Here's what HJT reports:
===================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:39:55, on 8/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ISS\Proventia Desktop\blackd.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\ISS\Proventia Desktop\RapApp.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ISS\Proventia Desktop\vpatch.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\jglarihg\befcjsre.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\WIRELE~1\WirelessKB.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\lphclhfj0endr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\TMobile\PwpUpdtr.exe
C:\PROGRA~1\TMobile\TMPwpCli.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\ISS\Proventia Desktop\blackice.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\PC-TV\WinManager\WinManager.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StandardKeyboard] C:\WINDOWS\WIRELE~1\WirelessKB.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [lphclhfj0endr] C:\WINDOWS\system32\lphclhfj0endr.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingC7348] cmd /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [TeamOnPwpUpdater-TMPwpCli] "C:\Program Files\TMobile\PwpUpdtr.exe" TMPwpCli
O4 - HKCU\..\Run: [tmpwpcli] C:\PROGRA~1\TMobile\TMPwpCli.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [CmdShWin] C:\WINDOWS\system32\duxsbslm.exe
O4 - HKLM\..\Policies\Explorer\Run: [l2QzGq0hBa] C:\Documents and Settings\All Users\Application Data\jglarihg\befcjsre.exe
O4 - Startup: Launch Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Startup: TCLOCKEX.EXE.lnk = E:\BackUp\Setups\TClockEx\TCLOCKEX.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Proventia Desktop Agent.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinManager.lnk = C:\Program Files\PC-TV\WinManager\WinManager.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live

Toolbar\Components\en-us\msntabres.dll.mui/229?7ba234f3ed5a4b49871d993e5a75abb6
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live

Toolbar\Components\en-us\msntabres.dll.mui/230?7ba234f3ed5a4b49871d993e5a75abb6
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {50D05FAC-D462-4795-8818-738FCF776FBC} (TMobile PwpClient DwnLdr Class) -

https://myemail.t-mobile.com/html/web/client_tools/TMobile-PwpClient.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1216162484703
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -

http://www.creative.com/softwareupdate/su/ocx/15102/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{34FA4B1C-875D-438F-BC08-BF3B74B96013}: NameServer = 192.168.1.1,192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{3583D35B-FB59-4530-BF47-0B5ED42DEEB1}: NameServer = 192.168.1.1,192.168.2.1
O21 - SSODL: DbCmdMnt - {0DBA5C92-6B53-53A1-29F6-0BC89BF2002F} - C:\Program Files\pzaotbe\DbCmdMnt.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common

Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 13283 bytes

Hi hendy64

Please download Malwarebytes' Anti-Malware (http://www.malwaresupport.com/mbam/program/mbam-setup.exe) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply along with a fresh HijackThis log.

MBAM LOG
========
Malwarebytes' Anti-Malware 1.25
Database version: 1076
Windows 5.1.2600 Service Pack 3

09:33:36 8/22/2008
mbam-log-08-22-2008 (09-33-36).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 177619
Time elapsed: 2 hour(s), 5 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 43

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphclhfj0endr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Hijackthis LOG
==========
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:13, on 8/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\ISS\Proventia Desktop\blackd.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\ISS\Proventia Desktop\RapApp.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ISS\Proventia Desktop\vpatch.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\jglarihg\befcjsre.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\WIRELE~1\WirelessKB.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\ISS\Proventia Desktop\blackice.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\PC-TV\WinManager\WinManager.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StandardKeyboard] C:\WINDOWS\WIRELE~1\WirelessKB.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingC7348] cmd /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKLM\..\Policies\Explorer\Run: [l2QzGq0hBa] C:\Documents and Settings\All Users\Application Data\jglarihg\befcjsre.exe
O4 - Startup: Launch Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Startup: TCLOCKEX.EXE.lnk = E:\BackUp\Setups\TClockEx\TCLOCKEX.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Proventia Desktop Agent.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinManager.lnk = C:\Program Files\PC-TV\WinManager\WinManager.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?7ba234f3ed5a4b49871d993e5a75abb6
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?7ba234f3ed5a4b49871d993e5a75abb6
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {50D05FAC-D462-4795-8818-738FCF776FBC} - https://myemail.t-mobile.com/html/web/client_tools/TMobile-PwpClient.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1216162484703
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15102/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{34FA4B1C-875D-438F-BC08-BF3B74B96013}: NameServer = 192.168.1.1,192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{3583D35B-FB59-4530-BF47-0B5ED42DEEB1}: NameServer = 192.168.1.1,192.168.2.1
O21 - SSODL: DbCmdMnt - {0DBA5C92-6B53-53A1-29F6-0BC89BF2002F} - C:\Program Files\pzaotbe\DbCmdMnt.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 12925 bytes

Download OTScanIt.exe (http://download.bleepingcomputer.com/oldtimer/OTScanIt.exe) to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.

In the Files Created Within group click 30 days
In the Files Modified Within group select 30 days
In the File String Search group select Non-Microsoft

Now click the Run Scan button on the toolbar.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

OTScanIt Part 1
=======
[code]
OTScanIt logfile created on: 8/22/2008 10:36:01
OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Jeff\Desktop\OTScanIt
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 61.13% Memory free
3.85 Gb Paging File | 2.93 Gb Available in Paging File | 76.12% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 6.41 Gb Free Space | 8.60% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 3.00 Gb Free Space | 0.64% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 14.79 Gb Free Space | 9.92% Space Free | Partition Type: NTFS
Drive F: | 149.05 Gb Total Space | 113.00 Gb Free Space | 75.82% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASH000000000002
Current User Name: Jeff
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4201 | Size = 561152 bytes | Modified Date = 7/3/2008 21:12:02 | Attr = ]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4201 | Size = 561152 bytes | Modified Date = 7/3/2008 21:12:02 | Attr = ]
nhksrv.exe -> %ProgramFiles%\Netropa\Multimedia Keyboard\nhksrv.exe -> [Ver = | Size = 28672 bytes | Modified Date = 8/6/2001 06:41:48 | Attr = ]
blackd.exe -> %ProgramFiles%\ISS\Proventia Desktop\blackd.exe -> Internet Security Systems, Inc. [Ver = 8.0.812.1913 | Size = 2011473 bytes | Modified Date = 1/16/2007 14:37:16 | Attr = ]
ctsvccda.exe -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 01:01:00 | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.14.19.1 | Size = 73728 bytes | Modified Date = 7/30/2008 10:47:24 | Attr = ]
ramaint.exe -> %ProgramFiles%\LogMeIn\x86\ramaint.exe -> LogMeIn, Inc. [Ver = 4.0.734 | Size = 116032 bytes | Modified Date = 5/28/2008 12:32:34 | Attr = ]
logmein.exe -> %ProgramFiles%\LogMeIn\x86\LogMeIn.exe -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63040 bytes | Modified Date = 2/28/2008 15:31:50 | Attr = ]
lmiguardian.exe -> %ProgramFiles%\LogMeIn\x86\LMIGuardian.exe -> LogMeIn, Inc. [Ver = 8.0.734 | Size = 87360 bytes | Modified Date = 5/28/2008 12:32:30 | Attr = ]
frameworkservice.exe -> %ProgramFiles%\McAfee\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 104000 bytes | Modified Date = 12/19/2006 11:24:50 | Attr = ]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.2.116.x86 | Size = 144960 bytes | Modified Date = 8/13/2007 20:50:00 | Attr = ]
vstskmgr.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\vstskmgr.exe -> McAfee, Inc. [Ver = 8.5.0.857 | Size = 54608 bytes | Modified Date = 8/13/2007 20:50:00 | Attr = ]
nbservice.exe -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBService.exe -> Nero AG [Ver = 3, 1, 0, 0 | Size = 853288 bytes | Modified Date = 9/20/2007 08:51:46 | Attr = ]
naprdmgr.exe -> %ProgramFiles%\McAfee\Common Framework\naPrdMgr.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 136768 bytes | Modified Date = 12/19/2006 11:27:54 | Attr = ]
rapapp.exe -> %ProgramFiles%\ISS\Proventia Desktop\RapApp.exe -> Internet Security Systems, Inc. [Ver = 8.0.812.0 | Size = 844126 bytes | Modified Date = 9/13/2006 16:59:06 | Attr = ]
richvideo.exe -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 8/8/2005 13:54:00 | Attr = ]
vpatch.exe -> %ProgramFiles%\ISS\Proventia Desktop\vpatch.exe -> Internet Security Systems, Inc. [Ver = 8.0.812.0 | Size = 426333 bytes | Modified Date = 9/13/2006 16:59:06 | Attr = ]
befcjsre.exe -> %AllUsersProfile%\Application Data\jglarihg\befcjsre.exe -> [Ver = | Size = 57344 bytes | Modified Date = 8/18/2008 22:28:33 | Attr = ]
ctsysvol.exe -> %ProgramFiles%\Creative\SBAudigy\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.4.8.0 | Size = 57344 bytes | Modified Date = 10/31/2005 10:51:52 | Attr = ]
taskswitch.exe -> %SystemRoot%\system32\TaskSwitch.exe -> [Ver = | Size = 45632 bytes | Modified Date = 3/19/2002 17:30:00 | Attr = ]
logmeinsystray.exe -> %ProgramFiles%\LogMeIn\x86\LogMeInSystray.exe -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63048 bytes | Modified Date = 2/28/2008 15:31:50 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 04:27:04 | Attr = ]
wirelesskb.exe -> %SystemRoot%\WirelessKB\WirelessKB.exe -> [Ver = 1, 0, 0, 1 | Size = 38268 bytes | Modified Date = 11/30/2006 08:33:32 | Attr = ]
lmiguardian.exe -> %ProgramFiles%\LogMeIn\x86\LMIGuardian.exe -> LogMeIn, Inc. [Ver = 8.0.734 | Size = 87360 bytes | Modified Date = 5/28/2008 12:32:30 | Attr = ]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0910 | Size = 30208 bytes | Modified Date = 12/7/2005 22:57:00 | Attr = ]
dvd43_tray.exe -> %ProgramFiles%\dvd43\DVD43_Tray.exe -> [Ver = 4.3.1.0 | Size = 826880 bytes | Modified Date = 4/9/2008 10:00:54 | Attr = ]
shstat.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\shstat.exe -> McAfee, Inc. [Ver = 8.5.0.871 | Size = 111952 bytes | Modified Date = 8/13/2007 20:50:00 | Attr = ]
udaterui.exe -> %ProgramFiles%\McAfee\Common Framework\UdaterUI.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 136768 bytes | Modified Date = 12/19/2006 11:27:00 | Attr = ]
mmkeybd.exe -> %ProgramFiles%\Netropa\Multimedia Keyboard\MMKeybd.exe -> Netropa Corp. [Ver = 1.00 | Size = 176128 bytes | Modified Date = 7/12/2002 00:22:58 | Attr = ]
mctray.exe -> %ProgramFiles%\McAfee\Common Framework\Mctray.exe -> McAfee, Inc. [Ver = 1.0.0.125 | Size = 86016 bytes | Modified Date = 12/19/2006 15:06:00 | Attr = ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 6, 2, 23 | Size = 1832272 bytes | Modified Date = 8/18/2008 18:41:00 | Attr = RHS]
osd.exe -> %ProgramFiles%\Netropa\Onscreen Display\osd.exe -> Netropa Corp. [Ver = 2.02 | Size = 90112 bytes | Modified Date = 11/14/2001 04:03:12 | Attr = ]
idman.exe -> %ProgramFiles%\Internet Download Manager\IDMan.exe -> Tonec Inc. [Ver = 5.14.3.0 | Size = 2610608 bytes | Modified Date = 7/29/2008 08:18:04 | Attr = ]
lightscribecontrolpanel.exe -> %CommonProgramFiles%\LightScribe\LightScribeControlPanel.exe -> Hewlett-Packard Company [Ver = 1.14.19.1 | Size = 2363392 bytes | Modified Date = 7/30/2008 10:41:46 | Attr = ]
hpohmr08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.170 | Size = 147456 bytes | Modified Date = 12/2/2002 21:08:34 | Attr = ]
hpotdd01.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 40960 bytes | Modified Date = 12/2/2002 20:56:10 | Attr = ]
blackice.exe -> %ProgramFiles%\ISS\Proventia Desktop\blackice.exe -> Internet Security Systems, Inc. [Ver = 8.0.812.0 | Size = 1536346 bytes | Modified Date = 9/13/2006 16:59:12 | Attr = ]
iemonitor.exe -> %ProgramFiles%\Internet Download Manager\IEMonitor.exe -> Tonec Inc. [Ver = 5, 12, 8, 0 | Size = 251312 bytes | Modified Date = 2/18/2008 07:01:01 | Attr = ]
winmanager.exe -> %ProgramFiles%\PC-TV\WinManager\WinManager.exe -> [Ver = 1, 0, 0, 1 | Size = 57344 bytes | Modified Date = 5/26/2005 04:30:46 | Attr = ]
hpoevm08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.170 | Size = 282624 bytes | Modified Date = 12/2/2002 20:30:02 | Attr = ]
hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 5, 0, 5, 3 | Size = 65536 bytes | Modified Date = 11/27/2002 05:30:30 | Attr = ]
hposts08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hposts08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.170 | Size = 307200 bytes | Modified Date = 12/2/2002 20:41:48 | Attr = ]
setup.exe -> %SystemDrive%\ATI\SUPPORT\8-8_xp32_dd_ccc_wdm_enu_67975\Setup.exe -> ATI Technologies Inc. [Ver = 6.14.10.1005 | Size = 65536 bytes | Modified Date = 7/31/2008 19:05:00 | Attr = ]
aticim.bin -> %SystemDrive%\ATI\SUPPORT\8-8_xp32_dd_ccc_wdm_enu_67975\AtiCim.bin -> ATI Technologies Inc. [Ver = 6.14.10.3014 | Size = 151552 bytes | Modified Date = 7/31/2008 19:05:00 | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 09:29:54 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4201 | Size = 561152 bytes | Modified Date = 7/3/2008 21:12:02 | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [Ver = 5.13.0027 | Size = 593920 bytes | Modified Date = 7/31/2008 21:05:00 | Attr = ]
(BlackICE) BlackICE [Win32_Own | Unknown | Running] -> -> File not found
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 01:01:00 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 4/13/2008 18:12:17 | Attr = ]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.14.19.1 | Size = 73728 bytes | Modified Date = 7/30/2008 10:47:24 | Attr = ]
(LMIMaint) LogMeIn Maintenance Service [Win32_Own | Auto | Running] -> %ProgramFiles%\LogMeIn\x86\ramaint.exe -> LogMeIn, Inc. [Ver = 4.0.734 | Size = 116032 bytes | Modified Date = 5/28/2008 12:32:34 | Attr = ]
(LogMeIn) LogMeIn [Win32_Own | Auto | Running] -> %ProgramFiles%\LogMeIn\x86\LogMeIn.exe -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63040 bytes | Modified Date = 2/28/2008 15:31:50 | Attr = ]
(McAfeeFramework) McAfee Framework Service [Win32_Own | Unknown | Running] -> %ProgramFiles%\McAfee\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 104000 bytes | Modified Date = 12/19/2006 11:24:50 | Attr = ]
(McShield) McAfee McShield [Win32_Own | Unknown | Running] -> %ProgramFiles%\McAfee\VirusScan Enterprise\mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.2.116.x86 | Size = 144960 bytes | Modified Date = 8/13/2007 20:50:00 | Attr = ]
(McTaskManager) McAfee Task Manager [Win32_Own | Unknown | Running] -> %ProgramFiles%\McAfee\VirusScan Enterprise\vstskmgr.exe -> McAfee, Inc. [Ver = 8.5.0.857 | Size = 54608 bytes | Modified Date = 8/13/2007 20:50:00 | Attr = ]
(Nero BackItUp Scheduler 3) Nero BackItUp Scheduler 3 [Win32_Own | Auto | Running] -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBService.exe -> Nero AG [Ver = 3, 1, 0, 0 | Size = 853288 bytes | Modified Date = 9/20/2007 08:51:46 | Attr = ]
(nhksrv) Netropa NHK Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Netropa\Multimedia Keyboard\nhksrv.exe -> [Ver = | Size = 28672 bytes | Modified Date = 8/6/2001 06:41:48 | Attr = ]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Nero\Lib\NMIndexingService.exe -> Nero AG [Ver = 3.1.4.0 | Size = 382248 bytes | Modified Date = 11/15/2007 12:43:04 | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 5, 0, 5, 3 | Size = 65536 bytes | Modified Date = 11/27/2002 05:30:30 | Attr = ]
(RapApp) RapApp [Win32_Own | Unknown | Running] -> -> File not found
(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 8/8/2005 13:54:00 | Attr = ]
(VPatch) ISS Buffer Overflow Exploit Prevention [Win32_Own | Unknown | Running] -> -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ATICustomerCare -> %ProgramFiles%\ATI\ATICustomerCare\ATICustomerCare.exe ["C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"] -> Advanced Micro Devices, Inc. [Ver = 2.0.0.0 | Size = 307200 bytes | Modified Date = 10/4/2007 18:38:38 | Attr = ]
ATIModeChange -> %SystemRoot%\system32\Ati2mdxx.exe [Ati2mdxx.exe] -> ATI Technologies, Inc. [Ver = 6, 14, 10, 2495 | Size = 26112 bytes | Modified Date = 7/31/2008 22:22:59 | Attr = ]
CoolSwitch -> %SystemRoot%\system32\TaskSwitch.exe [C:\WINDOWS\system32\taskswitch.exe] -> [Ver = | Size = 45632 bytes | Modified Date = 3/19/2002 17:30:00 | Attr = ]
CTSysVol -> %ProgramFiles%\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r] -> Creative Technology Ltd [Ver = 1.4.8.0 | Size = 57344 bytes | Modified Date = 10/31/2005 10:51:52 | Attr = ]
CTXFIREG -> [CTxfiReg.exe] -> File not found
dvd43 -> %ProgramFiles%\dvd43\DVD43_Tray.exe [C:\Program Files\dvd43\dvd43_tray.exe] -> [Ver = 4.3.1.0 | Size = 826880 bytes | Modified Date = 4/9/2008 10:00:54 | Attr = ]
LanguageShortcut -> %ProgramFiles%\CyberLink\PowerDVD\Language\Language.exe ["C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"] -> [Ver = 1, 0, 1613, 0 | Size = 49152 bytes | Modified Date = 4/13/2006 11:09:00 | Attr = ]
LogMeIn GUI -> %ProgramFiles%\LogMeIn\x86\LogMeInSystray.exe ["C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"] -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63048 bytes | Modified Date = 2/28/2008 15:31:50 | Attr = ]
McAfeeUpdaterUI -> %ProgramFiles%\McAfee\Common Framework\UdaterUI.exe ["C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey] -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 136768 bytes | Modified Date = 12/19/2006 11:27:00 | Attr = ]
MULTIMEDIA KEYBOARD -> %ProgramFiles%\Netropa\Multimedia Keyboard\MMKeybd.exe [C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe] -> Netropa Corp. [Ver = 1.00 | Size = 176128 bytes | Modified Date = 7/12/2002 00:22:58 | Attr = ]
NBKeyScan -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBKeyScan.exe ["C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"] -> Nero AG [Ver = 3, 1, 0, 0 | Size = 1836328 bytes | Modified Date = 9/20/2007 08:51:46 | Attr = ]
NeroFilterCheck -> %CommonProgramFiles%\Nero\Lib\NeroCheck.exe [C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe] -> Nero AG [Ver = 1, 0, 0, 6 | Size = 153136 bytes | Modified Date = 3/1/2007 14:57:24 | Attr = ]
Network Associates Error Reporting Service -> %CommonProgramFiles%\Network Associates\TalkBack\tbmon.exe ["C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"] -> File not found
P17Helper -> %SystemRoot%\system32\P17.dll [Rundll32 P17.dll,P17Helper] -> [Ver = 1.0.1.107 | Size = 81408 bytes | Modified Date = 3/17/2006 16:11:56 | Attr = ]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe ["C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"] -> Cyberlink Corp. [Ver = 5.00.0910 | Size = 30208 bytes | Modified Date = 12/7/2005 22:57:00 | Attr = ]
ShStatEXE -> %ProgramFiles%\McAfee\VirusScan Enterprise\shstat.exe ["C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE] -> McAfee, Inc. [Ver = 8.5.0.871 | Size = 111952 bytes | Modified Date = 8/13/2007 20:50:00 | Attr = ]
SpybotSnD -> %ProgramFiles%\Spybot - Search & Destroy\SpybotSD.exe ["C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart] -> Safer Networking Limited [Ver = 1, 6, 0, 31 | Size = 4891984 bytes | Modified Date = 7/30/2008 14:45:42 | Attr = ]
StandardKeyboard -> %SystemRoot%\WirelessKB\WirelessKB.exe [C:\WINDOWS\WIRELE~1\WirelessKB.exe] -> [Ver = 1, 0, 0, 1 | Size = 38268 bytes | Modified Date = 11/30/2006 08:33:32 | Attr = ]
StartCCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> Advanced Micro Devices, Inc. [Ver = 1, 0, 0, 1 | Size = 61440 bytes | Modified Date = 7/16/2008 16:57:18 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 04:27:04 | Attr = ]
UpdReg -> %SystemRoot%\Updreg.EXE [C:\WINDOWS\UpdReg.EXE] -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 5/11/2000 01:00:00 | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Nero\Lib\NMBgMonitor.exe ["C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"] -> Nero AG [Ver = 3.1.4.0 | Size = 202024 bytes | Modified Date = 11/15/2007 12:42:34 | Attr = ]
IDMan -> %ProgramFiles%\Internet Download Manager\IDMan.exe [C:\Program Files\Internet Download Manager\IDMan.exe /onboot] -> Tonec Inc. [Ver = 5.14.3.0 | Size = 2610608 bytes | Modified Date = 7/29/2008 08:18:04 | Attr = ]
LightScribe Control Panel -> %CommonProgramFiles%\LightScribe\LightScribeControlPanel.exe [C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden] -> Hewlett-Packard Company [Ver = 1.14.19.1 | Size = 2363392 bytes | Modified Date = 7/30/2008 10:41:46 | Attr = ]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 6, 2, 23 | Size = 1832272 bytes | Modified Date = 8/18/2008 18:41:00 | Attr = RHS]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\hp psc 1000 series.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.170 | Size = 147456 bytes | Modified Date = 12/2/2002 21:08:34 | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\hpoddt01.exe.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 40960 bytes | Modified Date = 12/2/2002 20:56:10 | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\Proventia Desktop Agent.lnk -> -> File not found
%AllUsersProfile%\Start Menu\Programs\Startup\WinManager.lnk -> %ProgramFiles%\PC-TV\WinManager\WinManager.exe -> [Ver = 1, 0, 0, 1 | Size = 57344 bytes | Modified Date = 5/26/2005 04:30:46 | Attr = ]
< Jeff Startup Folder > -> C:\Documents and Settings\Jeff\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\TCLOCKEX.EXE.lnk -> E:\BackUp\Setups\TClockEx\TCLOCKEX.EXE -> Dale Nurden [Ver = 1.4.2 | Size = 89088 bytes | Modified Date = 3/15/2005 17:46:02 | Attr = ]
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
{0DBA5C92-6B53-53A1-29F6-0BC89BF2002F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\pzaotbe\DbCmdMnt.dll [DbCmdMnt] -> [Ver = | Size = 110592 bytes | Modified Date = 8/18/2008 22:28:56 | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
msapsspc.dll schannel.dll digest.dll msnsspc.dll -> -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/13/2008 18:12:19 | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 18:12:38 | Attr = ]
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/13/2008 18:12:24 | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 18:12:05 | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/13/2008 18:12:41 | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4177 | Size = 139264 bytes | Modified Date = 7/3/2008 21:13:35 | Attr = ]
LMIinit -> %SystemRoot%\system32\LMIinit.dll -> LogMeIn, Inc. [Ver = 4.0.734 | Size = 87352 bytes | Modified Date = 5/28/2008 12:32:54 | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\l2QzGq0hBa -> %AllUsersProfile%\Application Data\jglarihg\befcjsre.exe [C:\Documents and Settings\All Users\Application Data\jglarihg\befcjsre.exe] -> [Ver = | Size = 57344 bytes | Modified Date = 8/18/2008 22:28:33 | Attr = ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit -> 01 00 00 00 [binary data] ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 12:40:46 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomASUS_DRW-2014L1T________________________1.02____\5&1dcdbe85&0&0.1.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomATAPI_DVD_A__DH-3H20A___________________YX13____\5&2e1850c8&0&0.1.0 ->
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 7/15/2008 10:58:10 | Attr = ]
autoexec.bat [REM Dummy file for NTVDM | ] -> D:\autoexec.bat [ NTFS ] -> [Ver = | Size = 24 bytes | Modified Date = 9/18/2006 15:43:36 | Attr = ]
< HOSTS File > (260845 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://google.com/ ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4767 domain(s) found. ->
44 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4766 domain(s) found. ->
43 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{0055C089-8582-441B-A0BF-17B458C2A3A8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Internet Download Manager\IDMIECC.dll [IDMIEHlprObj Class] -> Tonec Inc. [Ver = 5, 14, 3, 0 | Size = 148912 bytes | Modified Date = 7/29/2008 08:15:26 | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 23:08:42 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 09:41:58 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 04:27:02 | Attr = ]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\VirusScan Enterprise\scriptcl.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.13.3.2.116.x86 | Size = 67136 bytes | Modified Date = 8/13/2007 20:50:00 | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 04:27:02 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 04:27:02 | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 09:41:58 | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 09:41:58 | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Windows &Live Favorites -> -> File not found
Download all links with IDM -> %ProgramFiles%\Internet Download Manager\IEGetAll.htm -> [Ver = | Size = 283 bytes | Modified Date = 10/20/2003 04:13:13 | Attr = ]
Download FLV video content with IDM -> %ProgramFiles%\Internet Download Manager\IEGetVL.htm -> [Ver = | Size = 278 bytes | Modified Date = 7/2/2007 00:19:10 | Attr = ]
Download with IDM -> %ProgramFiles%\Internet Download Manager\IEExt.htm -> [Ver = | Size = 277 bytes | Modified Date = 12/2/2004 10:31:09 | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
MSDigitalLocker -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{34FA4B1C-875D-438F-BC08-BF3B74B96013} -> 192.168.1.1,192.168.2.1 (VIA Rhine II Fast Ethernet Adapter) ->
{3583D35B-FB59-4530-BF47-0B5ED42DEEB1} -> 192.168.1.1,192.168.2.1 (Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=58813[Office Genuine Advantage Validation Tool] ->
{50D05FAC-D462-4795-8818-738FCF776FBC}[HKEY_LOCAL_MACHINE] -> https://myemail.t-mobile.com/html/web/client_tools/TMobile-PwpClient.cab[Reg Error: Key does not exist or could not be opened.] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1216162484703[MUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc4.cab[Office Update Installation Engine] ->
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab[Java Plug-in 1.5.0_02] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] ->
{F6ACF75C-C32C-447B-9BEF-46B766368D29}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/softwareupdate/su/ocx/15102/CTPID.cab[Creative Software AutoUpdate Support Package] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Creative/Shared Files/Software Update/CTPID.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Creative/Shared Files/Software Update/CTPID.ocx\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Creative/Shared Files/Software Update/CTPID.ocx\\{F6ACF75C-C32C-447B-9BEF-46B766368D29} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FP_AX_CAB_INSTALLER.exe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ttinst.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ttinst.dll\\.Owner -> {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ttinst.dll\\{C02226EB-A5D7-4B1F-BD7E-635E46C2288D} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{50D05FAC-D462-4795-8818-738FCF776FBC} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/comctl32.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/comctl32.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/comctl32.dll\\{50D05FAC-D462-4795-8818-738FCF776FBC} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\.Owner -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wininet.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wininet.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wininet.dll\\{50D05FAC-D462-4795-8818-738FCF776FBC} -> ->



[Files/Folders - Created Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 8/22/2008 10:32:41 | Attr = HS]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 8/22/2008 07:26:40 | Attr = ]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 8/22/2008 07:26:37 | Attr = ]
Msikbd2k.sys -> %SystemRoot%\System32\drivers\Msikbd2k.sys -> Netropa Corporation [Ver = 1.06 built by: WinDDK | Size = 6656 bytes | Created Date = 8/20/2008 12:18:00 | Attr = ]
Adobe -> %SystemRoot%\System32\Adobe -> [Folder | Created Date = 7/31/2008 15:32:38 | Attr = ]
30 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
d3d8caps.dat -> %SystemRoot%\System32\d3d8caps.dat -> [Ver = | Size = 552 bytes | Created Date = 8/20/2008 09:03:38 | Attr = ]
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [Ver = | Size = 664 bytes | Created Date = 8/1/2008 20:46:45 | Attr = ]
dyrcrkbs.exe -> %SystemRoot%\System32\dyrcrkbs.exe -> [Ver = | Size = 86016 bytes | Created Date = 8/21/2008 08:49:08 | Attr = ]
fwxajotq.exe -> %SystemRoot%\System32\fwxajotq.exe -> [Ver = | Size = 187392 bytes | Created Date = 8/20/2008 09:39:35 | Attr = ]
idmmbc.dll -> %SystemRoot%\System32\idmmbc.dll -> Tonec Inc. [Ver = 5, 14, 1, 0 | Size = 206256 bytes | Created Date = 7/29/2008 08:03:25 | Attr = ]
mfgdspur.exe -> %SystemRoot%\System32\mfgdspur.exe -> [Ver = | Size = 187904 bytes | Created Date = 8/20/2008 00:34:45 | Attr = ]
Msikbd.dll -> %SystemRoot%\System32\Msikbd.dll -> Netropa Corp. [Ver = 2.00 | Size = 98304 bytes | Created Date = 8/20/2008 12:17:59 | Attr = ]
msiosd32.dll -> %SystemRoot%\System32\msiosd32.dll -> [Ver = | Size = 28672 bytes | Created Date = 8/20/2008 12:17:59 | Attr = ]
NtmsData -> %SystemRoot%\System32\NtmsData -> [Folder | Created Date = 8/9/2008 22:53:39 | Attr = ]
Primomonnt.dll -> %SystemRoot%\System32\Primomonnt.dll -> [Ver = | Size = 176235 bytes | Created Date = 8/12/2008 11:13:41 | Attr = ]
qrwvafet.exe -> %SystemRoot%\System32\qrwvafet.exe -> [Ver = | Size = 187904 bytes | Created Date = 8/19/2008 12:34:33 | Attr = ]
stwbmheh.exe -> %SystemRoot%\System32\stwbmheh.exe -> [Ver = | Size = 90112 bytes | Created Date = 8/19/2008 12:34:37 | Attr = ]
tejqnkru.exe -> %SystemRoot%\System32\tejqnkru.exe -> [Ver = | Size = 81920 bytes | Created Date = 8/20/2008 09:40:08 | Attr = ]
ujkpepcb.exe -> %SystemRoot%\System32\ujkpepcb.exe -> [Ver = | Size = 94208 bytes | Created Date = 8/20/2008 00:34:47 | Attr = ]
vobcnkdg.exe -> %SystemRoot%\System32\vobcnkdg.exe -> [Ver = | Size = 90112 bytes | Created Date = 8/19/2008 10:26:43 | Attr = ]
zcvkhitw.exe -> %SystemRoot%\System32\zcvkhitw.exe -> [Ver = | Size = 187904 bytes | Created Date = 8/19/2008 10:26:31 | Attr = ]
zmjarghw.exe -> %SystemRoot%\System32\zmjarghw.exe -> [Ver = | Size = 187392 bytes | Created Date = 8/21/2008 08:49:04 | Attr = ]
ATICIM.INI -> %SystemRoot%\ATICIM.INI -> [Ver = | Size = 1626 bytes | Created Date = 8/22/2008 10:18:55 | Attr = ]
epsuninst.exe -> %SystemRoot%\epsuninst.exe -> Marcelo Bona Boff [Ver = 3.7.0.1 | Size = 278668 bytes | Created Date = 7/29/2008 23:45:49 | Attr = ]
LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 8/22/2008 10:19:30 | Attr = ]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
Msiosd.ini -> %SystemRoot%\Msiosd.ini -> [Ver = | Size = 245 bytes | Created Date = 8/20/2008 12:18:00 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Created Date = 8/12/2008 21:37:10 | Attr = ]
PrimoPDF4 -> %SystemRoot%\PrimoPDF4 -> [Folder | Created Date = 8/12/2008 11:13:22 | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 7/28/2008 09:45:31 | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 867 bytes | Created Date = 8/8/2008 15:44:11 | Attr = ]

OTScanIt part 2
============
[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 222 bytes | Modified Date = 8/21/2008 23:08:14 | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 8/22/2008 10:32:41 | Attr = HS]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 8/20/2008 08:13:26 | Attr = ]
hpfr3420.xml -> %SystemDrive%\hpfr3420.xml -> [Ver = | Size = 525 bytes | Modified Date = 8/20/2008 07:42:03 | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 8/22/2008 10:31:32 | Attr = R ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 8/10/2008 09:51:41 | Attr = HS]
Storage -> %SystemDrive%\Storage -> [Folder | Modified Date = 8/20/2008 13:59:51 | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 8/20/2008 09:37:46 | Attr = HS]
temp -> %SystemDrive%\temp -> [Folder | Modified Date = 8/19/2008 09:31:42 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 8/22/2008 10:21:30 | Attr = ]
ati2erec.dll -> %SystemRoot%\System32\drivers\ati2erec.dll -> ATI Technologies Inc. [Ver = 1.0.0.13 | Size = 53248 bytes | Modified Date = 7/31/2008 21:39:50 | Attr = ]
dvd43llh.sys -> %SystemRoot%\System32\drivers\dvd43llh.sys -> RIF [Ver = 3.5.000 | Size = 18816 bytes | Modified Date = 8/12/2008 14:44:40 | Attr = ]
etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 8/20/2008 12:22:59 | Attr = ]
2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp ->
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 260845 bytes | Modified Date = 8/20/2008 12:22:59 | Attr = R ]
hosts.20080723-185304.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080723-185304.backup -> [Ver = | Size = 253037 bytes | Modified Date = 7/23/2008 16:16:36 | Attr = R ]
hosts.20080727-230209.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080727-230209.backup -> [Ver = | Size = 255759 bytes | Modified Date = 7/23/2008 18:53:04 | Attr = R ]
hosts.20080728-132819.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080728-132819.backup -> [Ver = | Size = 255759 bytes | Modified Date = 7/27/2008 23:02:09 | Attr = R ]
hosts.20080728-200049.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080728-200049.backup -> [Ver = | Size = 255759 bytes | Modified Date = 7/28/2008 13:28:19 | Attr = R ]
hosts.20080729-152821.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080729-152821.backup -> [Ver = | Size = 255759 bytes | Modified Date = 7/28/2008 20:00:50 | Attr = R ]
hosts.20080729-234559.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080729-234559.backup -> [Ver = | Size = 255759 bytes | Modified Date = 7/29/2008 15:28:21 | Attr = R ]
hosts.20080730-104236.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080730-104236.backup -> [Ver = | Size = 255759 bytes | Modified Date = 7/29/2008 23:45:59 | Attr = R ]
hosts.20080730-104807.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080730-104807.backup -> [Ver = | Size = 255759 bytes | Modified Date = 7/30/2008 10:42:36 | Attr = R ]
hosts.20080804-121656.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080804-121656.backup -> [Ver = | Size = 256771 bytes | Modified Date = 7/30/2008 10:48:07 | Attr = R ]
hosts.20080805-133206.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080805-133206.backup -> [Ver = | Size = 256771 bytes | Modified Date = 8/4/2008 12:16:56 | Attr = R ]
hosts.20080808-143951.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080808-143951.backup -> [Ver = | Size = 256771 bytes | Modified Date = 8/5/2008 13:32:06 | Attr = R ]
hosts.20080808-232744.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080808-232744.backup -> [Ver = | Size = 257781 bytes | Modified Date = 8/8/2008 14:39:51 | Attr = R ]
hosts.20080808-232959.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080808-232959.backup -> [Ver = | Size = 257786 bytes | Modified Date = 8/8/2008 23:27:44 | Attr = R ]
hosts.20080811-173329.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080811-173329.backup -> [Ver = | Size = 257786 bytes | Modified Date = 8/8/2008 23:29:59 | Attr = R ]
hosts.20080812-201316.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080812-201316.backup -> [Ver = | Size = 257786 bytes | Modified Date = 8/11/2008 17:33:29 | Attr = R ]
hosts.20080813-064934.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080813-064934.backup -> [Ver = | Size = 257786 bytes | Modified Date = 8/12/2008 20:13:16 | Attr = R ]
hosts.20080815-115445.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080815-115445.backup -> [Ver = | Size = 257786 bytes | Modified Date = 8/13/2008 06:49:34 | Attr = R ]
hosts.20080817-234412.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080817-234412.backup -> [Ver = | Size = 257786 bytes | Modified Date = 8/15/2008 11:54:46 | Attr = R ]
hosts.20080818-184452.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080818-184452.backup -> [Ver = | Size = 259293 bytes | Modified Date = 8/17/2008 23:44:12 | Attr = R ]
hosts.20080819-065451.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080819-065451.backup -> [Ver = | Size = 259293 bytes | Modified Date = 8/18/2008 18:44:52 | Attr = R ]
hosts.20080819-110853.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080819-110853.backup -> [Ver = | Size = 259293 bytes | Modified Date = 8/19/2008 06:54:51 | Attr = R ]
hosts.20080819-115419.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080819-115419.backup -> [Ver = | Size = 259293 bytes | Modified Date = 8/19/2008 11:08:53 | Attr = R ]
hosts.20080819-115654.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080819-115654.backup -> [Ver = | Size = 259293 bytes | Modified Date = 8/19/2008 11:54:19 | Attr = R ]
hosts.20080819-132843.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080819-132843.backup -> [Ver = | Size = 259293 bytes | Modified Date = 8/19/2008 11:56:54 | Attr = R ]
hosts.20080820-012705.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080820-012705.backup -> [Ver = | Size = 259293 bytes | Modified Date = 8/19/2008 13:28:43 | Attr = R ]
hosts.20080820-080308.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080820-080308.backup -> [Ver = | Size = 259293 bytes | Modified Date = 8/20/2008 01:27:05 | Attr = R ]
hosts.20080820-084530.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080820-084530.backup -> [Ver = | Size = 260845 bytes | Modified Date = 8/20/2008 08:03:08 | Attr = R ]
hosts.20080820-084659.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080820-084659.backup -> [Ver = | Size = 260845 bytes | Modified Date = 8/20/2008 08:45:30 | Attr = R ]
hosts.20080820-090817.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080820-090817.backup -> [Ver = | Size = 260845 bytes | Modified Date = 8/20/2008 08:46:59 | Attr = R ]
hosts.20080820-102923.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080820-102923.backup -> [Ver = | Size = 260845 bytes | Modified Date = 8/20/2008 09:08:17 | Attr = R ]
hosts.20080820-122259.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080820-122259.backup -> [Ver = | Size = 260845 bytes | Modified Date = 8/20/2008 10:29:23 | Attr = R ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 8/17/2008 15:01:14 | Attr = ]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 8/17/2008 15:01:18 | Attr = ]
Adobe -> %SystemRoot%\System32\Adobe -> [Folder | Modified Date = 7/31/2008 15:32:38 | Attr = ]
30 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
amdpcom32.dll -> %SystemRoot%\System32\amdpcom32.dll -> Advanced Micro Devices, Inc. [Ver = 6.14.10.0011 | Size = 48640 bytes | Modified Date = 7/31/2008 21:46:06 | Attr = ]
Ati2mdxx.exe -> %SystemRoot%\System32\Ati2mdxx.exe -> ATI Technologies, Inc. [Ver = 6, 14, 10, 2495 | Size = 26112 bytes | Modified Date = 7/31/2008 22:22:59 | Attr = ]
ati2sgag.exe -> %SystemRoot%\System32\ati2sgag.exe -> [Ver = 5.13.0027 | Size = 593920 bytes | Modified Date = 7/31/2008 21:05:00 | Attr = ]
ATIDDC.DLL -> %SystemRoot%\System32\ATIDDC.DLL -> ATI Technologies Inc. [Ver = 6.14.10.8 | Size = 53248 bytes | Modified Date = 7/31/2008 22:19:46 | Attr = ]
atiiiexx.dll -> %SystemRoot%\System32\atiiiexx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4006 | Size = 307200 bytes | Modified Date = 7/31/2008 21:39:09 | Attr = ]
atioglxx.dll -> %SystemRoot%\System32\atioglxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.7873 | Size = 9928704 bytes | Modified Date = 7/31/2008 23:40:05 | Attr = ]
atitvo32.dll -> %SystemRoot%\System32\atitvo32.dll -> ATI Technologies Inc. [Ver = 6.14.10.4200 | Size = 17408 bytes | Modified Date = 7/31/2008 21:40:38 | Attr = ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 8/22/2008 09:57:09 | Attr = ]
config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 8/22/2008 07:24:19 | Attr = ]
d3d8caps.dat -> %SystemRoot%\System32\d3d8caps.dat -> [Ver = | Size = 552 bytes | Modified Date = 8/20/2008 09:03:38 | Attr = ]
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 8/1/2008 20:46:45 | Attr = ]
DirectX -> %SystemRoot%\System32\DirectX -> [Folder | Modified Date = 8/16/2008 10:54:42 | Attr = ]
dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 8/22/2008 10:21:03 | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 8/22/2008 10:20:51 | Attr = ]
dyrcrkbs.exe -> %SystemRoot%\System32\dyrcrkbs.exe -> [Ver = | Size = 86016 bytes | Modified Date = 8/21/2008 08:49:11 | Attr = ]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 245512 bytes | Modified Date = 8/20/2008 15:01:39 | Attr = ]
fwxajotq.exe -> %SystemRoot%\System32\fwxajotq.exe -> [Ver = | Size = 187392 bytes | Modified Date = 8/20/2008 09:39:37 | Attr = ]
Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 8/19/2008 13:02:27 | Attr = ]
mfgdspur.exe -> %SystemRoot%\System32\mfgdspur.exe -> [Ver = | Size = 187904 bytes | Modified Date = 8/20/2008 00:34:45 | Attr = ]
NtmsData -> %SystemRoot%\System32\NtmsData -> [Folder | Modified Date = 8/9/2008 22:54:45 | Attr = ]
Oemdspif.dll -> %SystemRoot%\System32\Oemdspif.dll -> ATI Technologies, Inc. [Ver = 6.15.0500 | Size = 143360 bytes | Modified Date = 7/31/2008 22:23:07 | Attr = ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 68608 bytes | Modified Date = 8/20/2008 09:36:58 | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 436090 bytes | Modified Date = 8/20/2008 09:36:58 | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 511620 bytes | Modified Date = 8/20/2008 09:36:58 | Attr = ]
qrwvafet.exe -> %SystemRoot%\System32\qrwvafet.exe -> [Ver = | Size = 187904 bytes | Modified Date = 8/19/2008 12:34:33 | Attr = ]
ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Modified Date = 8/4/2008 07:41:26 | Attr = ]
Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 8/20/2008 13:42:29 | Attr = ]
stwbmheh.exe -> %SystemRoot%\System32\stwbmheh.exe -> [Ver = | Size = 90112 bytes | Modified Date = 8/19/2008 12:34:38 | Attr = ]
tejqnkru.exe -> %SystemRoot%\System32\tejqnkru.exe -> [Ver = | Size = 81920 bytes | Modified Date = 8/20/2008 09:40:09 | Attr = ]
ujkpepcb.exe -> %SystemRoot%\System32\ujkpepcb.exe -> [Ver = | Size = 94208 bytes | Modified Date = 8/20/2008 00:34:47 | Attr = ]
urlmon_dll.iss -> %SystemRoot%\System32\urlmon_dll.iss -> [Ver = | Size = 28 bytes | Modified Date = 8/13/2008 03:28:10 | Attr = ]
url_dll.iss -> %SystemRoot%\System32\url_dll.iss -> [Ver = | Size = 28 bytes | Modified Date = 8/13/2008 03:28:11 | Attr = ]
vobcnkdg.exe -> %SystemRoot%\System32\vobcnkdg.exe -> [Ver = | Size = 90112 bytes | Modified Date = 8/19/2008 10:26:46 | Attr = ]
wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 8/20/2008 09:37:02 | Attr = ]
wininet_dll.iss -> %SystemRoot%\System32\wininet_dll.iss -> [Ver = | Size = 28 bytes | Modified Date = 8/13/2008 03:28:12 | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 12598 bytes | Modified Date = 8/22/2008 10:00:02 | Attr = ]
zcvkhitw.exe -> %SystemRoot%\System32\zcvkhitw.exe -> [Ver = | Size = 187904 bytes | Modified Date = 8/19/2008 10:26:37 | Attr = ]
zmjarghw.exe -> %SystemRoot%\System32\zmjarghw.exe -> [Ver = | Size = 187392 bytes | Modified Date = 8/21/2008 08:49:05 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 8/13/2008 03:20:01 | Attr = H ]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 8/22/2008 10:28:19 | Attr = R S]
ATICIM.INI -> %SystemRoot%\ATICIM.INI -> [Ver = | Size = 1626 bytes | Modified Date = 8/22/2008 10:30:18 | Attr = ]
atiogl.xml -> %SystemRoot%\atiogl.xml -> [Ver = | Size = 14505 bytes | Modified Date = 7/24/2008 04:01:05 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 8/22/2008 09:56:38 | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 8/19/2008 13:02:31 | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 8/20/2008 12:18:00 | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 8/21/2008 22:30:53 | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 8/13/2008 03:14:09 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 8/13/2008 03:20:12 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 8/22/2008 10:19:31 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 8/22/2008 10:32:43 | Attr = HS]
LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 8/22/2008 10:20:28 | Attr = ]
Msiosd.ini -> %SystemRoot%\Msiosd.ini -> [Ver = | Size = 245 bytes | Modified Date = 8/22/2008 10:28:27 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 8/19/2008 21:09:04 | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 7/28/2008 20:03:16 | Attr = ]
ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 376 bytes | Modified Date = 8/19/2008 12:48:49 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 8/22/2008 10:34:15 | Attr = ]
primopdf.ini -> %SystemRoot%\primopdf.ini -> [Ver = | Size = 310 bytes | Modified Date = 8/12/2008 11:13:40 | Attr = ]
PrimoPDF4 -> %SystemRoot%\PrimoPDF4 -> [Folder | Modified Date = 8/12/2008 11:13:22 | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 8/20/2008 11:27:03 | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 7/28/2008 09:45:31 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 8/21/2008 23:08:14 | Attr = ]
system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 8/22/2008 10:21:22 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 8/15/2008 14:35:10 | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 8/22/2008 10:21:13 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 658 bytes | Modified Date = 8/21/2008 23:08:14 | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 867 bytes | Modified Date = 8/20/2008 12:20:51 | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 7/23/2008 14:11:25 | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 8/18/2008 08:06:03 | Attr = ]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 252 bytes | Modified Date = 8/22/2008 09:40:06 | Attr = ]
FRU Task #Hewlett-Packard#hp psc 1200 series#1216154082.job -> %SystemRoot%\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1216154082.job -> [Ver = | Size = 388 bytes | Modified Date = 8/15/2008 14:35:11 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 8/22/2008 09:56:40 | Attr = H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 7/15/2008 11:03:55 | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 6838 bytes | Modified Date = 8/22/2008 09:58:08 | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 6838 bytes | Modified Date = 8/22/2008 09:58:08 | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 7/15/2008 16:57:45 | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11096 bytes | Modified Date = 7/19/2008 05:28:45 | Attr = ]
C:\Documents and Settings\Jeff\Local Settings\Temp\ -> C:\Documents and Settings\Jeff\Local Settings\Temp -> [Folder | Modified Date = 8/22/2008 10:32:47 | Attr = ]
Perflib_Perfdata_14bc.dat -> C:\Documents and Settings\Jeff\Local Settings\Temp\Perflib_Perfdata_14bc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/22/2008 10:22:04 | Attr = ]
32 C:\Documents and Settings\Jeff\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\*.tmp ->
C:\WINDOWS\Temp\MSNMoney.cab.1141415870\ -> C:\WINDOWS\Temp\MSNMoney.cab.1141415870 -> [Folder | Modified Date = 8/20/2008 23:47:55 | Attr = ]
StockItem.dll -> C:\WINDOWS\Temp\MSNMoney.cab.1141415870\StockItem.dll -> Microsoft Corporation [Ver = 1, 0, 0, 1 | Size = 118496 bytes | Modified Date = 3/3/2006 12:06:14 | Attr = ]
C:\WINDOWS\Temp\MSNWeather.cab.1148489786\ -> C:\WINDOWS\Temp\MSNWeather.cab.1148489786 -> [Folder | Modified Date = 8/20/2008 23:47:55 | Attr = ]
WeatherItem.dll -> C:\WINDOWS\Temp\MSNWeather.cab.1148489786\WeatherItem.dll -> Microsoft Corp. [Ver = 1.0.2125.0 | Size = 237352 bytes | Modified Date = 5/24/2006 10:52:12 | Attr = ]
C:\WINDOWS\Temp\WLGamesTbExt.cab.1142545476\ -> C:\WINDOWS\Temp\WLGamesTbExt.cab.1142545476 -> [Folder | Modified Date = 8/20/2008 23:47:55 | Attr = ]
WLGamesTbExt.dll -> C:\WINDOWS\Temp\WLGamesTbExt.cab.1142545476\WLGamesTbExt.dll -> Microsoft Corporation [Ver = 9.4.3934.1 | Size = 126176 bytes | Modified Date = 3/16/2006 15:24:06 | Attr = ]
WLGamesTbExtResource.dll -> C:\WINDOWS\Temp\WLGamesTbExt.cab.1142545476\WLGamesTbExtResource.dll -> Microsoft Corporation [Ver = 9.4.3934.1 | Size = 18144 bytes | Modified Date = 3/16/2006 15:24:06 | Attr = ]

< End of report >
[/code]

Open OTScanIt.

Paste text below to Paste Fix here (upper right corner)


[Processes - Non-Microsoft Only]
YY -> befcjsre.exe -> %AllUsersProfile%\Application Data\jglarihg\befcjsre.exe
[Registry - Non-Microsoft Only]
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YY -> {0DBA5C92-6B53-53A1-29F6-0BC89BF2002F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\pzaotbe\DbCmdMnt.dll [DbCmdMnt]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YY -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\l2QzGq0hBa -> %AllUsersProfile%\Application Data\jglarihg\befcjsre.exe [C:\Documents and Settings\All Users\Application Data\jglarihg\befcjsre.exe]
[Files/Folders - Created Within 30 days]
NY -> dyrcrkbs.exe -> %SystemRoot%\System32\dyrcrkbs.exe
NY -> fwxajotq.exe -> %SystemRoot%\System32\fwxajotq.exe
NY -> mfgdspur.exe -> %SystemRoot%\System32\mfgdspur.exe
NY -> qrwvafet.exe -> %SystemRoot%\System32\qrwvafet.exe
NY -> stwbmheh.exe -> %SystemRoot%\System32\stwbmheh.exe
NY -> tejqnkru.exe -> %SystemRoot%\System32\tejqnkru.exe
NY -> ujkpepcb.exe -> %SystemRoot%\System32\ujkpepcb.exe
NY -> vobcnkdg.exe -> %SystemRoot%\System32\vobcnkdg.exe
NY -> zcvkhitw.exe -> %SystemRoot%\System32\zcvkhitw.exe
NY -> zmjarghw.exe -> %SystemRoot%\System32\zmjarghw.exe
NY -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 days]
NY -> fwxajotq.exe -> %SystemRoot%\System32\fwxajotq.exe
NY -> mfgdspur.exe -> %SystemRoot%\System32\mfgdspur.exe
NY -> qrwvafet.exe -> %SystemRoot%\System32\qrwvafet.exe
NY -> stwbmheh.exe -> %SystemRoot%\System32\stwbmheh.exe
NY -> tejqnkru.exe -> %SystemRoot%\System32\tejqnkru.exe
NY -> ujkpepcb.exe -> %SystemRoot%\System32\ujkpepcb.exe
NY -> zcvkhitw.exe -> %SystemRoot%\System32\zcvkhitw.exe
NY -> zmjarghw.exe -> %SystemRoot%\System32\zmjarghw.exe

Click Run Fix

If it doesn't run scan automatically, click Run Scan

Delete these afterwards:

C:\Documents and Settings\All Users\Application Data\jglarihg\
C:\Program Files\pzaotbe\

Empty Recycle Bin.

Post back a fresh OTScanIt log, please.

[code]
OTScanIt logfile created on: 8/22/2008 10:58:37
OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Jeff\Desktop\OTScanIt
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 62.89% Memory free
3.85 Gb Paging File | 3.07 Gb Available in Paging File | 79.79% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 6.44 Gb Free Space | 8.64% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 3.00 Gb Free Space | 0.64% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 14.91 Gb Free Space | 10.00% Space Free | Partition Type: NTFS
Drive F: | 149.05 Gb Total Space | 113.00 Gb Free Space | 75.82% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASH000000000002
Current User Name: Jeff
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4203 | Size = 573440 bytes | Modified Date = 7/31/2008 22:21:05 | Attr = ]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4203 | Size = 573440 bytes | Modified Date = 7/31/2008 22:21:05 | Attr = ]
nhksrv.exe -> %ProgramFiles%\Netropa\Multimedia Keyboard\nhksrv.exe -> [Ver = | Size = 28672 bytes | Modified Date = 8/6/2001 06:41:48 | Attr = ]
blackd.exe -> %ProgramFiles%\ISS\Proventia Desktop\blackd.exe -> Internet Security Systems, Inc. [Ver = 8.0.812.1913 | Size = 2011473 bytes | Modified Date = 1/16/2007 14:37:16 | Attr = ]
ctsvccda.exe -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 01:01:00 | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.14.19.1 | Size = 73728 bytes | Modified Date = 7/30/2008 10:47:24 | Attr = ]
ramaint.exe -> %ProgramFiles%\LogMeIn\x86\ramaint.exe -> LogMeIn, Inc. [Ver = 4.0.734 | Size = 116032 bytes | Modified Date = 5/28/2008 12:32:34 | Attr = ]
logmein.exe -> %ProgramFiles%\LogMeIn\x86\LogMeIn.exe -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63040 bytes | Modified Date = 2/28/2008 15:31:50 | Attr = ]
lmiguardian.exe -> %ProgramFiles%\LogMeIn\x86\LMIGuardian.exe -> LogMeIn, Inc. [Ver = 8.0.734 | Size = 87360 bytes | Modified Date = 5/28/2008 12:32:30 | Attr = ]
frameworkservice.exe -> %ProgramFiles%\McAfee\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 104000 bytes | Modified Date = 12/19/2006 11:24:50 | Attr = ]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.2.116.x86 | Size = 144960 bytes | Modified Date = 8/13/2007 20:50:00 | Attr = ]
vstskmgr.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\vstskmgr.exe -> McAfee, Inc. [Ver = 8.5.0.857 | Size = 54608 bytes | Modified Date = 8/13/2007 20:50:00 | Attr = ]
nbservice.exe -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBService.exe -> Nero AG [Ver = 3, 1, 0, 0 | Size = 853288 bytes | Modified Date = 9/20/2007 08:51:46 | Attr = ]
rapapp.exe -> %ProgramFiles%\ISS\Proventia Desktop\RapApp.exe -> Internet Security Systems, Inc. [Ver = 8.0.812.0 | Size = 844126 bytes | Modified Date = 9/13/2006 16:59:06 | Attr = ]
naprdmgr.exe -> %ProgramFiles%\McAfee\Common Framework\naPrdMgr.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 136768 bytes | Modified Date = 12/19/2006 11:27:54 | Attr = ]
richvideo.exe -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 8/8/2005 13:54:00 | Attr = ]
vpatch.exe -> %ProgramFiles%\ISS\Proventia Desktop\vpatch.exe -> Internet Security Systems, Inc. [Ver = 8.0.812.0 | Size = 426333 bytes | Modified Date = 9/13/2006 16:59:06 | Attr = ]
ctsysvol.exe -> %ProgramFiles%\Creative\SBAudigy\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.4.8.0 | Size = 57344 bytes | Modified Date = 10/31/2005 10:51:52 | Attr = ]
taskswitch.exe -> %SystemRoot%\system32\TaskSwitch.exe -> [Ver = | Size = 45632 bytes | Modified Date = 3/19/2002 17:30:00 | Attr = ]
logmeinsystray.exe -> %ProgramFiles%\LogMeIn\x86\LogMeInSystray.exe -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63048 bytes | Modified Date = 2/28/2008 15:31:50 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 04:27:04 | Attr = ]
wirelesskb.exe -> %SystemRoot%\WirelessKB\WirelessKB.exe -> [Ver = 1, 0, 0, 1 | Size = 38268 bytes | Modified Date = 11/30/2006 08:33:32 | Attr = ]
lmiguardian.exe -> %ProgramFiles%\LogMeIn\x86\LMIGuardian.exe -> LogMeIn, Inc. [Ver = 8.0.734 | Size = 87360 bytes | Modified Date = 5/28/2008 12:32:30 | Attr = ]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0910 | Size = 30208 bytes | Modified Date = 12/7/2005 22:57:00 | Attr = ]
dvd43_tray.exe -> %ProgramFiles%\dvd43\DVD43_Tray.exe -> [Ver = 4.3.1.0 | Size = 826880 bytes | Modified Date = 4/9/2008 10:00:54 | Attr = ]
shstat.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\shstat.exe -> McAfee, Inc. [Ver = 8.5.0.871 | Size = 111952 bytes | Modified Date = 8/13/2007 20:50:00 | Attr = ]
udaterui.exe -> %ProgramFiles%\McAfee\Common Framework\UdaterUI.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 136768 bytes | Modified Date = 12/19/2006 11:27:00 | Attr = ]
mmkeybd.exe -> %ProgramFiles%\Netropa\Multimedia Keyboard\MMKeybd.exe -> Netropa Corp. [Ver = 1.00 | Size = 176128 bytes | Modified Date = 7/12/2002 00:22:58 | Attr = ]
mom.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\MOM.exe -> Advanced Micro Devices Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 7/17/2007 11:13:56 | Attr = ]
mctray.exe -> %ProgramFiles%\McAfee\Common Framework\Mctray.exe -> McAfee, Inc. [Ver = 1.0.0.125 | Size = 86016 bytes | Modified Date = 12/19/2006 15:06:00 | Attr = ]
osd.exe -> %ProgramFiles%\Netropa\Onscreen Display\osd.exe -> Netropa Corp. [Ver = 2.02 | Size = 90112 bytes | Modified Date = 11/14/2001 04:03:12 | Attr = ]
idman.exe -> %ProgramFiles%\Internet Download Manager\IDMan.exe -> Tonec Inc. [Ver = 5.14.3.0 | Size = 2610608 bytes | Modified Date = 7/29/2008 08:18:04 | Attr = ]
lightscribecontrolpanel.exe -> %CommonProgramFiles%\LightScribe\LightScribeControlPanel.exe -> Hewlett-Packard Company [Ver = 1.14.19.1 | Size = 2363392 bytes | Modified Date = 7/30/2008 10:41:46 | Attr = ]
iemonitor.exe -> %ProgramFiles%\Internet Download Manager\IEMonitor.exe -> Tonec Inc. [Ver = 5, 12, 8, 0 | Size = 251312 bytes | Modified Date = 2/18/2008 07:01:01 | Attr = ]
hqfsxqrk.exe -> %SystemRoot%\system32\hqfsxqrk.exe -> File not found
hpohmr08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.170 | Size = 147456 bytes | Modified Date = 12/2/2002 21:08:34 | Attr = ]
hpotdd01.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 40960 bytes | Modified Date = 12/2/2002 20:56:10 | Attr = ]
nqdizyti.exe -> %SystemRoot%\system32\nqdizyti.exe -> [Ver = | Size = 102400 bytes | Modified Date = 8/22/2008 10:46:19 | Attr = ]
blackice.exe -> %ProgramFiles%\ISS\Proventia Desktop\blackice.exe -> Internet Security Systems, Inc. [Ver = 8.0.812.0 | Size = 1536346 bytes | Modified Date = 9/13/2006 16:59:12 | Attr = ]
winmanager.exe -> %ProgramFiles%\PC-TV\WinManager\WinManager.exe -> [Ver = 1, 0, 0, 1 | Size = 57344 bytes | Modified Date = 5/26/2005 04:30:46 | Attr = ]
hpoevm08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.170 | Size = 282624 bytes | Modified Date = 12/2/2002 20:30:02 | Attr = ]
hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 5, 0, 5, 3 | Size = 65536 bytes | Modified Date = 11/27/2002 05:30:30 | Attr = ]
hposts08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hposts08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.170 | Size = 307200 bytes | Modified Date = 12/2/2002 20:41:48 | Attr = ]
ccc.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CCC.exe -> ATI Technologies Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 7/17/2007 11:13:34 | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 09:29:54 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4203 | Size = 573440 bytes | Modified Date = 7/31/2008 22:21:05 | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [Ver = 5.13.0027 | Size = 593920 bytes | Modified Date = 7/31/2008 21:05:00 | Attr = ]
(BlackICE) BlackICE [Win32_Own | Unknown | Running] -> -> File not found
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 01:01:00 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 4/13/2008 18:12:17 | Attr = ]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.14.19.1 | Size = 73728 bytes | Modified Date = 7/30/2008 10:47:24 | Attr = ]
(LMIMaint) LogMeIn Maintenance Service [Win32_Own | Auto | Running] -> %ProgramFiles%\LogMeIn\x86\ramaint.exe -> LogMeIn, Inc. [Ver = 4.0.734 | Size = 116032 bytes | Modified Date = 5/28/2008 12:32:34 | Attr = ]
(LogMeIn) LogMeIn [Win32_Own | Auto | Running] -> %ProgramFiles%\LogMeIn\x86\LogMeIn.exe -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63040 bytes | Modified Date = 2/28/2008 15:31:50 | Attr = ]
(McAfeeFramework) McAfee Framework Service [Win32_Own | Unknown | Running] -> %ProgramFiles%\McAfee\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 104000 bytes | Modified Date = 12/19/2006 11:24:50 | Attr = ]
(McShield) McAfee McShield [Win32_Own | Unknown | Running] -> %ProgramFiles%\McAfee\VirusScan Enterprise\mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.2.116.x86 | Size = 144960 bytes | Modified Date = 8/13/2007 20:50:00 | Attr = ]
(McTaskManager) McAfee Task Manager [Win32_Own | Unknown | Running] -> %ProgramFiles%\McAfee\VirusScan Enterprise\vstskmgr.exe -> McAfee, Inc. [Ver = 8.5.0.857 | Size = 54608 bytes | Modified Date = 8/13/2007 20:50:00 | Attr = ]
(Nero BackItUp Scheduler 3) Nero BackItUp Scheduler 3 [Win32_Own | Auto | Running] -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBService.exe -> Nero AG [Ver = 3, 1, 0, 0 | Size = 853288 bytes | Modified Date = 9/20/2007 08:51:46 | Attr = ]
(nhksrv) Netropa NHK Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Netropa\Multimedia Keyboard\nhksrv.exe -> [Ver = | Size = 28672 bytes | Modified Date = 8/6/2001 06:41:48 | Attr = ]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Nero\Lib\NMIndexingService.exe -> Nero AG [Ver = 3.1.4.0 | Size = 382248 bytes | Modified Date = 11/15/2007 12:43:04 | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 5, 0, 5, 3 | Size = 65536 bytes | Modified Date = 11/27/2002 05:30:30 | Attr = ]
(RapApp) RapApp [Win32_Own | Unknown | Running] -> -> File not found
(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 8/8/2005 13:54:00 | Attr = ]
(VPatch) ISS Buffer Overflow Exploit Prevention [Win32_Own | Unknown | Running] -> -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
CoolSwitch -> %SystemRoot%\system32\TaskSwitch.exe [C:\WINDOWS\system32\taskswitch.exe] -> [Ver = | Size = 45632 bytes | Modified Date = 3/19/2002 17:30:00 | Attr = ]
CTSysVol -> %ProgramFiles%\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r] -> Creative Technology Ltd [Ver = 1.4.8.0 | Size = 57344 bytes | Modified Date = 10/31/2005 10:51:52 | Attr = ]
CTXFIREG -> [CTxfiReg.exe] -> File not found
dvd43 -> %ProgramFiles%\dvd43\DVD43_Tray.exe [C:\Program Files\dvd43\dvd43_tray.exe] -> [Ver = 4.3.1.0 | Size = 826880 bytes | Modified Date = 4/9/2008 10:00:54 | Attr = ]
LanguageShortcut -> %ProgramFiles%\CyberLink\PowerDVD\Language\Language.exe ["C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"] -> [Ver = 1, 0, 1613, 0 | Size = 49152 bytes | Modified Date = 4/13/2006 11:09:00 | Attr = ]
LogMeIn GUI -> %ProgramFiles%\LogMeIn\x86\LogMeInSystray.exe ["C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"] -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63048 bytes | Modified Date = 2/28/2008 15:31:50 | Attr = ]
McAfeeUpdaterUI -> %ProgramFiles%\McAfee\Common Framework\UdaterUI.exe ["C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey] -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 136768 bytes | Modified Date = 12/19/2006 11:27:00 | Attr = ]
MULTIMEDIA KEYBOARD -> %ProgramFiles%\Netropa\Multimedia Keyboard\MMKeybd.exe [C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe] -> Netropa Corp. [Ver = 1.00 | Size = 176128 bytes | Modified Date = 7/12/2002 00:22:58 | Attr = ]
NBKeyScan -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBKeyScan.exe ["C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"] -> Nero AG [Ver = 3, 1, 0, 0 | Size = 1836328 bytes | Modified Date = 9/20/2007 08:51:46 | Attr = ]
NeroFilterCheck -> %CommonProgramFiles%\Nero\Lib\NeroCheck.exe [C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe] -> Nero AG [Ver = 1, 0, 0, 6 | Size = 153136 bytes | Modified Date = 3/1/2007 14:57:24 | Attr = ]
Network Associates Error Reporting Service -> %CommonProgramFiles%\Network Associates\TalkBack\tbmon.exe ["C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"] -> File not found
P17Helper -> %SystemRoot%\system32\P17.dll [Rundll32 P17.dll,P17Helper] -> [Ver = 1.0.1.107 | Size = 81408 bytes | Modified Date = 3/17/2006 16:11:56 | Attr = ]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe ["C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"] -> Cyberlink Corp. [Ver = 5.00.0910 | Size = 30208 bytes | Modified Date = 12/7/2005 22:57:00 | Attr = ]
ShStatEXE -> %ProgramFiles%\McAfee\VirusScan Enterprise\shstat.exe ["C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE] -> McAfee, Inc. [Ver = 8.5.0.871 | Size = 111952 bytes | Modified Date = 8/13/2007 20:50:00 | Attr = ]
SpybotSnD -> %ProgramFiles%\Spybot - Search & Destroy\SpybotSD.exe ["C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart] -> Safer Networking Limited [Ver = 1, 6, 0, 31 | Size = 4891984 bytes | Modified Date = 7/30/2008 14:45:42 | Attr = ]
StandardKeyboard -> %SystemRoot%\WirelessKB\WirelessKB.exe [C:\WINDOWS\WIRELE~1\WirelessKB.exe] -> [Ver = 1, 0, 0, 1 | Size = 38268 bytes | Modified Date = 11/30/2006 08:33:32 | Attr = ]
StartCCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> Advanced Micro Devices, Inc. [Ver = 1, 0, 0, 1 | Size = 61440 bytes | Modified Date = 7/16/2008 16:57:18 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 04:27:04 | Attr = ]
UpdReg -> %SystemRoot%\Updreg.EXE [C:\WINDOWS\UpdReg.EXE] -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 5/11/2000 01:00:00 | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Nero\Lib\NMBgMonitor.exe ["C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"] -> Nero AG [Ver = 3.1.4.0 | Size = 202024 bytes | Modified Date = 11/15/2007 12:42:34 | Attr = ]
IDMan -> %ProgramFiles%\Internet Download Manager\IDMan.exe [C:\Program Files\Internet Download Manager\IDMan.exe /onboot] -> Tonec Inc. [Ver = 5.14.3.0 | Size = 2610608 bytes | Modified Date = 7/29/2008 08:18:04 | Attr = ]
LightScribe Control Panel -> %CommonProgramFiles%\LightScribe\LightScribeControlPanel.exe [C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden] -> Hewlett-Packard Company [Ver = 1.14.19.1 | Size = 2363392 bytes | Modified Date = 7/30/2008 10:41:46 | Attr = ]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 6, 2, 23 | Size = 1832272 bytes | Modified Date = 8/18/2008 18:41:00 | Attr = RHS]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\hp psc 1000 series.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.170 | Size = 147456 bytes | Modified Date = 12/2/2002 21:08:34 | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\hpoddt01.exe.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 40960 bytes | Modified Date = 12/2/2002 20:56:10 | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\Proventia Desktop Agent.lnk -> -> File not found
%AllUsersProfile%\Start Menu\Programs\Startup\WinManager.lnk -> %ProgramFiles%\PC-TV\WinManager\WinManager.exe -> [Ver = 1, 0, 0, 1 | Size = 57344 bytes | Modified Date = 5/26/2005 04:30:46 | Attr = ]
< Jeff Startup Folder > -> C:\Documents and Settings\Jeff\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\TCLOCKEX.EXE.lnk -> E:\BackUp\Setups\TClockEx\TCLOCKEX.EXE -> Dale Nurden [Ver = 1.4.2 | Size = 89088 bytes | Modified Date = 3/15/2005 17:46:02 | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
msapsspc.dll schannel.dll digest.dll msnsspc.dll -> -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/13/2008 18:12:19 | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 18:12:38 | Attr = ]
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/13/2008 18:12:24 | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 18:12:05 | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/13/2008 18:12:41 | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4177 | Size = 143360 bytes | Modified Date = 7/31/2008 22:22:34 | Attr = ]
LMIinit -> %SystemRoot%\system32\LMIinit.dll -> LogMeIn, Inc. [Ver = 4.0.734 | Size = 87352 bytes | Modified Date = 5/28/2008 12:32:54 | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit -> 01 00 00 00 [binary data] ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 12:40:46 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomASUS_DRW-2014L1T________________________1.02____\5&1dcdbe85&0&0.1.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomATAPI_DVD_A__DH-3H20A___________________YX13____\5&2e1850c8&0&0.1.0 ->
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 7/15/2008 10:58:10 | Attr = ]
autoexec.bat [REM Dummy file for NTVDM | ] -> D:\autoexec.bat [ NTFS ] -> [Ver = | Size = 24 bytes | Modified Date = 9/18/2006 15:43:36 | Attr = ]
< HOSTS File > (260845 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://google.com/ ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4767 domain(s) found. ->
44 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4766 domain(s) found. ->
43 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{0055C089-8582-441B-A0BF-17B458C2A3A8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Internet Download Manager\IDMIECC.dll [IDMIEHlprObj Class] -> Tonec Inc. [Ver = 5, 14, 3, 0 | Size = 148912 bytes | Modified Date = 7/29/2008 08:15:26 | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 23:08:42 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 09:41:58 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 04:27:02 | Attr = ]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\VirusScan Enterprise\scriptcl.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.13.3.2.116.x86 | Size = 67136 bytes | Modified Date = 8/13/2007 20:50:00 | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 04:27:02 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 04:27:02 | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 09:41:58 | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 09:41:58 | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Windows &Live Favorites -> -> File not found
Download all links with IDM -> %ProgramFiles%\Internet Download Manager\IEGetAll.htm -> [Ver = | Size = 283 bytes | Modified Date = 10/20/2003 04:13:13 | Attr = ]
Download FLV video content with IDM -> %ProgramFiles%\Internet Download Manager\IEGetVL.htm -> [Ver = | Size = 278 bytes | Modified Date = 7/2/2007 00:19:10 | Attr = ]
Download with IDM -> %ProgramFiles%\Internet Download Manager\IEExt.htm -> [Ver = | Size = 277 bytes | Modified Date = 12/2/2004 10:31:09 | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
MSDigitalLocker -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{34FA4B1C-875D-438F-BC08-BF3B74B96013} -> 192.168.1.1,192.168.2.1 (VIA Rhine II Fast Ethernet Adapter) ->
{3583D35B-FB59-4530-BF47-0B5ED42DEEB1} -> 192.168.1.1,192.168.2.1 (Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=58813[Office Genuine Advantage Validation Tool] ->
{50D05FAC-D462-4795-8818-738FCF776FBC}[HKEY_LOCAL_MACHINE] -> https://myemail.t-mobile.com/html/web/client_tools/TMobile-PwpClient.cab[Reg Error: Key does not exist or could not be opened.] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1216162484703[MUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc4.cab[Office Update Installation Engine] ->
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab[Java Plug-in 1.5.0_02] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] ->
{F6ACF75C-C32C-447B-9BEF-46B766368D29}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/softwareupdate/su/ocx/15102/CTPID.cab[Creative Software AutoUpdate Support Package] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Creative/Shared Files/Software Update/CTPID.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Creative/Shared Files/Software Update/CTPID.ocx\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Creative/Shared Files/Software Update/CTPID.ocx\\{F6ACF75C-C32C-447B-9BEF-46B766368D29} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FP_AX_CAB_INSTALLER.exe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ttinst.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ttinst.dll\\.Owner -> {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ttinst.dll\\{C02226EB-A5D7-4B1F-BD7E-635E46C2288D} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{50D05FAC-D462-4795-8818-738FCF776FBC} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/comctl32.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/comctl32.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/comctl32.dll\\{50D05FAC-D462-4795-8818-738FCF776FBC} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\.Owner -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wininet.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wininet.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wininet.dll\\{50D05FAC-D462-4795-8818-738FCF776FBC} -> ->



[Files/Folders - Created Within 30 days]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 8/22/2008 07:26:40 | Attr = ]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 8/22/2008 07:26:37 | Attr = ]
Msikbd2k.sys -> %SystemRoot%\System32\drivers\Msikbd2k.sys -> Netropa Corporation [Ver = 1.06 built by: WinDDK | Size = 6656 bytes | Created Date = 8/20/2008 12:18:00 | Attr = ]
Adobe -> %SystemRoot%\System32\Adobe -> [Folder | Created Date = 7/31/2008 15:32:38 | Attr = ]
6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
d3d8caps.dat -> %SystemRoot%\System32\d3d8caps.dat -> [Ver = | Size = 552 bytes | Created Date = 8/20/2008 09:03:38 | Attr = ]
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [Ver = | Size = 664 bytes | Created Date = 8/1/2008 20:46:45 | Attr = ]
idmmbc.dll -> %SystemRoot%\System32\idmmbc.dll -> Tonec Inc. [Ver = 5, 14, 1, 0 | Size = 206256 bytes | Created Date = 7/29/2008 08:03:25 | Attr = ]
lphclhfj0endr.exe -> %SystemRoot%\System32\lphclhfj0endr.exe -> [Ver = | Size = 195584 bytes | Created Date = 8/22/2008 10:46:12 | Attr = ]
Msikbd.dll -> %SystemRoot%\System32\Msikbd.dll -> Netropa Corp. [Ver = 2.00 | Size = 98304 bytes | Created Date = 8/20/2008 12:17:59 | Attr = ]
msiosd32.dll -> %SystemRoot%\System32\msiosd32.dll -> [Ver = | Size = 28672 bytes | Created Date = 8/20/2008 12:17:59 | Attr = ]
nqdizyti.exe -> %SystemRoot%\System32\nqdizyti.exe -> [Ver = | Size = 102400 bytes | Created Date = 8/22/2008 10:46:18 | Attr = ]
NtmsData -> %SystemRoot%\System32\NtmsData -> [Folder | Created Date = 8/9/2008 22:53:39 | Attr = ]
Primomonnt.dll -> %SystemRoot%\System32\Primomonnt.dll -> [Ver = | Size = 176235 bytes | Created Date = 8/12/2008 11:13:41 | Attr = ]
epsuninst.exe -> %SystemRoot%\epsuninst.exe -> Marcelo Bona Boff [Ver = 3.7.0.1 | Size = 278668 bytes | Created Date = 7/29/2008 23:45:49 | Attr = ]
Msiosd.ini -> %SystemRoot%\Msiosd.ini -> [Ver = | Size = 245 bytes | Created Date = 8/20/2008 12:18:00 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Created Date = 8/12/2008 21:37:10 | Attr = ]
PrimoPDF4 -> %SystemRoot%\PrimoPDF4 -> [Folder | Created Date = 8/12/2008 11:13:22 | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 7/28/2008 09:45:31 | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 867 bytes | Created Date = 8/8/2008 15:44:11 | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 222 bytes | Modified Date = 8/22/2008 10:48:57 | Attr = RHS]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 8/20/2008 08:13:26 | Attr = ]
hpfr3420.xml -> %SystemDrive%\hpfr3420.xml -> [Ver = | Size = 525 bytes | Modified Date = 8/20/2008 07:42:03 | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 8/22/2008 10:31:32 | Attr = R ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 8/10/2008 09:51:41 | Attr = HS]
Storage -> %SystemDrive%\Storage -> [Folder | Modified Date = 8/20/2008 13:59:51 | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 8/20/2008 09:37:46 | Attr = HS]
temp -> %SystemDrive%\temp -> [Folder | Modified Date = 8/19/2008 09:31:42 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 8/22/2008 10:57:42 | Attr = ]
ati2erec.dll -> %SystemRoot%\System32\drivers\ati2erec.dll -> ATI Technologies Inc. [Ver = 1.0.0.13 | Size = 53248 bytes | Modified Date = 7/31/2008 21:39:50 | Attr = ]
ati2mtag.sys -> %SystemRoot%\System32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6844 | Size = 3266560 bytes | Modified Date = 8/1/2008 00:38:20 | Attr = ]
dvd43llh.sys -> %SystemRoot%\System32\drivers\dvd43llh.sys -> RIF [Ver = 3.5.000 | Size = 18816 bytes | Modified Date = 8/12/2008 14:44:40 | Attr = ]
etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 8/22/2008 10:52:06 | Attr = ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 260845 bytes | Modified Date = 8/22/2008 10:52:06 | Attr = R ]
hosts.20080723-185304.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080723-185304.backup -> [Ver = | Size = 253037 bytes | Modified Date = 7/23/2008 16:16:36 | Attr = R ]
hosts.20080727-230209.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080727-230209.backup -> [Ver = | Size = 255759 bytes | Modified Date = 7/23/2008 18:53:04 | Attr = R ]
hosts.20080728-132819.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080728-132819.backup -> [Ver = | Size = 255759 bytes | Modified Date = 7/27/2008 23:02:09 | Attr = R ]
hosts.20080728-200049.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080728-200049.backup -> [Ver = | Size = 255759 bytes | Modified Date = 7/28/2008 13:28:19 | Attr = R ]
hosts.20080729-152821.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080729-152821.backup -> [Ver = | Size = 255759 bytes | Modified Date = 7/28/2008 20:00:50 | Attr = R ]
hosts.20080729-234559.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080729-234559.backup -> [Ver = | Size = 255759 bytes | Modified Date = 7/29/2008 15:28:21 | Attr = R ]
hosts.20080730-104236.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080730-104236.backup -> [Ver = | Size = 255759 bytes | Modified Date = 7/29/2008 23:45:59 | Attr = R ]
hosts.20080730-104807.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080730-104807.backup -> [Ver = | Size = 255759 bytes | Modified Date = 7/30/2008 10:42:36 | Attr = R ]
hosts.20080804-121656.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080804-121656.backup -> [Ver = | Size = 256771 bytes | Modified Date = 7/30/2008 10:48:07 | Attr = R ]
hosts.20080805-133206.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080805-133206.backup -> [Ver = | Size = 256771 bytes | Modified Date = 8/4/2008 12:16:56 | Attr = R ]
hosts.20080808-143951.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080808-143951.backup -> [Ver = | Size = 256771 bytes | Modified Date = 8/5/2008 13:32:06 | Attr = R ]
hosts.20080808-232744.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080808-232744.backup -> [Ver = | Size = 257781 bytes | Modified Date = 8/8/2008 14:39:51 | Attr = R ]
hosts.20080808-232959.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080808-232959.backup -> [Ver = | Size = 257786 bytes | Modified Date = 8/8/2008 23:27:44 | Attr = R ]
hosts.20080811-173329.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080811-173329.backup -> [Ver = | Size = 257786 bytes | Modified Date = 8/8/2008 23:29:59 | Attr = R ]
hosts.20080812-201316.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080812-201316.backup -> [Ver = | Size = 257786 bytes | Modified Date = 8/11/2008 17:33:29 | Attr = R ]
hosts.20080813-064934.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080813-064934.backup -> [Ver = | Size = 257786 bytes | Modified Date = 8/12/2008 20:13:16 | Attr = R ]
hosts.20080815-115445.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080815-115445.backup -> [Ver = | Size = 257786 bytes | Modified Date = 8/13/2008 06:49:34 | Attr = R ]
hosts.20080817-234412.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080817-234412.backup -> [Ver = | Size = 257786 bytes | Modified Date = 8/15/2008 11:54:46 | Attr = R ]
hosts.20080818-184452.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080818-184452.backup -> [Ver = | Size = 259293 bytes | Modified Date = 8/17/2008 23:44:12 | Attr = R ]
hosts.20080819-065451.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080819-065451.backup -> [Ver = | Size = 259293 bytes | Modified Date = 8/18/2008 18:44:52 | Attr = R ]
hosts.20080819-110853.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080819-110853.backup -> [Ver = | Size = 259293 bytes | Modified Date = 8/19/2008 06:54:51 | Attr = R ]
hosts.20080819-115419.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080819-115419.backup -> [Ver = | Size = 259293 bytes | Modified Date = 8/19/2008 11:08:53 | Attr = R ]
hosts.20080819-115654.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080819-115654.backup -> [Ver = | Size = 259293 bytes | Modified Date = 8/19/2008 11:54:19 | Attr = R ]
hosts.20080819-132843.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080819-132843.backup -> [Ver = | Size = 259293 bytes | Modified Date = 8/19/2008 11:56:54 | Attr = R ]
hosts.20080820-012705.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080820-012705.backup -> [Ver = | Size = 259293 bytes | Modified Date = 8/19/2008 13:28:43 | Attr = R ]
hosts.20080820-080308.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080820-080308.backup -> [Ver = | Size = 259293 bytes | Modified Date = 8/20/2008 01:27:05 | Attr = R ]
hosts.20080820-084530.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080820-084530.backup -> [Ver = | Size = 260845 bytes | Modified Date = 8/20/2008 08:03:08 | Attr = R ]
hosts.20080820-084659.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080820-084659.backup -> [Ver = | Size = 260845 bytes | Modified Date = 8/20/2008 08:45:30 | Attr = R ]
hosts.20080820-090817.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080820-090817.backup -> [Ver = | Size = 260845 bytes | Modified Date = 8/20/2008 08:46:59 | Attr = R ]
hosts.20080820-102923.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080820-102923.backup -> [Ver = | Size = 260845 bytes | Modified Date = 8/20/2008 09:08:17 | Attr = R ]
hosts.20080820-122259.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080820-122259.backup -> [Ver = | Size = 260845 bytes | Modified Date = 8/20/2008 10:29:23 | Attr = R ]
hosts.20080822-105206.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080822-105206.backup -> [Ver = | Size = 260845 bytes | Modified Date = 8/20/2008 12:22:59 | Attr = R ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 8/17/2008 15:01:14 | Attr = ]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 8/17/2008 15:01:18 | Attr = ]
Adobe -> %SystemRoot%\System32\Adobe -> [Folder | Modified Date = 7/31/2008 15:32:38 | Attr = ]
6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
amdpcom32.dll -> %SystemRoot%\System32\amdpcom32.dll -> Advanced Micro Devices, Inc. [Ver = 6.14.10.0011 | Size = 48640 bytes | Modified Date = 7/31/2008 21:46:06 | Attr = ]
ati2cqag.dll -> %SystemRoot%\System32\ati2cqag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0387 | Size = 561152 bytes | Modified Date = 7/31/2008 21:34:13 | Attr = ]
ati2dvag.dll -> %SystemRoot%\System32\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.14.10.6844 | Size = 311296 bytes | Modified Date = 7/31/2008 22:32:35 | Attr = ]
ati2edxx.dll -> %SystemRoot%\System32\ati2edxx.dll -> ATI Technologies, Inc. [Ver = 6, 14, 10, 2513 | Size = 43520 bytes | Modified Date = 7/31/2008 22:22:50 | Attr = ]
ati2evxx.dll -> %SystemRoot%\System32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4177 | Size = 143360 bytes | Modified Date = 7/31/2008 22:22:34 | Attr = ]
ati2evxx.exe -> %SystemRoot%\System32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4203 | Size = 573440 bytes | Modified Date = 7/31/2008 22:21:05 | Attr = ]
Ati2mdxx.exe -> %SystemRoot%\System32\Ati2mdxx.exe -> ATI Technologies, Inc. [Ver = 6, 14, 10, 2495 | Size = 26112 bytes | Modified Date = 7/31/2008 22:22:59 | Attr = ]
ati2sgag.exe -> %SystemRoot%\System32\ati2sgag.exe -> [Ver = 5.13.0027 | Size = 593920 bytes | Modified Date = 7/31/2008 21:05:00 | Attr = ]
ati3duag.dll -> %SystemRoot%\System32\ati3duag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0603 | Size = 3917568 bytes | Modified Date = 7/31/2008 22:10:42 | Attr = ]
atiadlxx.dll -> %SystemRoot%\System32\atiadlxx.dll -> Advanced Micro Devices, Inc. [Ver = 6.14.10.1009 | Size = 35328 bytes | Modified Date = 7/31/2008 21:40:49 | Attr = ]
ATIDDC.DLL -> %SystemRoot%\System32\ATIDDC.DLL -> ATI Technologies Inc. [Ver = 6.14.10.8 | Size = 53248 bytes | Modified Date = 7/31/2008 22:19:46 | Attr = ]
ATIDEMGX.dll -> %SystemRoot%\System32\ATIDEMGX.dll -> Advanced Micro Devices, Inc. [Ver = 2.0.3134.42416 | Size = 425984 bytes | Modified Date = 7/31/2008 22:33:54 | Attr = ]
atiiiexx.dll -> %SystemRoot%\System32\atiiiexx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4006 | Size = 307200 bytes | Modified Date = 7/31/2008 21:39:09 | Attr = ]
atikvmag.dll -> %SystemRoot%\System32\atikvmag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0084 | Size = 376832 bytes | Modified Date = 7/31/2008 21:42:09 | Attr = ]
atioglxx.dll -> %SystemRoot%\System32\atioglxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.7873 | Size = 9928704 bytes | Modified Date = 7/31/2008 23:40:05 | Attr = ]
atiok3x2.dll -> %SystemRoot%\System32\atiok3x2.dll -> ATI Technologies Inc. [Ver = 6.14.10.7873 | Size = 253952 bytes | Modified Date = 7/31/2008 22:58:18 | Attr = ]
atipdlxx.dll -> %SystemRoot%\System32\atipdlxx.dll -> ATI Technologies, Inc. [Ver = 6, 14, 10, 2538 | Size = 184320 bytes | Modified Date = 7/31/2008 22:23:20 | Attr = ]
atitvo32.dll -> %SystemRoot%\System32\atitvo32.dll -> ATI Technologies Inc. [Ver = 6.14.10.4200 | Size = 17408 bytes | Modified Date = 7/31/2008 21:40:38 | Attr = ]
ativvaxx.cap -> %SystemRoot%\System32\ativvaxx.cap -> [Ver = | Size = 3568 bytes | Modified Date = 8/22/2008 10:42:56 | Attr = ]
ativvaxx.dll -> %SystemRoot%\System32\ativvaxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.0196 | Size = 2183552 bytes | Modified Date = 7/31/2008 21:59:32 | Attr = ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 8/22/2008 09:57:09 | Attr = ]
config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 8/22/2008 07:24:19 | Attr = ]
d3d8caps.dat -> %SystemRoot%\System32\d3d8caps.dat -> [Ver = | Size = 552 bytes | Modified Date = 8/20/2008 09:03:38 | Attr = ]
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 8/1/2008 20:46:45 | Attr = ]
DirectX -> %SystemRoot%\System32\DirectX -> [Folder | Modified Date = 8/16/2008 10:54:42 | Attr = ]
dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 8/22/2008 10:21:03 | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 8/22/2008 10:42:50 | Attr = ]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 245512 bytes | Modified Date = 8/20/2008 15:01:39 | Attr = ]
lphclhfj0endr.exe -> %SystemRoot%\System32\lphclhfj0endr.exe -> [Ver = | Size = 195584 bytes | Modified Date = 8/22/2008 10:46:14 | Attr = ]
Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 8/19/2008 13:02:27 | Attr = ]
nqdizyti.exe -> %SystemRoot%\System32\nqdizyti.exe -> [Ver = | Size = 102400 bytes | Modified Date = 8/22/2008 10:46:19 | Attr = ]
NtmsData -> %SystemRoot%\System32\NtmsData -> [Folder | Modified Date = 8/9/2008 22:54:45 | Attr = ]
Oemdspif.dll -> %SystemRoot%\System32\Oemdspif.dll -> ATI Technologies, Inc. [Ver = 6.15.0500 | Size = 143360 bytes | Modified Date = 7/31/2008 22:23:07 | Attr = ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 68608 bytes | Modified Date = 8/20/2008 09:36:58 | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 436090 bytes | Modified Date = 8/20/2008 09:36:58 | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 511620 bytes | Modified Date = 8/20/2008 09:36:58 | Attr = ]
ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Modified Date = 8/4/2008 07:41:26 | Attr = ]
Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 8/20/2008 13:42:29 | Attr = ]
urlmon_dll.iss -> %SystemRoot%\System32\urlmon_dll.iss -> [Ver = | Size = 28 bytes | Modified Date = 8/13/2008 03:28:10 | Attr = ]
url_dll.iss -> %SystemRoot%\System32\url_dll.iss -> [Ver = | Size = 28 bytes | Modified Date = 8/13/2008 03:28:11 | Attr = ]
wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 8/20/2008 09:37:02 | Attr = ]
wininet_dll.iss -> %SystemRoot%\System32\wininet_dll.iss -> [Ver = | Size = 28 bytes | Modified Date = 8/13/2008 03:28:12 | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 12598 bytes | Modified Date = 8/22/2008 10:45:03 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 8/13/2008 03:20:01 | Attr = H ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 8/22/2008 10:28:19 | Attr = R S]
atiogl.xml -> %SystemRoot%\atiogl.xml -> [Ver = | Size = 14505 bytes | Modified Date = 7/24/2008 04:01:05 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 8/22/2008 10:42:57 | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 8/19/2008 13:02:31 | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 8/20/2008 12:18:00 | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 8/21/2008 22:30:53 | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 8/13/2008 03:14:09 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 8/13/2008 03:20:12 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 8/22/2008 10:19:31 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 8/22/2008 10:46:56 | Attr = HS]
Msiosd.ini -> %SystemRoot%\Msiosd.ini -> [Ver = | Size = 245 bytes | Modified Date = 8/22/2008 10:49:57 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 8/19/2008 21:09:04 | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 7/28/2008 20:03:16 | Attr = ]
ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 376 bytes | Modified Date = 8/19/2008 12:48:49 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 8/22/2008 10:55:51 | Attr = ]
primopdf.ini -> %SystemRoot%\primopdf.ini -> [Ver = | Size = 310 bytes | Modified Date = 8/12/2008 11:13:40 | Attr = ]
PrimoPDF4 -> %SystemRoot%\PrimoPDF4 -> [Folder | Modified Date = 8/12/2008 11:13:22 | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 8/20/2008 11:27:03 | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 7/28/2008 09:45:31 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 8/22/2008 10:48:57 | Attr = ]
system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 8/22/2008 10:57:42 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 8/15/2008 14:35:10 | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 8/22/2008 10:45:34 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 658 bytes | Modified Date = 8/22/2008 10:48:57 | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 867 bytes | Modified Date = 8/20/2008 12:20:51 | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 7/23/2008 14:11:25 | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 8/18/2008 08:06:03 | Attr = ]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 252 bytes | Modified Date = 8/22/2008 10:40:02 | Attr = ]
FRU Task #Hewlett-Packard#hp psc 1200 series#1216154082.job -> %SystemRoot%\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1216154082.job -> [Ver = | Size = 388 bytes | Modified Date = 8/15/2008 14:35:11 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 8/22/2008 10:43:00 | Attr = H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 7/15/2008 11:03:55 | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 6838 bytes | Modified Date = 8/22/2008 10:44:23 | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 6838 bytes | Modified Date = 8/22/2008 10:44:23 | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 7/15/2008 16:57:45 | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11096 bytes | Modified Date = 7/19/2008 05:28:45 | Attr = ]
C:\Documents and Settings\Jeff\Local Settings\Temp\ -> C:\Documents and Settings\Jeff\Local Settings\Temp -> [Folder | Modified Date = 8/22/2008 10:56:00 | Attr = ]
cmdcom.dll -> C:\Documents and Settings\Jeff\Local Settings\Temp\cmdcom.dll -> [Ver = | Size = 98304 bytes | Modified Date = 8/22/2008 10:46:21 | Attr = ]
33 C:\Documents and Settings\Jeff\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\*.tmp ->
C:\WINDOWS\Temp\MSNMoney.cab.1141415870\ -> C:\WINDOWS\Temp\MSNMoney.cab.1141415870 -> [Folder | Modified Date = 8/20/2008 23:47:55 | Attr = ]
StockItem.dll -> C:\WINDOWS\Temp\MSNMoney.cab.1141415870\StockItem.dll -> Microsoft Corporation [Ver = 1, 0, 0, 1 | Size = 118496 bytes | Modified Date = 3/3/2006 12:06:14 | Attr = ]
C:\WINDOWS\Temp\MSNWeather.cab.1148489786\ -> C:\WINDOWS\Temp\MSNWeather.cab.1148489786 -> [Folder | Modified Date = 8/20/2008 23:47:55 | Attr = ]
WeatherItem.dll -> C:\WINDOWS\Temp\MSNWeather.cab.1148489786\WeatherItem.dll -> Microsoft Corp. [Ver = 1.0.2125.0 | Size = 237352 bytes | Modified Date = 5/24/2006 10:52:12 | Attr = ]
C:\WINDOWS\Temp\WLGamesTbExt.cab.1142545476\ -> C:\WINDOWS\Temp\WLGamesTbExt.cab.1142545476 -> [Folder | Modified Date = 8/20/2008 23:47:55 | Attr = ]
WLGamesTbExt.dll -> C:\WINDOWS\Temp\WLGamesTbExt.cab.1142545476\WLGamesTbExt.dll -> Microsoft Corporation [Ver = 9.4.3934.1 | Size = 126176 bytes | Modified Date = 3/16/2006 15:24:06 | Attr = ]
WLGamesTbExtResource.dll -> C:\WINDOWS\Temp\WLGamesTbExt.cab.1142545476\WLGamesTbExtResource.dll -> Microsoft Corporation [Ver = 9.4.3934.1 | Size = 18144 bytes | Modified Date = 3/16/2006 15:24:06 | Attr = ]

< End of report >
[/code]

Looks like another round is needed.

Use this as fix this time as post back a fresh OTScanIt log, please:

[Processes - Non-Microsoft Only]
YY -> nqdizyti.exe -> %SystemRoot%\system32\nqdizyti.exe
[Files/Folders - Created Within 30 days]
NY -> 6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> lphclhfj0endr.exe -> %SystemRoot%\System32\lphclhfj0endr.exe
NY -> nqdizyti.exe -> %SystemRoot%\System32\nqdizyti.exe
[Files/Folders - Modified Within 30 days]
NY -> 6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> lphclhfj0endr.exe -> %SystemRoot%\System32\lphclhfj0endr.exe
NY -> nqdizyti.exe -> %SystemRoot%\System32\nqdizyti.exe
NY -> 33 C:\Documents and Settings\Jeff\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\*.tmp

OTScanIt logfile created on: 8/22/2008 12:13:33
OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Jeff\Desktop\OTScanIt
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.77% Memory free
3.85 Gb Paging File | 3.49 Gb Available in Paging File | 90.79% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 6.37 Gb Free Space | 8.55% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 3.00 Gb Free Space | 0.64% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 15.17 Gb Free Space | 10.18% Space Free | Partition Type: NTFS
Drive F: | 149.05 Gb Total Space | 113.00 Gb Free Space | 75.82% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASH000000000002
Current User Name: Jeff
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4203 | Size = 573440 bytes | Modified Date = 7/31/2008 22:21:05 | Attr = ]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4203 | Size = 573440 bytes | Modified Date = 7/31/2008 22:21:05 | Attr = ]
nhksrv.exe -> %ProgramFiles%\Netropa\Multimedia Keyboard\nhksrv.exe -> [Ver = | Size = 28672 bytes | Modified Date = 8/6/2001 06:41:48 | Attr = ]
blackd.exe -> %ProgramFiles%\ISS\Proventia Desktop\blackd.exe -> Internet Security Systems, Inc. [Ver = 8.0.812.1913 | Size = 2011473 bytes | Modified Date = 1/16/2007 14:37:16 | Attr = ]
ctsvccda.exe -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 01:01:00 | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.14.19.1 | Size = 73728 bytes | Modified Date = 7/30/2008 10:47:24 | Attr = ]
ramaint.exe -> %ProgramFiles%\LogMeIn\x86\ramaint.exe -> LogMeIn, Inc. [Ver = 4.0.734 | Size = 116032 bytes | Modified Date = 5/28/2008 12:32:34 | Attr = ]
logmein.exe -> %ProgramFiles%\LogMeIn\x86\LogMeIn.exe -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63040 bytes | Modified Date = 2/28/2008 15:31:50 | Attr = ]
lmiguardian.exe -> %ProgramFiles%\LogMeIn\x86\LMIGuardian.exe -> LogMeIn, Inc. [Ver = 8.0.734 | Size = 87360 bytes | Modified Date = 5/28/2008 12:32:30 | Attr = ]
frameworkservice.exe -> %ProgramFiles%\McAfee\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 104000 bytes | Modified Date = 12/19/2006 11:24:50 | Attr = ]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.2.116.x86 | Size = 144960 bytes | Modified Date = 8/13/2007 20:50:00 | Attr = ]
vstskmgr.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\vstskmgr.exe -> McAfee, Inc. [Ver = 8.5.0.857 | Size = 54608 bytes | Modified Date = 8/13/2007 20:50:00 | Attr = ]
nbservice.exe -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBService.exe -> Nero AG [Ver = 3, 1, 0, 0 | Size = 853288 bytes | Modified Date = 9/20/2007 08:51:46 | Attr = ]
naprdmgr.exe -> %ProgramFiles%\McAfee\Common Framework\naPrdMgr.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 136768 bytes | Modified Date = 12/19/2006 11:27:54 | Attr = ]
rapapp.exe -> %ProgramFiles%\ISS\Proventia Desktop\RapApp.exe -> Internet Security Systems, Inc. [Ver = 8.0.812.0 | Size = 844126 bytes | Modified Date = 9/13/2006 16:59:06 | Attr = ]
richvideo.exe -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 8/8/2005 13:54:00 | Attr = ]
vpatch.exe -> %ProgramFiles%\ISS\Proventia Desktop\vpatch.exe -> Internet Security Systems, Inc. [Ver = 8.0.812.0 | Size = 426333 bytes | Modified Date = 9/13/2006 16:59:06 | Attr = ]
ctsysvol.exe -> %ProgramFiles%\Creative\SBAudigy\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.4.8.0 | Size = 57344 bytes | Modified Date = 10/31/2005 10:51:52 | Attr = ]
taskswitch.exe -> %SystemRoot%\system32\TaskSwitch.exe -> [Ver = | Size = 45632 bytes | Modified Date = 3/19/2002 17:30:00 | Attr = ]
logmeinsystray.exe -> %ProgramFiles%\LogMeIn\x86\LogMeInSystray.exe -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63048 bytes | Modified Date = 2/28/2008 15:31:50 | Attr = ]
lmiguardian.exe -> %ProgramFiles%\LogMeIn\x86\LMIGuardian.exe -> LogMeIn, Inc. [Ver = 8.0.734 | Size = 87360 bytes | Modified Date = 5/28/2008 12:32:30 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 04:27:04 | Attr = ]
wirelesskb.exe -> %SystemRoot%\WirelessKB\WirelessKB.exe -> [Ver = 1, 0, 0, 1 | Size = 38268 bytes | Modified Date = 11/30/2006 08:33:32 | Attr = ]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0910 | Size = 30208 bytes | Modified Date = 12/7/2005 22:57:00 | Attr = ]
dvd43_tray.exe -> %ProgramFiles%\dvd43\DVD43_Tray.exe -> [Ver = 4.3.1.0 | Size = 826880 bytes | Modified Date = 4/9/2008 10:00:54 | Attr = ]
shstat.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\shstat.exe -> McAfee, Inc. [Ver = 8.5.0.871 | Size = 111952 bytes | Modified Date = 8/13/2007 20:50:00 | Attr = ]
udaterui.exe -> %ProgramFiles%\McAfee\Common Framework\UdaterUI.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 136768 bytes | Modified Date = 12/19/2006 11:27:00 | Attr = ]
mmkeybd.exe -> %ProgramFiles%\Netropa\Multimedia Keyboard\MMKeybd.exe -> Netropa Corp. [Ver = 1.00 | Size = 176128 bytes | Modified Date = 7/12/2002 00:22:58 | Attr = ]
mom.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\MOM.exe -> Advanced Micro Devices Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 7/17/2007 11:13:56 | Attr = ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 6, 2, 23 | Size = 1832272 bytes | Modified Date = 8/18/2008 18:41:00 | Attr = RHS]
idman.exe -> %ProgramFiles%\Internet Download Manager\IDMan.exe -> Tonec Inc. [Ver = 5.14.3.0 | Size = 2610608 bytes | Modified Date = 7/29/2008 08:18:04 | Attr = ]
mctray.exe -> %ProgramFiles%\McAfee\Common Framework\Mctray.exe -> McAfee, Inc. [Ver = 1.0.0.125 | Size = 86016 bytes | Modified Date = 12/19/2006 15:06:00 | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 09:29:54 | Attr = ]
osd.exe -> %ProgramFiles%\Netropa\Onscreen Display\osd.exe -> Netropa Corp. [Ver = 2.02 | Size = 90112 bytes | Modified Date = 11/14/2001 04:03:12 | Attr = ]
lightscribecontrolpanel.exe -> %CommonProgramFiles%\LightScribe\LightScribeControlPanel.exe -> Hewlett-Packard Company [Ver = 1.14.19.1 | Size = 2363392 bytes | Modified Date = 7/30/2008 10:41:46 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4203 | Size = 573440 bytes | Modified Date = 7/31/2008 22:21:05 | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [Ver = 5.13.0027 | Size = 593920 bytes | Modified Date = 7/31/2008 21:05:00 | Attr = ]
(BlackICE) BlackICE [Win32_Own | Unknown | Running] -> -> File not found
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 01:01:00 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 4/13/2008 18:12:17 | Attr = ]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.14.19.1 | Size = 73728 bytes | Modified Date = 7/30/2008 10:47:24 | Attr = ]
(LMIMaint) LogMeIn Maintenance Service [Win32_Own | Auto | Running] -> %ProgramFiles%\LogMeIn\x86\ramaint.exe -> LogMeIn, Inc. [Ver = 4.0.734 | Size = 116032 bytes | Modified Date = 5/28/2008 12:32:34 | Attr = ]
(LogMeIn) LogMeIn [Win32_Own | Auto | Running] -> %ProgramFiles%\LogMeIn\x86\LogMeIn.exe -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63040 bytes | Modified Date = 2/28/2008 15:31:50 | Attr = ]
(McAfeeFramework) McAfee Framework Service [Win32_Own | Unknown | Running] -> %ProgramFiles%\McAfee\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 104000 bytes | Modified Date = 12/19/2006 11:24:50 | Attr = ]
(McShield) McAfee McShield [Win32_Own | Unknown | Running] -> %ProgramFiles%\McAfee\VirusScan Enterprise\mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.2.116.x86 | Size = 144960 bytes | Modified Date = 8/13/2007 20:50:00 | Attr = ]
(McTaskManager) McAfee Task Manager [Win32_Own | Unknown | Running] -> %ProgramFiles%\McAfee\VirusScan Enterprise\vstskmgr.exe -> McAfee, Inc. [Ver = 8.5.0.857 | Size = 54608 bytes | Modified Date = 8/13/2007 20:50:00 | Attr = ]
(Nero BackItUp Scheduler 3) Nero BackItUp Scheduler 3 [Win32_Own | Auto | Running] -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBService.exe -> Nero AG [Ver = 3, 1, 0, 0 | Size = 853288 bytes | Modified Date = 9/20/2007 08:51:46 | Attr = ]
(nhksrv) Netropa NHK Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Netropa\Multimedia Keyboard\nhksrv.exe -> [Ver = | Size = 28672 bytes | Modified Date = 8/6/2001 06:41:48 | Attr = ]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Nero\Lib\NMIndexingService.exe -> Nero AG [Ver = 3.1.4.0 | Size = 382248 bytes | Modified Date = 11/15/2007 12:43:04 | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 5, 0, 5, 3 | Size = 65536 bytes | Modified Date = 11/27/2002 05:30:30 | Attr = ]
(RapApp) RapApp [Win32_Own | Unknown | Running] -> -> File not found
(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 8/8/2005 13:54:00 | Attr = ]
(VPatch) ISS Buffer Overflow Exploit Prevention [Win32_Own | Unknown | Running] -> -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
CoolSwitch -> %SystemRoot%\system32\TaskSwitch.exe [C:\WINDOWS\system32\taskswitch.exe] -> [Ver = | Size = 45632 bytes | Modified Date = 3/19/2002 17:30:00 | Attr = ]
CTSysVol -> %ProgramFiles%\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r] -> Creative Technology Ltd [Ver = 1.4.8.0 | Size = 57344 bytes | Modified Date = 10/31/2005 10:51:52 | Attr = ]
CTXFIREG -> [CTxfiReg.exe] -> File not found
dvd43 -> %ProgramFiles%\dvd43\DVD43_Tray.exe [C:\Program Files\dvd43\dvd43_tray.exe] -> [Ver = 4.3.1.0 | Size = 826880 bytes | Modified Date = 4/9/2008 10:00:54 | Attr = ]
LanguageShortcut -> %ProgramFiles%\CyberLink\PowerDVD\Language\Language.exe ["C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"] -> [Ver = 1, 0, 1613, 0 | Size = 49152 bytes | Modified Date = 4/13/2006 11:09:00 | Attr = ]
LogMeIn GUI -> %ProgramFiles%\LogMeIn\x86\LogMeInSystray.exe ["C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"] -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63048 bytes | Modified Date = 2/28/2008 15:31:50 | Attr = ]
McAfeeUpdaterUI -> %ProgramFiles%\McAfee\Common Framework\UdaterUI.exe ["C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey] -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 136768 bytes | Modified Date = 12/19/2006 11:27:00 | Attr = ]
MULTIMEDIA KEYBOARD -> %ProgramFiles%\Netropa\Multimedia Keyboard\MMKeybd.exe [C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe] -> Netropa Corp. [Ver = 1.00 | Size = 176128 bytes | Modified Date = 7/12/2002 00:22:58 | Attr = ]
NBKeyScan -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBKeyScan.exe ["C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"] -> Nero AG [Ver = 3, 1, 0, 0 | Size = 1836328 bytes | Modified Date = 9/20/2007 08:51:46 | Attr = ]
NeroFilterCheck -> %CommonProgramFiles%\Nero\Lib\NeroCheck.exe [C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe] -> Nero AG [Ver = 1, 0, 0, 6 | Size = 153136 bytes | Modified Date = 3/1/2007 14:57:24 | Attr = ]
Network Associates Error Reporting Service -> %CommonProgramFiles%\Network Associates\TalkBack\tbmon.exe ["C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"] -> File not found
P17Helper -> %SystemRoot%\system32\P17.dll [Rundll32 P17.dll,P17Helper] -> [Ver = 1.0.1.107 | Size = 81408 bytes | Modified Date = 3/17/2006 16:11:56 | Attr = ]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe ["C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"] -> Cyberlink Corp. [Ver = 5.00.0910 | Size = 30208 bytes | Modified Date = 12/7/2005 22:57:00 | Attr = ]
ShStatEXE -> %ProgramFiles%\McAfee\VirusScan Enterprise\shstat.exe ["C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE] -> McAfee, Inc. [Ver = 8.5.0.871 | Size = 111952 bytes | Modified Date = 8/13/2007 20:50:00 | Attr = ]
SpybotSnD -> %ProgramFiles%\Spybot - Search & Destroy\SpybotSD.exe ["C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart] -> Safer Networking Limited [Ver = 1, 6, 0, 31 | Size = 4891984 bytes | Modified Date = 7/30/2008 14:45:42 | Attr = ]
StandardKeyboard -> %SystemRoot%\WirelessKB\WirelessKB.exe [C:\WINDOWS\WIRELE~1\WirelessKB.exe] -> [Ver = 1, 0, 0, 1 | Size = 38268 bytes | Modified Date = 11/30/2006 08:33:32 | Attr = ]
StartCCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> Advanced Micro Devices, Inc. [Ver = 1, 0, 0, 1 | Size = 61440 bytes | Modified Date = 7/16/2008 16:57:18 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 04:27:04 | Attr = ]
UpdReg -> %SystemRoot%\Updreg.EXE [C:\WINDOWS\UpdReg.EXE] -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 5/11/2000 01:00:00 | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Nero\Lib\NMBgMonitor.exe ["C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"] -> Nero AG [Ver = 3.1.4.0 | Size = 202024 bytes | Modified Date = 11/15/2007 12:42:34 | Attr = ]
IDMan -> %ProgramFiles%\Internet Download Manager\IDMan.exe [C:\Program Files\Internet Download Manager\IDMan.exe /onboot] -> Tonec Inc. [Ver = 5.14.3.0 | Size = 2610608 bytes | Modified Date = 7/29/2008 08:18:04 | Attr = ]
LightScribe Control Panel -> %CommonProgramFiles%\LightScribe\LightScribeControlPanel.exe [C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden] -> Hewlett-Packard Company [Ver = 1.14.19.1 | Size = 2363392 bytes | Modified Date = 7/30/2008 10:41:46 | Attr = ]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 6, 2, 23 | Size = 1832272 bytes | Modified Date = 8/18/2008 18:41:00 | Attr = RHS]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\hp psc 1000 series.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.170 | Size = 147456 bytes | Modified Date = 12/2/2002 21:08:34 | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\hpoddt01.exe.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 40960 bytes | Modified Date = 12/2/2002 20:56:10 | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\Proventia Desktop Agent.lnk -> -> File not found
%AllUsersProfile%\Start Menu\Programs\Startup\WinManager.lnk -> %ProgramFiles%\PC-TV\WinManager\WinManager.exe -> [Ver = 1, 0, 0, 1 | Size = 57344 bytes | Modified Date = 5/26/2005 04:30:46 | Attr = ]
< Jeff Startup Folder > -> C:\Documents and Settings\Jeff\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\TCLOCKEX.EXE.lnk -> E:\BackUp\Setups\TClockEx\TCLOCKEX.EXE -> Dale Nurden [Ver = 1.4.2 | Size = 89088 bytes | Modified Date = 3/15/2005 17:46:02 | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
msapsspc.dll schannel.dll digest.dll msnsspc.dll -> -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/13/2008 18:12:19 | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 18:12:38 | Attr = ]
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/13/2008 18:12:24 | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 18:12:05 | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/13/2008 18:12:41 | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4177 | Size = 143360 bytes | Modified Date = 7/31/2008 22:22:34 | Attr = ]
LMIinit -> %SystemRoot%\system32\LMIinit.dll -> LogMeIn, Inc. [Ver = 4.0.734 | Size = 87352 bytes | Modified Date = 5/28/2008 12:32:54 | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit -> 01 00 00 00 [binary data] ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 12:40:46 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomASUS_DRW-2014L1T________________________1.02____\5&1dcdbe85&0&0.1.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomATAPI_DVD_A__DH-3H20A___________________YX13____\5&2e1850c8&0&0.1.0 ->
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 7/15/2008 10:58:10 | Attr = ]
autoexec.bat [REM Dummy file for NTVDM | ] -> D:\autoexec.bat [ NTFS ] -> [Ver = | Size = 24 bytes | Modified Date = 9/18/2006 15:43:36 | Attr = ]
< HOSTS File > (260845 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://google.com/ ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4767 domain(s) found. ->
44 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4766 domain(s) found. ->
43 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{0055C089-8582-441B-A0BF-17B458C2A3A8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Internet Download Manager\IDMIECC.dll [IDMIEHlprObj Class] -> Tonec Inc. [Ver = 5, 14, 3, 0 | Size = 148912 bytes | Modified Date = 7/29/2008 08:15:26 | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 23:08:42 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 09:41:58 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 04:27:02 | Attr = ]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\VirusScan Enterprise\scriptcl.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.13.3.2.116.x86 | Size = 67136 bytes | Modified Date = 8/13/2007 20:50:00 | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 04:27:02 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 04:27:02 | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 09:41:58 | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 09:41:58 | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Windows &Live Favorites -> -> File not found
Download all links with IDM -> %ProgramFiles%\Internet Download Manager\IEGetAll.htm -> [Ver = | Size = 283 bytes | Modified Date = 10/20/2003 04:13:13 | Attr = ]
Download FLV video content with IDM -> %ProgramFiles%\Internet Download Manager\IEGetVL.htm -> [Ver = | Size = 278 bytes | Modified Date = 7/2/2007 00:19:10 | Attr = ]
Download with IDM -> %ProgramFiles%\Internet Download Manager\IEExt.htm -> [Ver = | Size = 277 bytes | Modified Date = 12/2/2004 10:31:09 | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
MSDigitalLocker -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{34FA4B1C-875D-438F-BC08-BF3B74B96013} -> 192.168.1.1,192.168.2.1 (VIA Rhine II Fast Ethernet Adapter) ->
{3583D35B-FB59-4530-BF47-0B5ED42DEEB1} -> 192.168.1.1,192.168.2.1 (Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=58813[Office Genuine Advantage Validation Tool] ->
{50D05FAC-D462-4795-8818-738FCF776FBC}[HKEY_LOCAL_MACHINE] -> https://myemail.t-mobile.com/html/web/client_tools/TMobile-PwpClient.cab[Reg Error: Key does not exist or could not be opened.] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1216162484703[MUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc4.cab[Office Update Installation Engine] ->
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab[Java Plug-in 1.5.0_02] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] ->
{F6ACF75C-C32C-447B-9BEF-46B766368D29}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/softwareupdate/su/ocx/15102/CTPID.cab[Creative Software AutoUpdate Support Package] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Creative/Shared Files/Software Update/CTPID.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Creative/Shared Files/Software Update/CTPID.ocx\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Creative/Shared Files/Software Update/CTPID.ocx\\{F6ACF75C-C32C-447B-9BEF-46B766368D29} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FP_AX_CAB_INSTALLER.exe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ttinst.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ttinst.dll\\.Owner -> {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ttinst.dll\\{C02226EB-A5D7-4B1F-BD7E-635E46C2288D} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{50D05FAC-D462-4795-8818-738FCF776FBC} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/comctl32.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/comctl32.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/comctl32.dll\\{50D05FAC-D462-4795-8818-738FCF776FBC} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\.Owner -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wininet.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wininet.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wininet.dll\\{50D05FAC-D462-4795-8818-738FCF776FBC} -> ->



[Files/Folders - Created Within 30 days]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 8/22/2008 07:26:40 | Attr = ]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 8/22/2008 07:26:37 | Attr = ]
Msikbd2k.sys -> %SystemRoot%\System32\drivers\Msikbd2k.sys -> Netropa Corporation [Ver = 1.06 built by: WinDDK | Size = 6656 bytes | Created Date = 8/20/2008 12:18:00 | Attr = ]
Adobe -> %SystemRoot%\System32\Adobe -> [Folder | Created Date = 7/31/2008 15:32:38 | Attr = ]
d3d8caps.dat -> %SystemRoot%\System32\d3d8caps.dat -> [Ver = | Size = 552 bytes | Created Date = 8/20/2008 09:03:38 | Attr = ]
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [Ver = | Size = 664 bytes | Created Date = 8/1/2008 20:46:45 | Attr = ]
idmmbc.dll -> %SystemRoot%\System32\idmmbc.dll -> Tonec Inc. [Ver = 5, 14, 1, 0 | Size = 206256 bytes | Created Date = 7/29/2008 08:03:25 | Attr = ]
Msikbd.dll -> %SystemRoot%\System32\Msikbd.dll -> Netropa Corp. [Ver = 2.00 | Size = 98304 bytes | Created Date = 8/20/2008 12:17:59 | Attr = ]
msiosd32.dll -> %SystemRoot%\System32\msiosd32.dll -> [Ver = | Size = 28672 bytes | Created Date = 8/20/2008 12:17:59 | Attr = ]
NtmsData -> %SystemRoot%\System32\NtmsData -> [Folder | Created Date = 8/9/2008 22:53:39 | Attr = ]
Primomonnt.dll -> %SystemRoot%\System32\Primomonnt.dll -> [Ver = | Size = 176235 bytes | Created Date = 8/12/2008 11:13:41 | Attr = ]
epsuninst.exe -> %SystemRoot%\epsuninst.exe -> Marcelo Bona Boff [Ver = 3.7.0.1 | Size = 278668 bytes | Created Date = 7/29/2008 23:45:49 | Attr = ]
Msiosd.ini -> %SystemRoot%\Msiosd.ini -> [Ver = | Size = 245 bytes | Created Date = 8/20/2008 12:18:00 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Created Date = 8/12/2008 21:37:10 | Attr = ]
PrimoPDF4 -> %SystemRoot%\PrimoPDF4 -> [Folder | Created Date = 8/12/2008 11:13:22 | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 7/28/2008 09:45:31 | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 867 bytes | Created Date = 8/8/2008 15:44:11 | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 222 bytes | Modified Date = 8/22/2008 10:48:57 | Attr = RHS]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 8/20/2008 08:13:26 | Attr = ]
hpfr3420.xml -> %SystemDrive%\hpfr3420.xml -> [Ver = | Size = 525 bytes | Modified Date = 8/20/2008 07:42:03 | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 8/22/2008 11:01:34 | Attr = R ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 8/10/2008 09:51:41 | Attr = HS]
Storage -> %SystemDrive%\Storage -> [Folder | Modified Date = 8/20/2008 13:59:51 | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 8/20/2008 09:37:46 | Attr = HS]
temp -> %SystemDrive%\temp -> [Folder | Modified Date = 8/19/2008 09:31:42 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 8/22/2008 10:57:42 | Attr = ]
ati2erec.dll -> %SystemRoot%\System32\drivers\ati2erec.dll -> ATI Technologies Inc. [Ver = 1.0.0.13 | Size = 53248 bytes | Modified Date = 7/31/2008 21:39:50 | Attr = ]
ati2mtag.sys -> %SystemRoot%\System32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6844 | Size = 3266560 bytes | Modified Date = 8/1/2008 00:38:20 | Attr = ]
dvd43llh.sys -> %SystemRoot%\System32\drivers\dvd43llh.sys -> RIF [Ver = 3.5.000 | Size = 18816 bytes | Modified Date = 8/12/2008 14:44:40 | Attr = ]
etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 8/22/2008 10:52:06 | Attr = ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 260845 bytes | Modified Date = 8/22/2008 10:52:06 | Attr = R ]
hosts.20080723-185304.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080723-185304.backup -> [Ver = | Size = 253037 bytes | Modified Date = 7/23/2008 16:16:36 | Attr = R ]
hosts.20080727-230209.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080727-230209.backup -> [Ver = | Size = 255759 bytes | Modified Date = 7/23/2008 18:53:04 | Attr = R ]
hosts.20080728-132819.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080728-132819.backup -> [Ver = | Size = 255759 bytes | Modified Date = 7/27/2008 23:02:09 | Attr = R ]
hosts.20080728-200049.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080728-200049.backup -> [Ver = | Size = 255759 bytes | Modified Date = 7/28/2008 13:28:19 | Attr = R ]
hosts.20080729-152821.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080729-152821.backup -> [Ver = | Size = 255759 bytes | Modified Date = 7/28/2008 20:00:50 | Attr = R ]
hosts.20080729-234559.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080729-234559.backup -> [Ver = | Size = 255759 bytes | Modified Date = 7/29/2008 15:28:21 | Attr = R ]
hosts.20080730-104236.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080730-104236.backup -> [Ver = | Size = 255759 bytes | Modified Date = 7/29/2008 23:45:59 | Attr = R ]
hosts.20080730-104807.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080730-104807.backup -> [Ver = | Size = 255759 bytes | Modified Date = 7/30/2008 10:42:36 | Attr = R ]
hosts.20080804-121656.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080804-121656.backup -> [Ver = | Size = 256771 bytes | Modified Date = 7/30/2008 10:48:07 | Attr = R ]
hosts.20080805-133206.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080805-133206.backup -> [Ver = | Size = 256771 bytes | Modified Date = 8/4/2008 12:16:56 | Attr = R ]
hosts.20080808-143951.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080808-143951.backup -> [Ver = | Size = 256771 bytes | Modified Date = 8/5/2008 13:32:06 | Attr = R ]
hosts.20080808-232744.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080808-232744.backup -> [Ver = | Size = 257781 bytes | Modified Date = 8/8/2008 14:39:51 | Attr = R ]
hosts.20080808-232959.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080808-232959.backup -> [Ver = | Size = 257786 bytes | Modified Date = 8/8/2008 23:27:44 | Attr = R ]
hosts.20080811-173329.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080811-173329.backup -> [Ver = | Size = 257786 bytes | Modified Date = 8/8/2008 23:29:59 | Attr = R ]
hosts.20080812-201316.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080812-201316.backup -> [Ver = | Size = 257786 bytes | Modified Date = 8/11/2008 17:33:29 | Attr = R ]
hosts.20080813-064934.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080813-064934.backup -> [Ver = | Size = 257786 bytes | Modified Date = 8/12/2008 20:13:16 | Attr = R ]
hosts.20080815-115445.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080815-115445.backup -> [Ver = | Size = 257786 bytes | Modified Date = 8/13/2008 06:49:34 | Attr = R ]
hosts.20080817-234412.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080817-234412.backup -> [Ver = | Size = 257786 bytes | Modified Date = 8/15/2008 11:54:46 | Attr = R ]
hosts.20080818-184452.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080818-184452.backup -> [Ver = | Size = 259293 bytes | Modified Date = 8/17/2008 23:44:12 | Attr = R ]
hosts.20080819-065451.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080819-065451.backup -> [Ver = | Size = 259293 bytes | Modified Date = 8/18/2008 18:44:52 | Attr = R ]
hosts.20080819-110853.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080819-110853.backup -> [Ver = | Size = 259293 bytes | Modified Date = 8/19/2008 06:54:51 | Attr = R ]
hosts.20080819-115419.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080819-115419.backup -> [Ver = | Size = 259293 bytes | Modified Date = 8/19/2008 11:08:53 | Attr = R ]
hosts.20080819-115654.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080819-115654.backup -> [Ver = | Size = 259293 bytes | Modified Date = 8/19/2008 11:54:19 | Attr = R ]
hosts.20080819-132843.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080819-132843.backup -> [Ver = | Size = 259293 bytes | Modified Date = 8/19/2008 11:56:54 | Attr = R ]
hosts.20080820-012705.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080820-012705.backup -> [Ver = | Size = 259293 bytes | Modified Date = 8/19/2008 13:28:43 | Attr = R ]
hosts.20080820-080308.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080820-080308.backup -> [Ver = | Size = 259293 bytes | Modified Date = 8/20/2008 01:27:05 | Attr = R ]
hosts.20080820-084530.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080820-084530.backup -> [Ver = | Size = 260845 bytes | Modified Date = 8/20/2008 08:03:08 | Attr = R ]
hosts.20080820-084659.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080820-084659.backup -> [Ver = | Size = 260845 bytes | Modified Date = 8/20/2008 08:45:30 | Attr = R ]
hosts.20080820-090817.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080820-090817.backup -> [Ver = | Size = 260845 bytes | Modified Date = 8/20/2008 08:46:59 | Attr = R ]
hosts.20080820-102923.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080820-102923.backup -> [Ver = | Size = 260845 bytes | Modified Date = 8/20/2008 09:08:17 | Attr = R ]
hosts.20080820-122259.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080820-122259.backup -> [Ver = | Size = 260845 bytes | Modified Date = 8/20/2008 10:29:23 | Attr = R ]
hosts.20080822-105206.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080822-105206.backup -> [Ver = | Size = 260845 bytes | Modified Date = 8/20/2008 12:22:59 | Attr = R ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 8/17/2008 15:01:14 | Attr = ]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 8/17/2008 15:01:18 | Attr = ]
Adobe -> %SystemRoot%\System32\Adobe -> [Folder | Modified Date = 7/31/2008 15:32:38 | Attr = ]
amdpcom32.dll -> %SystemRoot%\System32\amdpcom32.dll -> Advanced Micro Devices, Inc. [Ver = 6.14.10.0011 | Size = 48640 bytes | Modified Date = 7/31/2008 21:46:06 | Attr = ]
ati2cqag.dll -> %SystemRoot%\System32\ati2cqag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0387 | Size = 561152 bytes | Modified Date = 7/31/2008 21:34:13 | Attr = ]
ati2dvag.dll -> %SystemRoot%\System32\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.14.10.6844 | Size = 311296 bytes | Modified Date = 7/31/2008 22:32:35 | Attr = ]
ati2edxx.dll -> %SystemRoot%\System32\ati2edxx.dll -> ATI Technologies, Inc. [Ver = 6, 14, 10, 2513 | Size = 43520 bytes | Modified Date = 7/31/2008 22:22:50 | Attr = ]
ati2evxx.dll -> %SystemRoot%\System32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4177 | Size = 143360 bytes | Modified Date = 7/31/2008 22:22:34 | Attr = ]
ati2evxx.exe -> %SystemRoot%\System32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4203 | Size = 573440 bytes | Modified Date = 7/31/2008 22:21:05 | Attr = ]
Ati2mdxx.exe -> %SystemRoot%\System32\Ati2mdxx.exe -> ATI Technologies, Inc. [Ver = 6, 14, 10, 2495 | Size = 26112 bytes | Modified Date = 7/31/2008 22:22:59 | Attr = ]
ati2sgag.exe -> %SystemRoot%\System32\ati2sgag.exe -> [Ver = 5.13.0027 | Size = 593920 bytes | Modified Date = 7/31/2008 21:05:00 | Attr = ]
ati3duag.dll -> %SystemRoot%\System32\ati3duag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0603 | Size = 3917568 bytes | Modified Date = 7/31/2008 22:10:42 | Attr = ]
atiadlxx.dll -> %SystemRoot%\System32\atiadlxx.dll -> Advanced Micro Devices, Inc. [Ver = 6.14.10.1009 | Size = 35328 bytes | Modified Date = 7/31/2008 21:40:49 | Attr = ]
ATIDDC.DLL -> %SystemRoot%\System32\ATIDDC.DLL -> ATI Technologies Inc. [Ver = 6.14.10.8 | Size = 53248 bytes | Modified Date = 7/31/2008 22:19:46 | Attr = ]
ATIDEMGX.dll -> %SystemRoot%\System32\ATIDEMGX.dll -> Advanced Micro Devices, Inc. [Ver = 2.0.3134.42416 | Size = 425984 bytes | Modified Date = 7/31/2008 22:33:54 | Attr = ]
atiiiexx.dll -> %SystemRoot%\System32\atiiiexx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4006 | Size = 307200 bytes | Modified Date = 7/31/2008 21:39:09 | Attr = ]
atikvmag.dll -> %SystemRoot%\System32\atikvmag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0084 | Size = 376832 bytes | Modified Date = 7/31/2008 21:42:09 | Attr = ]
atioglxx.dll -> %SystemRoot%\System32\atioglxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.7873 | Size = 9928704 bytes | Modified Date = 7/31/2008 23:40:05 | Attr = ]
atiok3x2.dll -> %SystemRoot%\System32\atiok3x2.dll -> ATI Technologies Inc. [Ver = 6.14.10.7873 | Size = 253952 bytes | Modified Date = 7/31/2008 22:58:18 | Attr = ]
atipdlxx.dll -> %SystemRoot%\System32\atipdlxx.dll -> ATI Technologies, Inc. [Ver = 6, 14, 10, 2538 | Size = 184320 bytes | Modified Date = 7/31/2008 22:23:20 | Attr = ]
atitvo32.dll -> %SystemRoot%\System32\atitvo32.dll -> ATI Technologies Inc. [Ver = 6.14.10.4200 | Size = 17408 bytes | Modified Date = 7/31/2008 21:40:38 | Attr = ]
ativvaxx.cap -> %SystemRoot%\System32\ativvaxx.cap -> [Ver = | Size = 3568 bytes | Modified Date = 8/22/2008 12:11:37 | Attr = ]
ativvaxx.dll -> %SystemRoot%\System32\ativvaxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.0196 | Size = 2183552 bytes | Modified Date = 7/31/2008 21:59:32 | Attr = ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 8/22/2008 09:57:09 | Attr = ]
config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 8/22/2008 07:24:19 | Attr = ]
d3d8caps.dat -> %SystemRoot%\System32\d3d8caps.dat -> [Ver = | Size = 552 bytes | Modified Date = 8/20/2008 09:03:38 | Attr = ]
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 8/1/2008 20:46:45 | Attr = ]
DirectX -> %SystemRoot%\System32\DirectX -> [Folder | Modified Date = 8/16/2008 10:54:42 | Attr = ]
dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 8/22/2008 10:21:03 | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 8/22/2008 10:42:50 | Attr = ]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 245512 bytes | Modified Date = 8/20/2008 15:01:39 | Attr = ]
Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 8/19/2008 13:02:27 | Attr = ]
NtmsData -> %SystemRoot%\System32\NtmsData -> [Folder | Modified Date = 8/9/2008 22:54:45 | Attr = ]
Oemdspif.dll -> %SystemRoot%\System32\Oemdspif.dll -> ATI Technologies, Inc. [Ver = 6.15.0500 | Size = 143360 bytes | Modified Date = 7/31/2008 22:23:07 | Attr = ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 68608 bytes | Modified Date = 8/20/2008 09:36:58 | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 436090 bytes | Modified Date = 8/20/2008 09:36:58 | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 511620 bytes | Modified Date = 8/20/2008 09:36:58 | Attr = ]
ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Modified Date = 8/4/2008 07:41:26 | Attr = ]
Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 8/20/2008 13:42:29 | Attr = ]
urlmon_dll.iss -> %SystemRoot%\System32\urlmon_dll.iss -> [Ver = | Size = 28 bytes | Modified Date = 8/13/2008 03:28:10 | Attr = ]
url_dll.iss -> %SystemRoot%\System32\url_dll.iss -> [Ver = | Size = 28 bytes | Modified Date = 8/13/2008 03:28:11 | Attr = ]
wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 8/20/2008 09:37:02 | Attr = ]
wininet_dll.iss -> %SystemRoot%\System32\wininet_dll.iss -> [Ver = | Size = 28 bytes | Modified Date = 8/13/2008 03:28:12 | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 12598 bytes | Modified Date = 8/22/2008 12:12:11 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 8/13/2008 03:20:01 | Attr = H ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 8/22/2008 10:28:19 | Attr = R S]
atiogl.xml -> %SystemRoot%\atiogl.xml -> [Ver = | Size = 14505 bytes | Modified Date = 7/24/2008 04:01:05 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 8/22/2008 12:11:38 | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 8/19/2008 13:02:31 | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 8/20/2008 12:18:00 | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 8/21/2008 22:30:53 | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 8/13/2008 03:14:09 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 8/13/2008 03:20:12 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 8/22/2008 10:19:31 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 8/22/2008 10:46:56 | Attr = HS]
Msiosd.ini -> %SystemRoot%\Msiosd.ini -> [Ver = | Size = 245 bytes | Modified Date = 8/22/2008 10:49:57 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 8/19/2008 21:09:04 | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 7/28/2008 20:03:16 | Attr = ]
ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 376 bytes | Modified Date = 8/19/2008 12:48:49 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 8/22/2008 12:13:38 | Attr = ]
primopdf.ini -> %SystemRoot%\primopdf.ini -> [Ver = | Size = 310 bytes | Modified Date = 8/12/2008 11:13:40 | Attr = ]
PrimoPDF4 -> %SystemRoot%\PrimoPDF4 -> [Folder | Modified Date = 8/12/2008 11:13:22 | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 8/20/2008 11:27:03 | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 7/28/2008 09:45:31 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 8/22/2008 10:48:57 | Attr = ]
system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 8/22/2008 12:09:54 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 8/15/2008 14:35:10 | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 8/22/2008 12:13:35 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 658 bytes | Modified Date = 8/22/2008 10:48:57 | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 867 bytes | Modified Date = 8/20/2008 12:20:51 | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 7/23/2008 14:11:25 | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 8/18/2008 08:06:03 | Attr = ]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 252 bytes | Modified Date = 8/22/2008 11:40:04 | Attr = ]
FRU Task #Hewlett-Packard#hp psc 1200 series#1216154082.job -> %SystemRoot%\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1216154082.job -> [Ver = | Size = 388 bytes | Modified Date = 8/15/2008 14:35:11 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 8/22/2008 12:11:40 | Attr = H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 7/15/2008 11:03:55 | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 6838 bytes | Modified Date = 8/22/2008 12:14:25 | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 6838 bytes | Modified Date = 8/22/2008 12:14:25 | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 7/15/2008 16:57:45 | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11096 bytes | Modified Date = 7/19/2008 05:28:45 | Attr = ]
C:\WINDOWS\Temp\MSNMoney.cab.1141415870\ -> C:\WINDOWS\Temp\MSNMoney.cab.1141415870 -> [Folder | Modified Date = 8/20/2008 23:47:55 | Attr = ]
StockItem.dll -> C:\WINDOWS\Temp\MSNMoney.cab.1141415870\StockItem.dll -> Microsoft Corporation [Ver = 1, 0, 0, 1 | Size = 118496 bytes | Modified Date = 3/3/2006 12:06:14 | Attr = ]
C:\WINDOWS\Temp\MSNWeather.cab.1148489786\ -> C:\WINDOWS\Temp\MSNWeather.cab.1148489786 -> [Folder | Modified Date = 8/20/2008 23:47:55 | Attr = ]
WeatherItem.dll -> C:\WINDOWS\Temp\MSNWeather.cab.1148489786\WeatherItem.dll -> Microsoft Corp. [Ver = 1.0.2125.0 | Size = 237352 bytes | Modified Date = 5/24/2006 10:52:12 | Attr = ]
C:\WINDOWS\Temp\WLGamesTbExt.cab.1142545476\ -> C:\WINDOWS\Temp\WLGamesTbExt.cab.1142545476 -> [Folder | Modified Date = 8/20/2008 23:47:55 | Attr = ]
WLGamesTbExt.dll -> C:\WINDOWS\Temp\WLGamesTbExt.cab.1142545476\WLGamesTbExt.dll -> Microsoft Corporation [Ver = 9.4.3934.1 | Size = 126176 bytes | Modified Date = 3/16/2006 15:24:06 | Attr = ]
WLGamesTbExtResource.dll -> C:\WINDOWS\Temp\WLGamesTbExt.cab.1142545476\WLGamesTbExtResource.dll -> Microsoft Corporation [Ver = 9.4.3934.1 | Size = 18144 bytes | Modified Date = 3/16/2006 15:24:06 | Attr = ]

< End of report >

Looks good :)

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, August 23, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, August 22, 2008 18:44:27
Records in database: 1124860
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 170076
Threat name: 4
Infected objects: 45
Suspicious objects: 0
Duration of the scan: 14:16:31


File name / Threat name / Threats count
C:\Documents and Settings\Jeff\Desktop\OTScanIt\MovedFiles\08222008_105736\C_WINDOWS\System32\mfgdspur.exe Infected: Trojan-Downloader.Win32.Small.abpq 1
C:\Documents and Settings\Jeff\Desktop\OTScanIt\MovedFiles\08222008_105736\C_WINDOWS\System32\qrwvafet.exe Infected: Trojan-Downloader.Win32.Small.abpq 1
C:\Documents and Settings\Jeff\Desktop\OTScanIt\MovedFiles\08222008_105736\C_WINDOWS\System32\zcvkhitw.exe Infected: Trojan-Downloader.Win32.Small.abpq 1
D:\STORAGE\Nero-8.1.1.0_eng_trial_wch.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\My Stuff\Outlook Archive\outlook.pst Infected: Email-Worm.Win32.Bagle.ai 1
E:\BackUp\Setups\Nero\Nero-8.1.1.0_eng_trial_wch.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r00 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r01 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r02 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r03 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r04 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r05 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r06 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r07 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r08 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r09 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r10 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r11 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r12 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r13 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r14 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r15 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r16 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r17 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r18 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r19 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r20 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r21 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r22 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r23 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r24 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r25 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r26 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r27 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r28 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r29 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r30 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r31 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r32 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r33 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r34 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r35 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.rar Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\Nero-8.1.1.4_eng_trial.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
E:\BackUp\Setups\Video Stuff\Crawler\3wPlayer-1.0.0.3-setup-0593.exe Infected: Trojan.Win32.Obfuscated.en 1

The selected area was scanned.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:57:08, on 8/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\ISS\Proventia Desktop\blackd.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\ISS\Proventia Desktop\RapApp.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ISS\Proventia Desktop\vpatch.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StandardKeyboard] C:\WINDOWS\WIRELE~1\WirelessKB.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\RunOnce: [SpybotDeletingC7348] cmd /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Startup: Launch Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Startup: TCLOCKEX.EXE.lnk = E:\BackUp\Setups\TClockEx\TCLOCKEX.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Proventia Desktop Agent.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinManager.lnk = C:\Program Files\PC-TV\WinManager\WinManager.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?7ba234f3ed5a4b49871d993e5a75abb6
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?7ba234f3ed5a4b49871d993e5a75abb6
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {50D05FAC-D462-4795-8818-738FCF776FBC} - https://myemail.t-mobile.com/html/web/client_tools/TMobile-PwpClient.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1216162484703
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15102/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{34FA4B1C-875D-438F-BC08-BF3B74B96013}: NameServer = 192.168.1.1,192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{3583D35B-FB59-4530-BF47-0B5ED42DEEB1}: NameServer = 192.168.1.1,192.168.2.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 11800 bytes

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

uTorrent

I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete this afterwards:

C:\Program Files\uTorrent

It also looks like that your copy of Nero isn't legit:

E:\BackUp\Setups\Video Stuff\Ahead.Nero.v8.1.1.4.Ultra.Edition.Incl.Keymaker-EMBRACE\embrace.r00

So please uninstall that too and delete folder above.

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

Please run a new HJT scan when finished and post the log back here along with uninstall list.

The version of Nero shown in the Kaspersky list was quite old. I have wiped Windows clean twice since I last used that. The version of Nero came directly off of the discs provided by the Ativa and Asus DVD drive manufacturers. I can forward you the licenses if you need it. However, I did delete the old illegal software.

HJT Uninstall

1Click DVD Copy Pro 3.2.0.1
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Alt-Tab Task Switcher Powertoy for Windows XP
AMD CPUInfo
Apple Software Update
Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATSC-TV
Calculator Powertoy for Windows XP
Catalyst Control Center - Branding
ClearType Tuning Control Panel Applet
CmdHere Powertoy For Windows XP
Creative EAX Console
Creative MediaSource 5
Creative Software AutoUpdate
Creative System Information
Digital Locker Assistant
Disney Pirates of the Caribbean Online
DVD43 v4.3.1
Earthsim
Form Fill (Windows Live Toolbar)
Full Tilt Poker.Net
Games Add-in for Windows Live® Toolbar
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Memories Disc
HP OfficeJet/PSC Scrubber
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
HP Print Diagnostic Utility
hp psc 1200 series
HTML Slideshow Powertoy for Windows XP
Image Resizer Powertoy for Windows XP
Internet Download Manager
J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 7
K-Lite Mega Codec Pack 4.0.0
LightScribe System Software 1.14.19.1
Live Search Maps Add-In for Microsoft Office Outlook
LogMeIn
Magnifier Powertoy for Windows XP
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
McAfee AntiSpyware Enterprise Module
McAfee VirusScan Enterprise
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Professional Edition 2003
Microsoft Office Sounds
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSN Money Toolbar Add-in
MSXML 4.0 SP2 (KB936181)
Nero 8 Essentials
neroxml
Office Keyboard
OneCare Advisor (Windows Live Toolbar)
Pocket-DVD Studio(remove only)
Popup Blocker (Windows Live Toolbar)
PowerDVD
PrimoPDF
QuickTime
Realtek High Definition Audio Driver
RunAlyzer
SecurDisc Viewer
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Slideshow Generator Powertoy for Windows XP
Smart Menus (Windows Live Toolbar)
Sound Blaster Audigy
Spybot - Search & Destroy
Tabbed Browsing (Windows Live Toolbar)
Tweak UI
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
VCRedistSetup
VIA Rhine-Family Fast-Ethernet Adapter
Virtual Desktop Manager Powertoy for Windows XP
VSO CopyToDVD 4
Weather Add-in for Windows Live Toolbar
Windows Desktop Search
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Wireless Keyboard
World of Warcraft FREE Trial
XviD MPEG-4 Video Codec

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:49:51, on 8/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\ISS\Proventia Desktop\blackd.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\ISS\Proventia Desktop\RapApp.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ISS\Proventia Desktop\vpatch.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StandardKeyboard] C:\WINDOWS\WIRELE~1\WirelessKB.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\RunOnce: [SpybotDeletingC7348] cmd /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Startup: Launch Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Startup: TCLOCKEX.EXE.lnk = E:\BackUp\Setups\TClockEx\TCLOCKEX.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Proventia Desktop Agent.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinManager.lnk = C:\Program Files\PC-TV\WinManager\WinManager.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?7ba234f3ed5a4b49871d993e5a75abb6
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?7ba234f3ed5a4b49871d993e5a75abb6
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {50D05FAC-D462-4795-8818-738FCF776FBC} - https://myemail.t-mobile.com/html/web/client_tools/TMobile-PwpClient.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1216162484703
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15102/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{34FA4B1C-875D-438F-BC08-BF3B74B96013}: NameServer = 192.168.1.1,192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{3583D35B-FB59-4530-BF47-0B5ED42DEEB1}: NameServer = 192.168.1.1,192.168.2.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 11669 bytes

Thank you for info.

Empty this folder:

C:\Documents and Settings\Jeff\Desktop\OTScanIt\MovedFiles\

Delete this:

E:\BackUp\Setups\Video Stuff\Crawler\3wPlayer-1.0.0.3-setup-0593.exe

Empty Recycle Bin.

Still problems?

No more annoying pop-ups, but I need to reboot my machine and see what happens. I'll only post again if I see more problems. Thanks for all your help.

Next time I'll save time (a helper and mine) and just do a clean install of Windows. That is a lot less hassle to me and ensures no junk.

Please post anyway because I will need to give you final instructions before we can this done :)

What else would you like me to do?

Just see below :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

You can fix this:

O4 - HKLM\..\RunOnce: [SpybotDeletingC7348] cmd /c del "C:\WINDOWS\SchedLgU.Txt"

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (http://www.personalfirewall.comodo.com/) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor (http://www.tallemu.com/online_armor_free.html)
3) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
4) Agnitum (http://www.agnitum.com/products/outpostfree/download.php)
5) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za) (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Next we remove all used tools.

Please download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)

Re-enable system restore with instructions from tutorial above

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

Malwarebytes' Anti-Malware Setup Guide (http://www.bfccomputers.com/forum/index.php?showtopic=1644)

Malwarebytes' Anti-Malware Scanning Guide (http://www.bfccomputers.com/forum/index.php?showtopic=1645)


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)

Happy surfing and stay clean! :bigthumb:

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.