscope;C:\Program Files\U.S. Robotics\U.S. Robotics Internet Call Notification\W2k\myscope.sys [2002-09-02 19:42]
R1 pivot;pivot;C:\WINDOWS\system32\drivers\pivot.sys [2005-11-10 11:37]
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 18:09]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 18:09]
R2 OOCleverCache;O&O CleverCache Pro;C:\Program Files\OO Software\CleverCache\OOCCSVC.exe [2002-04-11 14:55]
R2 pardrv;pardrv;C:\WINDOWS\system32\drivers\pardrv.sys [2006-01-10 14:59]
R2 PD91Agent;PD91Agent;"C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe" [2008-01-16 11:52]
R2 RAInfo;RemotelyAnywhere Kernel Information Provider;C:\Program Files\RemotelyAnywhere\RaInfo.sys [2006-05-02 18:41]
R2 TryAndDecideService;Acronis Try And Decide Service;"C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe" [2007-10-30 21:51]
R2 UtMsgSvc;UtMsgAgt;"C:\Program Files\Promise\Promise Disk Controller Manager\UtMsgAgt.exe" [2004-09-22 18:06]
R2 V7;V7;C:\WINDOWS\system32\drivers\V7.sys [2000-03-10 01:24]
R2 wfxsvc;WinFax PRO;C:\WINDOWS\system32\WFXSVC.EXE [2000-09-29 00:58]
R3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys [2002-12-30 11:53]
R3 dpK0Bx01;Fingerprint Reader Filter Driver;C:\WINDOWS\system32\DRIVERS\dpK0Bx01.sys [2006-09-16 18:25]
R3 EuMusDesignVirtualAudioCableWdm_jrm;MuvEnum Virtual Cable;C:\WINDOWS\system32\DRIVERS\vacjrmkd.sys [2007-04-07 13:17]
R3 hpusbfd;Hewlett-Packard USB Filter Class;C:\WINDOWS\system32\DRIVERS\hpusbfd.sys [2002-05-22 10:40]
R3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-06-10 14:21]
R3 LVVI500A;LVVI500A Service;C:\WINDOWS\system32\DRIVERS\lvvi500a.sys [2002-06-10 14:24]
R3 ramirr;ramirr;C:\WINDOWS\system32\DRIVERS\ramirr.sys [2006-05-02 18:41]
R3 UsbdpFP;Fingerprint Reader Class Driver;C:\WINDOWS\system32\DRIVERS\UsbdpFP.sys [2006-09-16 18:23]
R3 uscsc108;uscsc108;C:\WINDOWS\system32\DRIVERS\uscsc108.sys [2003-03-09 18:41]
R3 UTDpcService;ULEVTBDG;C:\Program Files\Promise\Promise Disk Controller Manager\ULEVTBDG.sys [2004-09-20 16:54]
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys []
S0 SI3112;SiI-3112 SATALink Controller;C:\WINDOWS\system32\DRIVERS\SI3112.sys []
S2 Parclass;Parclass;C:\WINDOWS\system32\Drivers\Parclass.sys [2003-02-10 15:30]
S3 ASUSHWIO;ASUSHWIO;C:\WINDOWS\System32\drivers\ASUSHWIO.sys []
S3 AWGateway;Symantec pcAnywhere Gateway Service;"C:\Program Files\Symantec\pcAnywhere Gateway\AWGateway.exe" [2006-05-01 13:40]
S3 bepldr;BCL easyPDF SDK 5 Loader;"C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe" [2007-08-22 17:19]
S3 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 16:19]
S3 FTD2XX;HiLo Systems -- USB Drivers;C:\WINDOWS\system32\Drivers\FTD2XX.sys [2004-10-15 16:49]
S3 IBService;IBService;C:\Program Files\Invisible Browsing\servers\IBService.exe [2007-01-09 15:38]
S3 LV506AV;Logitech QuickCam Cordless(PID_0430);C:\WINDOWS\system32\DRIVERS\LV506AV.SYS [2002-12-10 17:56]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\59.tmp []
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-07 15:11]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 15:22]
S3 OPStorage;WebCCTV Storage Service;C:\Program Files\Quadrox\WebCCTV\Bin\OPStorage.exe [2004-05-07 15:46]
S3 OV681;EZMega Cam;C:\WINDOWS\system32\Drivers\om681vid.sys []
S3 PCD61X2;PCD61X2;C:\DOCUME~1\STEPHEN\LOCALS~1\Temp\PCD61X2.sys []
S3 PD91Engine;PD91Engine;"C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe" [2008-01-16 11:52]
S3 Pg4uUSB;BK PRECISION driver;C:\WINDOWS\system32\DRIVERS\pg4uusb.sys [2006-10-18 10:04]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2004-02-14 12:09]
S3 pivotmou;Pivot Mouse/Pointers Filter Driver;C:\WINDOWS\System32\drivers\pivotmou.sys [2005-11-10 11:37]
S3 SCDELUXES;SiPix StyleCam Deluxe (still);C:\WINDOWS\system32\DRIVERS\se402sc.sys []
S3 SCDELUXEV;SiPix StyleCam Deluxe (video);C:\WINDOWS\system32\DRIVERS\se402vc.sys []
S3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys [2001-08-