Backdoor.Tidserv!inf Help needed

Hey I'm new to this board. I got the virus "Backdoor.Tidserv!inf" after visiting a message board. My Symantec caught the virus but cannot remove/quarantine it. Below is my copy of the Hjackthis log. Thanks in advance for any/all help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:03 PM, on 11/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\lkcitdl.exe
c:\WINDOWS\system32\lkads.exe
c:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Shared\Security\nidmsrv.exe
c:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe
C:\Program Files\Novell\ZENworks\Asset Management\bin\CClient.exe
C:\Program Files\Webroot\Client\commagent.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\Webroot\Client\spysweeper.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\Program Files\Webroot\Client\SSU.EXE
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\dpmw32.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Webroot\Client\SpySweeperUI.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Novell\ZENworks\NalAgent.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Symantec AntiVirus\vpc32.exe
C:\Program Files\lotus\notes\NLNOTES.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\lotus\notes\ntaskldr.EXE
C:\Documents and Settings\baustede\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CodecPlugin Class - {3701d3b1-66e1-4362-b054-6964fbd3b582} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WebrootClientUI] "C:\Program Files\Webroot\Client\SpySweeperUI.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NI Background Service] "c:\Program Files\Shared\Update Service\BackgroundService.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'Default user')
O4 - Global Startup: Application Explorer.lnk = C:\Program Files\Novell\ZENworks\NalView.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://web-student-1.udayton.edu/iNotes6W.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183123664671
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = udayton.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = udayton.edu
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - c:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - c:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - c:\WINDOWS\system32\lktsrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - c:\Program Files\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - c:\Program Files\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - c:\WINDOWS\system32\nisvcloc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ZENworks Asset Management - Collection Client (TSCensus Collection Client) - Novell, Inc. - C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe
O23 - Service: Webroot CommAgent Service (WebrootCommAgentService) - Webroot Software, Inc. - C:\Program Files\Webroot\Client\commagent.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Client\spysweeper.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe
O24 - Desktop Component 0: Ink Desktop - {80E95280-2D38-3CB8-A215-FB5F14C4343E}

--
End of file - 13967 bytes

Heres the uninstall log..


32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe Shockwave Player 11
AEMPro
Agilix GoBinder Lite
AIM 6
Alarm 2.0.2
AOEMView 2008
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
AutoCAD 2008 - English
Autodesk Design Review 2008
Autodesk DWF Viewer 7
Autodesk Impression
Autodesk Inventor Professional 2008
Autodesk Mechanical Desktop 2008
Bonjour
Bonjour Core for Windows
DivX Content Uploader
DivX Web Player
DivxToDVD 0.5.2b
DVD Shrink 3.2
DVD Solution
DWG TrueView 2007
FileZilla (remove only)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
HI-TECH C51-lite V9.60PL0
HI-TECH PICC lite V9.60PL0
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for MSXML 2 (KB887606)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB319740)
Hotfix for Windows XP (KB889527)
Hotfix for Windows XP (KB895953)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB897338)
Hotfix for Windows XP (KB898900)
Hotfix for Windows XP (KB903234)
Hotfix for Windows XP (KB904412)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB907865)
Hotfix for Windows XP (KB912461)
Hotfix for Windows XP (KB912817)
Hotfix for Windows XP (KB913538)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB917021)
Hotfix for Windows XP (KB918005)
Hotfix for Windows XP (KB918093)
Hotfix for Windows XP (KB918997)
Hotfix for Windows XP (KB924867)
Hotfix for Windows XP (KB924941)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB927544)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 8.0
HP Deskjet All-In-One Software 8.0
HP Imaging Device Functions 8.0
HP Photosmart Essential
HP Solution Center 8.0
HP Update
HPSSupply
IBM Lotus Sametime Connect 7.5.1
Ink Art
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
iTunes
Japanese Fonts Support For Adobe Reader 8
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
JAW Deploy 1.17
LimeWire 4.18.8
LiveUpdate 3.1 (Symantec Corporation)
Logger Pro 3.4.2
Logitech QuickCam
Logitech QuickCam Driver Package
Lotus Notes 7.0.2
Macromedia Authorware Web Player
MATLAB R2007a
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB925168)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Education Pack for Windows XP Tablet PC Edition
Microsoft Energy Blue Theme Pack
Microsoft Experience Pack for Tablet PC
Microsoft Ink Crossword
Microsoft Ink Desktop
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Media Transfer
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel 2007 Get Started Tab
Microsoft Office Excel MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint 2007 Get Started Tab
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007 Get Started Tab
Microsoft Office Word MUI (English) 2007
Microsoft Snipping Tool 2.0
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
MobileMe Control Panel
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.0.4)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
National Instruments Software
Nero 7 Essentials
NICI (Shared) U.S./Worldwide (128 bit) (2.7.0-2)
NMAS Challenge Response Method
NMAS Client
Novell Client for Windows
Power2Go 4.0
PowerDVD
QuickTime
Rainlendar2 (remove only)
RealPlayer Enterprise
Road Rash 3
RoadRash
Ruckus Player
Security Task Manager 1.7e
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SigmaTel Audio
Skype™ Beta 4.0
SolidWorks 2006 SP0
Symantec AntiVirus
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TI Connect 1.6
TI NoteFolio Creator
Total Video Converter 3.12 080330
TunerPro RT v4.14
TunerPro v4.14
Update for Microsoft .NET Framework 3.0 (KB932394)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb957829)
Update for Windows XP (KB896256)
Update for Windows XP (KB897663)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB907265)
Update for Windows XP (KB908521)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB916846)
Update for Windows XP (KB920142)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922120)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Western Australian Time Zone Update
Windows Communication Foundation
Windows Driver Package - Intel (w29n51) net (09/12/2005 9.0.3.9)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB884883
Windows XP Hotfix - KB885222
Windows XP Hotfix - KB885453
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB886677
Windows XP Hotfix - KB886716
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB894395
Windows XP Hotfix - KB896626
Write-N-Cite
ZENworks Desktop Management Agent

1. Open Hijack This.
2. Select "Do a system scan only"
3. Tick the boxes next to this line:

O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe

4. Press "Fix Checked"
5. Close Hijack This.

Delete this file:
C:\WINDOWS\system32\drivers\svchost.exe <== only delete in thye drivers folder.

Next,

• Download combofix from here, use the top links - combofix.exe
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Combofix will not run. A status bar comes up, fills up, and disappears. What should I do?

Did you delete svchost.exe in the drivers folder?

Yes, then I tried to run combofix as you said and it acted like it was going to open, the green bar came up to show it was loading, but then closed on its own.

Lets see if this says anything.

Please download SilentRunners from here:
http://www.silentrunners.org/Silent%20Runners.zip
Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, a message will pop up and a logfile will have been created on the desktop. Please post the entire contents of this logfile for me to see.

The log file you requested
"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Aim6" = ""C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp" ["AOL LLC"]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"nah_Shell" = ""C:\Documents and Settings\baustede\nah_niko.exe"" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"TabletWizard" = "C:\WINDOWS\help\SplshWrp.exe" [MS]
"TabletTip" = ""C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume" [MS]
"ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay" [null data]
"SigmatelSysTrayApp" = "stsystra.exe" ["SigmaTel, Inc."]
"SynTPLpr" = ""C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"" ["Synaptics, Inc."]
"SynTPEnh" = ""C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"" ["Synaptics, Inc."]
"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"NDPS" = "C:\WINDOWS\system32\dpmw32.exe" ["Novell, Inc."]
"ZENRC Tray Icon" = "C:\WINDOWS\system32\zentray.exe" ["Novell, Inc."]
"NWTRAY" = "NWTRAY.EXE" ["Novell, Inc."]
"Snippet" = ""C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i" [null data]
"NWEReboot" = "(empty string)" [file not found]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"vptray" = "C:\PROGRA~1\SYMANT~1\VPTray.exe" ["Symantec Corporation"]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"WebrootClientUI" = ""C:\Program Files\Webroot\Client\SpySweeperUI.exe"" ["Webroot Software, Inc."]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]
"LogitechCommunicationsManager" = ""C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"" ["Logitech Inc."]
"LogitechQuickCamRibbon" = ""C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide" ["Logitech Inc."]
"NI Background Service" = ""c:\Program Files\Shared\Update Service\BackgroundService.exe"" ["National Instruments"]
"AppleSyncNotifier" = ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"" ["Apple Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{AF8DE18D-9065-4102-BC40-EB294A95BB07}" = "Novell Connections"
-> {HKLM...CLSID} = "Novell Connections"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nwshlxnt.dll" ["Novell, Inc."]
"{04c23aa0-3d34-11d2-b788-008029605ac7}" = "NDPS Shell Extension"
-> {HKLM...CLSID} = "NDPS Shell Extension"
\InProcServer32\(Default) = "ndpsprop.dll" ["Novell, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\MSOHEVI.DLL" [MS]
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\ONFILTER.DLL" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview"
-> {HKLM...CLSID} = "ACTHUMBNAIL"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk, Inc."]
"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "AutoCAD Digital Signatures Icon Overlay Handler"
-> {HKLM...CLSID} = "AcSignIcon"
\InProcServer32\(Default) = "C:\WINDOWS\system32\AcSignIcon.dll" ["Autodesk, Inc."]
"{8A0BC933-7552-42E2-A228-3BE055777227}" = "AutoCAD DWG Column Handler"
-> {HKLM...CLSID} = "AcColumnHandler"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll" ["Autodesk"]
"{5800AD5B-72C1-477B-9A08-CA112DF06D97}" = "AutoCAD DWG InfoTip Handler"
-> {HKLM...CLSID} = "AcInfoTipHandler"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll" ["Autodesk"]
"{ADC46291-D8A1-4486-A24C-86FFB392AEFA}" = "Autodesk Dgn File Preview"
-> {HKLM...CLSID} = "AcDgnImageExtractor"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\AcDgnCOM17.dll" ["Autodesk"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions"
-> {HKLM...CLSID} = "VpshellEx Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
"{3FCEF010-09A4-11D4-8D3B-D12F9D3D8B02}" = "TIShelEx Shell Extension"
-> {HKLM...CLSID} = "FileTimeShlExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\TISHAR~1\TICONN~1\TIShlExt.dll" ["Texas Instruments Incorporated"]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<> "{763370C4-268E-4308-A60C-D8DA0342BE32}" = (no title provided)
-> {HKLM...CLSID} = "Application Explorer"
\InProcServer32\(Default) = "C:\Program Files\Novell\ZENworks\NalShell.dll" ["Novell, Inc"]

HKLM\SOFTWA RE\Microsoft\Windows NT\CurrentVersion\Winlogon\
<> "GinaDLL" = "NWGINA.DLL" ["Novell, Inc."]

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<> "Authentication Packages" = "msv1_0"|"nwv1_0"

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]
<> loginkey\DLLName = "C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll" [MS]
<> NavLogon\DLLName = "C:\WINDOWS\system32\NavLogon.dll" ["Symantec Corporation"]
<> NetIdentity Notification\DLLName = "C:\WINDOWS\system32\Novell\XtNotify.dll" ["Novell, Inc."]
<> TabBtnWL\DLLName = "TabBtnWL.dll" [MS]
<> tpgwlnotify\DLLName = "tpgwlnot.dll" [MS]
<> WRNotifier\DLLName = "WRLogonNtf.DLL" ["Webroot Software, Inc."]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{8A0BC933-7552-42E2-A228-3BE055777227}\(Default) = "AutoCAD DWG column info"
-> {HKLM...CLSID} = "AcColumnHandler"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll" ["Autodesk"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Autodesk.DWF.ContextMenu\(Default) = "{6C18531F-CA85-45F7-8278-FF33CF0A5964}"
-> {HKLM...CLSID} = "DWFShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\Dwf Common\DWFShellExtension.dll" ["Autodesk, Inc."]
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
-> {HKLM...CLSID} = "VpshellEx Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
NetWareMenuItems\(Default) = "{e3bbbfc0-f61f-11cf-bb16-00c04fd371f4}"
-> {HKLM...CLSID} = "Menu Handlers for NetWare Capture"
\InProcServer32\(Default) = "novnpnt.dll" ["Novell, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
InventorMenu\(Default) = "{6FDE7A70-351B-11d6-988B-0010B57A8BB7}"
-> {HKLM...CLSID} = "Autodesk Inventor Part"
\InProcServer32\(Default) = "C:\Program Files\Autodesk\Inventor 2008\Bin\DT.dll" ["Autodesk, Inc."]
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
-> {HKLM...CLSID} = "VpshellEx Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
NetWareMenuItems\(Default) = "{e3bbbfc0-f61f-11cf-bb16-00c04fd371f4}"
-> {HKLM...CLSID} = "Menu Handlers for NetWare Capture"
\InProcServer32\(Default) = "novnpnt.dll" ["Novell, Inc."]
NetWareServerMenu\(Default) = "{9b173360-732b-11ce-aa22-00805f9834b0}"
-> {HKLM...CLSID} = "Shell Extensions for NetWare Trees and Servers"
\InProcServer32\(Default) = "novnpnt.dll" ["Novell, Inc."]

and..


Default executables:
--------------------

<> HKCU\Software\Classes\.scr\(Default) = "AutoCADscriptFile"
<> HKCU\Software\Classes\AutoCADscriptFile\shell\open\command\(Default) = ""C:\WINDOWS\system32\notepad.exe" "%1"" [MS]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"ForceClassicControlPanel" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoDevMgrUpdate" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"AllowLegacyWebView" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"AllowUnhashedWebView" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKCU\Software\Policies\Microsoft\Windows\System\

"DisableCMD" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Disable the command prompt}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"CompatibleRUPSecurity" = (REG_DWORD) dword:0x00000001
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\baustede\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

HPGGPhotoEventHandler\
"Provider" = "HP Photosmart Essential"
"InvokeProgID" = "HP.acquireautoplayG"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\HP.acquireautoplayG\shell\open\DropTarget\CLSID = "{F3A39B00-BE67-4d7d-BED7-53E9C510EC5B}"
-> {HKLM...CLSID} = "HP AcquireAutoPlay2 Class"
\InProcServer32\(Default) = "C:\Program Files\HP\Photosmart Essential\AcquireAutoPlay.dll" [empty string]

iTunesBurnCDOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.BurnCD"
"InvokeVerb" = "burn"
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]

iTunesImportSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ImportSongsOnCD"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]

iTunesPlaySongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.PlaySongsOnCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]

iTunesShowSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ShowSongsOnCD"
"InvokeVerb" = "showsongs"
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]

MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

NeroAutoPlay7CDAudio\
"Provider" = "Nero Express Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /New:AudioCD" ["Nero AG"]

NeroAutoPlay7CopyCD\
"Provider" = "Nero Express Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /New:DiscCopy" ["Nero AG"]

NeroAutoPlay7DataDisc\
"Provider" = "Nero Express Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /New:ISODisc" ["Nero AG"]

NeroAutoPlay7LaunchNeroStartSmart\
"Provider" = "Nero StartSmart Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]

NeroAutoPlay7PlayAudioCD\
"Provider" = "Nero ShowTime Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play /Drive:%L" ["Nero AG"]

NeroAutoPlay7PlayDVD\
"Provider" = "Nero ShowTime Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play /Drive:%L" ["Nero AG"]

NeroAutoPlay7VideoCapture\
"Provider" = "Nero Vision Essentials SE"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "/New:VideoCapture"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

NeroAutoPlay7ViewPhotos\
"Provider" = "Nero PhotoSnap Viewer Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]

P2GCDBurningOnArrival\
"Provider" = "Power2Go"
"InvokeProgID" = "Picture"
"InvokeVerb" = "OpenWithPower2Go"
HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPower2Go\Command\(Default) = ""C:\Program Files\CyberLink\Power2Go\Power2Go.exe"" ["Cyberlink"]

PDVDPlayDVDMovieOnArrival\
"Provider" = "PowerDVD"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithPowerDVD"
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]

and also...

PDVDPlayVCDMovieOnArrival\
"Provider" = "PowerDVD"
"InvokeProgID" = "VCD"
"InvokeVerb" = "PlayWithPowerDVD"
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]

PStarterBlankCDArrival\
"Provider" = "DVD Solution"
"InvokeProgID" = "Picture"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Solution\PowerStarter.exe"" [empty string]

PStarterMixedCDArrival\
"Provider" = "DVD Solution"
"InvokeProgID" = "MixedContent"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\MixedContent\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Solution\PowerStarter.exe"" [empty string]

PStarterMusicFilesArrival\
"Provider" = "DVD Solution"
"InvokeProgID" = "MusicFiles"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\MusicFiles\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Solution\PowerStarter.exe"" [empty string]

PStarterPicturesArrival\
"Provider" = "DVD Solution"
"InvokeProgID" = "Picture"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Solution\PowerStarter.exe"" [empty string]

PStarterPlayCDAudioOnArrival\
"Provider" = "DVD Solution"
"InvokeProgID" = "AudioCD"
"InvokeVerb" = "PlayWithPowerStarter"
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Solution\PowerStarter.exe" "%L"" [empty string]

PStarterPlayDVDMovieOnArrival\
"Provider" = "DVD Solution"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithPowerStarter"
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Solution\PowerStarter.exe" "%L"" [empty string]

PStarterVideoFilesArrival\
"Provider" = "DVD Solution"
"InvokeProgID" = "VideoFiles"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\VideoFiles\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files\CyberLink\DVD Solution\PowerStarter.exe"" [empty string]

TVPPlayDVDMovieOnArrival\
"Provider" = "Total Video Player"
"InvokeProgID" = "totalplayer.dvd"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\totalplayer.dvd\shell\open\command\(Default) = "C:\Program Files\Total Video Converter\tvp.exe -dvd %1" [empty string]


Startup items in "baustede" & "All Users" startup folders:
----------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Application Explorer" -> shortcut to: "C:\Program Files\Novell\ZENworks\NalView.exe" ["Novell, Inc"]


Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\netware\NWWS2NDS.DLL" ["Novell, Inc."]
000000000005\LibraryPath = "%SystemRoot%\system32\netware\NWWS2SAP.DLL" ["Novell, Inc."]
000000000006\LibraryPath = "%SystemRoot%\system32\netware\NWWS2SLP.DLL" ["Novell, Inc."]
000000000007\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"
-> {HKLM...CLSID} = "&Links"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_02"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_02"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll" ["Sun Microsystems, Inc."]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\
"ButtonText" = "Send to OneNote"
"MenuText" = "S&end to OneNote"
"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll" [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{C1994287-422F-47AA-8E5E-6323E210A125}\
"ButtonText" = "Novell delivered applications"
"CLSIDExtension" = "{4B5F7606-8666-4D5A-9780-DB92A9D8812B}"
-> {HKLM...CLSID} = "NalIeToolbarBtn Class"
\InProcServer32\(Default) = "C:\Program Files\Novell\ZENworks\AxNalServer.dll" ["Novell, Inc"]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple Inc."]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Bonjour Service, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."]
HP CUE DeviceDiscovery Service, hpqddsvc, "C:\WINDOWS\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll" ["Hewlett-Packard Co."]}
hpqcxs08, hpqcxs08, "C:\WINDOWS\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll" ["Hewlett-Packard Co."]}
iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]
Lookout Citadel Server, LkCitadelServer, "c:\WINDOWS\system32\lkcitdl.exe" ["National Instruments, Inc."]
LVCOMSer, LVCOMSer, ""C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe"" ["Logitech Inc."]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
Multi-user Cleanup Service, Multi-user Cleanup Service, ""C:\Program Files\lotus\notes\ntmulti.exe"" ["IBM Corp"]
National Instruments Domain Service, NIDomainService, ""c:\Program Files\Shared\Security\nidmsrv.exe"" ["National Instruments Corporation"]
National Instruments PSP Server Locator, lkClassAds, "c:\WINDOWS\system32\lkads.exe" ["National Instruments Corporation"]
National Instruments Time Synchronization, lkTimeSync, "c:\WINDOWS\system32\lktsrv.exe" ["National Instruments Corporation"]
Net Driver HPZ12, Net Driver HPZ12, "C:\WINDOWS\System32\svchost.exe -k HPZ12" {"C:\WINDOWS\system32\HPZinw12.dll" ["Hewlett-Packard"]}
NI Service Locator, niSvcLoc, "c:\WINDOWS\system32\nisvcloc.exe -s" ["National Instruments Corp."]
Novell Application Launcher, NALNTSERVICE, "C:\Program Files\Novell\ZENworks\nalntsrv.exe" ["Novell, Inc."]
Novell XTier Agent Services, XTAgent, "C:\WINDOWS\System32\Novell\XTAgent.exe" ["Novell, Inc."]
Novell ZENworks Remote Management Agent, Remote Management Agent, "C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe" ["Novell, Inc."]
Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\System32\svchost.exe -k HPZ12" {"C:\WINDOWS\system32\HPZipm12.dll" ["Hewlett-Packard"]}
PrismXL, PrismXL, "C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS" ["New Boundary Technologies, Inc."]
Process Monitor, LVPrcSrv, ""C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe"" ["Logitech Inc."]
SAVRoam, SavRoam, ""C:\Program Files\Symantec AntiVirus\SavRoam.exe"" ["symantec"]
Symantec AntiVirus, Symantec AntiVirus, ""C:\Program Files\Symantec AntiVirus\Rtvscan.exe"" ["Symantec Corporation"]
Symantec AntiVirus Definition Watcher, DefWatch, ""C:\Program Files\Symantec AntiVirus\DefWatch.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
Webroot CommAgent Service, WebrootCommAgentService, "C:\Program Files\Webroot\Client\commagent.exe" ["Webroot Software, Inc."]
Webroot Spy Sweeper Engine, WebrootSpySweeperService, ""C:\Program Files\Webroot\Client\spysweeper.exe"" ["Webroot Software, Inc."]
Workstation Manager, ZFDWM, "C:\Program Files\Novell\ZENworks\wm.exe" ["Novell, Inc."]
ZENworks Asset Management - Collection Client, TSCensus Collection Client, ""C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe"" ["Novell, Inc."]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Bluebeam PDF Monitor\Driver = "BBPDFPortMon.dll" ["Bluebeam Software, Inc."]
HP LaserJet 5 Language Monitor\Driver = "hpdcmon.dll" ["Hewlett-Packard"]
HP Master Monitor\Driver = "HPBMMON.DLL" ["Hewlett-Packard"]
Journal Note Port\Driver = "jnwmon.dll" [MS]
LIDIL hpzll4v2\Driver = "hpzll4v2.dll" ["Hewlett-Packard Company"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]


---------- (launch time: 2008-11-25 13:37:11)
<>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 76 seconds, including 18 seconds for message boxes)

Thanks, that showed more of the problem.

• Now open a new notepad file.
  
• Input this into the notepad file:
  

  
  Windows Registry Editor Version 5.00
  
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "nah_Shell"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
  "ForceClassicControlPanel"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
  "DisableRegistryTools"=-
  [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System]
  "DisableCMD"=-
  
  

  
  
• Save this as fix.reg, save it to your desktop.
  
• Double click fix.reg to run it.
  
• Select yes to the registry merge prompt.
  

Delete this file in bold:
C:\Documents and Settings\baustede\nah_niko.exe

Please re-try combofix now.

The file nah_niko.exe does not seem to exist in that location or in any location on my C drive. I look and then did a search and nothing came up.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log with a fresh copy of HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:36:36 PM, on 11/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\lkcitdl.exe
c:\WINDOWS\system32\lkads.exe
c:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Shared\Security\nidmsrv.exe
c:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe
C:\Program Files\Novell\ZENworks\Asset Management\bin\CClient.exe
C:\Program Files\Webroot\Client\commagent.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\Webroot\Client\spysweeper.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\Program Files\Webroot\Client\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\dpmw32.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Webroot\Client\SpySweeperUI.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Novell\ZENworks\NalAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\baustede\Desktop\HiJackThis.exe
C:\Program Files\AIM6\aolsoftware.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WebrootClientUI] "C:\Program Files\Webroot\Client\SpySweeperUI.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NI Background Service] "c:\Program Files\Shared\Update Service\BackgroundService.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'Default user')
O4 - Global Startup: Application Explorer.lnk = C:\Program Files\Novell\ZENworks\NalView.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://web-student-1.udayton.edu/iNotes6W.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183123664671
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = udayton.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = udayton.edu
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - c:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - c:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - c:\WINDOWS\system32\lktsrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - c:\Program Files\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - c:\Program Files\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - c:\WINDOWS\system32\nisvcloc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ZENworks Asset Management - Collection Client (TSCensus Collection Client) - Novell, Inc. - C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe
O23 - Service: Webroot CommAgent Service (WebrootCommAgentService) - Webroot Software, Inc. - C:\Program Files\Webroot\Client\commagent.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Client\spysweeper.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe
O24 - Desktop Component 0: Ink Desktop - {80E95280-2D38-3CB8-A215-FB5F14C4343E}

--
End of file - 13659 bytes

and


Malwarebytes' Anti-Malware 1.30
Database version: 1423
Windows 5.1.2600 Service Pack 2

11/25/2008 2:28:38 PM
mbam-log-2008-11-25 (14-28-37).txt

Scan type: Quick Scan
Objects scanned: 95205
Time elapsed: 24 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3701d3b1-66e1-4362-b054-6964fbd3b582} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www.iesearch.com/) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://www.iesearch.com/) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\baustede\Local Settings\Temp\TDSS53a8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSqqon.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSwghd.log (Trojan.TDSS) -> Quarantined and deleted successfully.