Bankerfox.A Win32 Nuqel.E (yes, another)

Same deal as the posts I've seen by many others on this in researching. Fake anti-virus pop-ups, unable to open any files except if I'm quick on startup. Malwarebytes found nothing. Ran HijackThis and OTL. Logs are below. PLEASE help. :-)

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:33:10 PM, on 3/10/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Wintab32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Intel\IDU\IDUServ.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\FarStone\RestoreIT\RestoreIT_XP\VBPTASK.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ccwtup32.exe
C:\WINDOWS\GTCO\wtxpload.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\dschmucker\Local Settings\Application Data\vieqig\gdtusftav.exe
C:\WINDOWS\GTCO\xpoint32.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\SYSTEM32\userinit.exe
F:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.jzip.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\FarStone\RestoreIT\RestoreIT_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CalCompUtil] ccwtup32.exe
O4 - HKLM\..\Run: [GTCO.wtxpload] C:\WINDOWS\GTCO\wtxpload.exe GTCO
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [tymgaadx] C:\Documents and Settings\dschmucker\Local Settings\Application Data\vieqig\gdtusftav.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [tymgaadx] C:\Documents and Settings\dschmucker\Local Settings\Application Data\vieqig\gdtusftav.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://components.metastream.com/MTSInstallers/MetaStream3.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A1F0774-EDE6-4255-A411-B2A730D6A6DD} (InstallShield Setup Player 2K2) - http://raiseinstall.rockwellautomation.com/np1-dvd/setup.exe
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} (EModelNonVersionSpecificViewControl Class) - http://www.3dpublisher.net/SWService/eDrawingsEnglish.cab
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://server2/ProjectServer/objects/pjclient.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258475530592
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://server2/ProjectServer/objects/1033/pjcintl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PSI.psisalesinc.com
O17 - HKLM\Software\..\Telephony: DomainName = PSI.psisalesinc.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6920ADD4-1C90-48BA-ACDE-3A286EA28ECE}: NameServer = 192.168.2.40,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PSI.psisalesinc.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = PSI.psisalesinc.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\system32\Wintab32.exe

--
End of file - 9237 bytes

OTL log:

OTL logfile created on: 3/10/2010 1:10:46 PM - Run 1
OTL by OldTimer - Version 3.1.36.0 Folder = F:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 603.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.07 Gb Total Space | 22.04 Gb Free Space | 32.87% Space Free | Partition Type: NTFS
Drive D: | 274.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: IVIUDFS
E: Drive not present or media not loaded
Drive F: | 246.24 Mb Total Space | 244.72 Mb Free Space | 99.38% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WSENG10
Current User Name: DSchmucker
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/10 13:07:10 | 000,554,496 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2010/03/10 09:35:55 | 000,269,056 | ---- | M] () -- C:\Documents and Settings\dschmucker\Local Settings\Application Data\vieqig\gdtusftav.exe
PRC - [2009/12/23 15:03:17 | 000,289,584 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/11/18 14:00:00 | 000,495,432 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/06/01 07:40:25 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/06/01 07:40:17 | 000,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/06/01 07:40:15 | 001,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/01/14 16:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2007/11/12 14:00:30 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/10/18 19:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2005/04/29 20:07:00 | 001,302,016 | ---- | M] (OSA Technologies, Inc.) -- C:\Program Files\Intel\IDU\IDUServ.exe
PRC - [2005/04/29 06:39:58 | 000,122,880 | ---- | M] () -- C:\Program Files\FarStone\RestoreIT\RestoreIT_XP\vbptask.exe
PRC - [2005/04/26 17:02:56 | 000,622,700 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe
PRC - [2004/08/04 01:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/06/19 06:46:00 | 000,125,952 | ---- | M] (LCS/Telegraphics) -- C:\WINDOWS\GTCO\xpoint32.exe
PRC - [2003/06/19 06:46:00 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\wintab32.exe
PRC - [2003/06/19 06:46:00 | 000,057,344 | ---- | M] (LCS/Telegraphics, Inc.) -- C:\WINDOWS\system32\ccwtup32.exe
PRC - [2003/06/19 06:46:00 | 000,045,056 | ---- | M] (LCS/Telegraphics) -- C:\WINDOWS\GTCO\wtxpload.exe


========== Modules (SafeList) ==========

MOD - [2010/03/10 13:07:10 | 000,554,496 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2004/09/12 00:44:32 | 000,049,152 | R--- | M] () -- C:\WINDOWS\system32\HookAPI.dll
MOD - [2004/08/04 01:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2003/06/19 06:46:00 | 000,032,768 | ---- | M] (LCS/Telegraphics, Inc.) -- C:\WINDOWS\system32\ccwtup32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/06/01 07:40:17 | 000,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/01/14 16:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/06/13 08:31:26 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2005/04/29 20:07:00 | 001,302,016 | ---- | M] (OSA Technologies, Inc.) [Auto | Running] -- C:\Program Files\Intel\IDU\IDUServ.exe -- (iHCService) Intel(R)
SRV - [2005/04/26 17:02:56 | 000,622,700 | ---- | M] (Executive Software International, Inc.) [Auto | Running] -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2003/10/31 11:01:00 | 000,106,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32)
SRV - [2003/06/19 06:46:00 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\wintab32.exe -- (Wintab32)


========== Driver Services (SafeList) ==========

DRV - [2009/06/01 07:40:24 | 000,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/06/01 07:40:24 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2006/11/14 16:14:26 | 000,073,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/11/14 13:52:22 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2006/11/14 13:50:20 | 000,007,424 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SIODRV.SYS -- (SIODRV)
DRV - [2005/08/03 21:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/04/27 11:45:08 | 000,300,672 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/04/04 09:01:34 | 000,035,712 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2005/03/28 02:34:00 | 000,011,018 | R--- | M] (OSA Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005/03/15 04:34:00 | 000,021,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp) Intel(R)
DRV - [2005/03/04 05:07:00 | 000,008,704 | R--- | M] (Avocent/OSA Technologies Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005/02/28 10:36:42 | 000,180,736 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2005/01/12 20:28:04 | 000,116,224 | ---- | M] (InterVideo) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IviUdf.sys -- (iviudf)
DRV - [2005/01/12 06:29:28 | 000,038,784 | ---- | M] (InterVideo) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ivicd.sys -- (ivicd)
DRV - [2004/12/17 17:14:44 | 000,013,952 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2004/12/01 23:19:28 | 000,033,249 | R--- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\RITFSD.sys -- (RITFSD)
DRV - [2004/12/01 23:17:18 | 000,031,872 | R--- | M] (FarStone Technology Inc.,) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\Rcfilter.sys -- (Rcfilter)
DRV - [2004/09/30 01:27:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3)
DRV - [2004/08/12 17:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/10 23:32:56 | 000,183,987 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VVBackd5.sys -- (VVBackd5)
DRV - [2004/08/04 02:09:24 | 000,072,475 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fgdscsi.sys -- (FGDSCSI)
DRV - [2004/08/03 00:08:48 | 000,014,074 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\exdisk.sys -- (exdisk)
DRV - [2003/12/25 17:48:14 | 000,010,752 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/11/03 05:09:00 | 000,036,484 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel (R)
DRV - [2003/10/24 09:53:08 | 000,016,984 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AW_HOST5.sys -- (AW_HOST)
DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/08/07 00:46:12 | 000,010,899 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fgdxbus.sys -- (fgdxbus)
DRV - [2003/06/19 06:46:00 | 000,030,720 | ---- | M] (LCS/Telegraphics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w2gtuf.sys -- (W2gtuf)
DRV - [2003/06/19 06:46:00 | 000,012,800 | ---- | M] (LCS/Telegraphics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wtcls2k.sys -- (Wtcls2k)
DRV - [2003/04/21 13:08:44 | 000,010,901 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\awlegacy.sys -- (awlegacy)
DRV - [2003/04/21 12:00:32 | 000,013,898 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GERNUWA.sys -- (Gernuwa)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.jzip.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555



O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CalCompUtil] C:\WINDOWS\System32\ccwtup32.exe (LCS/Telegraphics, Inc.)
O4 - HKLM..\Run: [GTCO.wtxpload] C:\WINDOWS\GTCO\wtxpload.exe (LCS/Telegraphics)
O4 - HKLM..\Run: [IntelAudioStudio] C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [RestoreIT!] C:\Program Files\FarStone\RestoreIT\RestoreIT_XP\VBPTASK.EXE ()
O4 - HKLM..\Run: [tymgaadx] C:\Documents and Settings\dschmucker\Local Settings\Application Data\vieqig\gdtusftav.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [tymgaadx] C:\Documents and Settings\dschmucker\Local Settings\Application Data\vieqig\gdtusftav.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 02 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} http://components.metastream.com/MTSInstallers/MetaStream3.cab (MetaStreamCtl Class)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install/00/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1A1F0774-EDE6-4255-A411-B2A730D6A6DD} http://raiseinstall.rockwellautomation.com/np1-dvd/setup.exe (InstallShield Setup Player 2K2)
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} http://www.3dpublisher.net/SWService/eDrawingsEnglish.cab (EModelNonVersionSpecificViewControl Class)
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} http://server2/ProjectServer/objects/pjclient.cab (PjAdoInfo3 Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258475530592 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} http://server2/ProjectServer/objects/1033/pjcintl.cab (Pj11enuC Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PSI.psisalesinc.com
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/14 13:52:55 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/11/14 14:00:01 | 000,000,873 | ---- | M] () - C:\AutoSetup.log -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/10 11:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dschmucker\Application Data\Blitware
[2010/03/10 11:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Robot
[2010/03/10 11:57:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dontcopy
[2010/03/10 11:07:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dschmucker\Application Data\AVG8
[2010/03/10 10:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/10 09:36:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dschmucker\Local Settings\Application Data\vieqig
[2010/02/26 10:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dschmucker\Local Settings\Application Data\Temp
[2010/02/01 13:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/01 13:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2007/11/21 15:02:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/11/14 15:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/11/14 11:11:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/10 13:10:24 | 000,001,824 | ---- | M] () -- C:\WINDOWS\WINTAB.INI
[2010/03/10 13:10:15 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/10 13:06:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/10 13:06:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/10 12:53:50 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\dschmucker\NTUSER.DAT
[2010/03/10 12:47:49 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\dschmucker\ntuser.ini
[2010/03/10 12:17:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/10 11:58:25 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\dschmucker\Desktop\Microsoft Office Outlook 2003 (2).lnk
[2010/03/10 11:58:02 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Driver Robot.lnk
[2010/03/09 09:25:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/22 11:08:51 | 000,000,153 | ---- | M] () -- C:\WINDOWS\vbface.INI
[2010/02/18 16:55:22 | 000,002,401 | ---- | M] () -- C:\Documents and Settings\dschmucker\Desktop\AutoCAD 2007 (2).lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/10 11:58:02 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Driver Robot.lnk
[2010/02/04 14:02:49 | 000,000,028 | ---- | C] () -- C:\WINDOWS\GEGEVENS.INI
[2010/02/04 14:02:49 | 000,000,027 | ---- | C] () -- C:\WINDOWS\TEXTEDIT.INI
[2010/02/04 13:53:56 | 000,000,745 | ---- | C] () -- C:\WINDOWS\Framework.INI
[2010/01/05 10:30:55 | 000,000,153 | ---- | C] () -- C:\WINDOWS\vbface.INI
[2009/11/23 20:52:31 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\dschmucker\Application Data\Smiley.ico
[2008/07/23 08:30:57 | 000,001,824 | ---- | C] () -- C:\WINDOWS\WINTAB.INI
[2008/07/23 08:29:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\wintab32.dll
[2008/06/25 12:48:07 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectoryService
[2008/06/25 12:48:07 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\dschmucker\Application Data\Dictionaries
[2008/06/25 12:48:07 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2008/06/25 12:48:07 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Drums
[2008/06/13 08:10:37 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\dschmucker\Local Settings\Application Data\fusioncache.dat
[2007/11/20 15:02:00 | 000,000,041 | ---- | C] () -- C:\WINDOWS\crw.ini
[2007/11/20 14:55:19 | 000,000,139 | ---- | C] () -- C:\WINDOWS\INPHORM.INI
[2007/11/07 08:51:49 | 000,000,026 | ---- | C] () -- C:\WINDOWS\DMRSOFT.INI
[2007/10/26 14:18:26 | 000,000,033 | ---- | C] () -- C:\WINDOWS\render.ini
[2007/10/03 07:32:27 | 000,000,024 | ---- | C] () -- C:\WINDOWS\fw.ini
[2006/11/20 12:09:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2006/11/14 16:30:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MTSTACK.INI
[2006/11/14 15:58:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/14 14:00:03 | 000,183,987 | ---- | C] () -- C:\WINDOWS\System32\drivers\VVBackd5.sys
[2006/11/14 14:00:01 | 000,033,249 | R--- | C] () -- C:\WINDOWS\System32\drivers\RITFSD.sys
[2006/11/14 14:00:01 | 000,014,074 | R--- | C] () -- C:\WINDOWS\System32\drivers\exdisk.sys
[2006/11/14 13:59:59 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\HookAPI.dll
[2006/11/14 13:59:56 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\RitShell.dll
[2006/11/14 13:56:31 | 000,000,056 | ---- | C] () -- C:\Program Files\Common Files\appop.log
[2006/11/14 13:55:44 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\udffsrec.sys
[2006/11/14 13:53:28 | 000,016,896 | ---- | C] () -- C:\Program Files\Common Files\so_icon_lib.dll
[2006/11/14 13:52:27 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2006/11/14 13:52:27 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2006/11/14 13:52:27 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2006/11/14 13:51:51 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2006/11/14 13:48:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Fsinst32.dll
[2006/11/14 13:48:15 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\Fsinst16.DLL
[2006/11/14 13:45:45 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/11/14 13:45:45 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/11/14 13:45:45 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/11/14 13:45:45 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/11/14 13:45:45 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/11/14 13:45:45 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/12/01 23:14:55 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\PDFreDirectMonNT.dll
[2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/08/04 01:56:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/07/17 12:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/02/05 02:05:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\VDExt800.dll
[2003/09/19 08:03:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\GDExt800.dll
[2003/09/04 11:49:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\VDExt712.dll
[2003/08/16 01:52:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GDExt712.dll
[2003/07/30 01:19:24 | 000,006,398 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartCdx.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
< End of report >

OTL Extras log:

OTL Extras logfile created on: 3/10/2010 1:10:46 PM - Run 1
OTL by OldTimer - Version 3.1.36.0 Folder = F:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 603.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.07 Gb Total Space | 22.04 Gb Free Space | 32.87% Space Free | Partition Type: NTFS
Drive D: | 274.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: IVIUDFS
E: Drive not present or media not loaded
Drive F: | 246.24 Mb Total Space | 244.72 Mb Free Space | 99.38% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WSENG10
Current User Name: DSchmucker
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"9999:UDP" = 9999:UDP:*:Enabled:IDU Service UDP Port
"2804:TCP" = 2804:TCP:*:Enabled:IDU Service TCP Port

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Grisoft\AVG Free\avginet.exe" = C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe" = C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG Free\avgcc.exe" = C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24960CD0-661D-4957-9D5F-D2905A30EDB1}" = Jasc Paint Shop Photo Album 5
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{3872D54E-84A0-4C04-9BDB-684D01840CA6}" = Diskeeper Lite
"{3D1B20A6-E31D-4BB5-BC5C-DDD3B0D91728}" = Intel Audio Studio
"{5783F2D7-5005-0409-0002-0060B0CE6BBA}" = AutoCAD Mechanical 2007
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7CFAEC66-BA0E-4076-AAA5-2BE29153E6DF}" = Microsoft XML Parser
"{86EC42B5-346E-4BAB-948D-58E021EA4BD1}" = ATI Catalyst Control Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AEEE6D6-C95D-465A-B8D3-B7AE2FA7B8B4}" = InterVideo MediaOne
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9E78C42C-4FF9-4F41-BBC4-BF872606E79D}_is1" = Driver Robot 1.1.0.14
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B101C040-7C44-11D5-B326-0003474EAECA}" = RAISE Software
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBD187B5-1AE1-4CA7-BF83-7AD9DFF56EAF}" = Autodesk Vault 5 for Microsoft Office
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CDB1F1FE-C07A-454B-8B6F-3863C2B29ADC}" = Autodesk Vault 5
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D5BB0907-4BB2-46A3-AA68-0173D111058D}" = GameDrive
"{D944236D-7992-41D6-8257-930B5832F1CC}" = Creative Zen Micro
"{DE1FD294-CF2A-4936-92F4-B1B778371627}" = Intel(R) Desktop Utilities
"{E05E8183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{E9983004-1AFC-4314-B78F-5FE09913CDDD}" = Intel Audio Studio
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F7514465-E5F3-48E9-A952-327DAEF33DE6}" = InterVideo Home Theater
"{F89FD8CD-FC96-4F75-8376-3C3C292907D5}" = Intel Special Offers
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AutoCAD R14.0 Uninstall" = AutoCAD R14.0
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"AVG8Uninstall" = AVG Free 8.0
"Creative Jukebox Driver" = Creative Jukebox Driver
"FreeZip" = FreeZip
"Google Desktop" = Google Desktop Search
"GTCO" = GTCO CalComp Tablet Driver
"inPHorm Hose and Fittings" = inPHorm Hose and Fittings
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{DE1FD294-CF2A-4936-92F4-B1B778371627}" = Intel(R) Desktop Utilities
"jZip" = jZip
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Mechanical programs (Framework)_is1" = Mechanical programs (incl. Framework)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"PDF reDirect" = PDF reDirect (remove only)
"PROSet" = Intel(R) PRO Network Connections Drivers
"RestoreIT!" = RestoreIT
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/10/2010 2:52:35 PM | Computer Name = WSENG10 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 3/10/2010 2:53:02 PM | Computer Name = WSENG10 | Source = UserInit | ID = 1000
Description = Could not execute the following script \\Psi_server\SYSVOL\DST2007Update_Win2k.cmd.
The network location cannot be reached. For information about network troubleshooting,
see Windows Help. .

Error - 3/10/2010 2:53:10 PM | Computer Name = WSENG10 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 3/10/2010 2:53:35 PM | Computer Name = WSENG10 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 3/10/2010 3:02:41 PM | Computer Name = WSENG10 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 3/10/2010 3:04:30 PM | Computer Name = WSENG10 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 3/10/2010 3:06:21 PM | Computer Name = WSENG10 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 3/10/2010 3:06:50 PM | Computer Name = WSENG10 | Source = UserInit | ID = 1000
Description = Could not execute the following script \\Psi_server\SYSVOL\DST2007Update_Win2k.cmd.
The network location cannot be reached. For information about network troubleshooting,
see Windows Help. .

Error - 3/10/2010 3:07:21 PM | Computer Name = WSENG10 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 3/10/2010 3:10:13 PM | Computer Name = WSENG10 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

[ System Events ]
Error - 3/10/2010 2:52:37 PM | Computer Name = WSENG10 | Source = W2gtuf | ID = 1
Description =

Error - 3/10/2010 2:52:54 PM | Computer Name = WSENG10 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000010'
while processing the file 'FOUND.000' on the volume 'Exdisk'. It has stopped monitoring
the volume.

Error - 3/10/2010 3:02:41 PM | Computer Name = WSENG10 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain PSI due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 3/10/2010 3:02:42 PM | Computer Name = WSENG10 | Source = W2gtuf | ID = 1
Description =

Error - 3/10/2010 3:03:01 PM | Computer Name = WSENG10 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000010'
while processing the file 'FOUND.000' on the volume 'Exdisk'. It has stopped monitoring
the volume.

Error - 3/10/2010 3:04:30 PM | Computer Name = WSENG10 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain PSI due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 3/10/2010 3:04:32 PM | Computer Name = WSENG10 | Source = W2gtuf | ID = 1
Description =

Error - 3/10/2010 3:06:21 PM | Computer Name = WSENG10 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain PSI due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 3/10/2010 3:06:23 PM | Computer Name = WSENG10 | Source = W2gtuf | ID = 1
Description =

Error - 3/10/2010 3:06:41 PM | Computer Name = WSENG10 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000010'
while processing the file 'FOUND.000' on the volume 'Exdisk'. It has stopped monitoring
the volume.


< End of report >

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

DragonMaster Jay wrote:

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Combofix gets stuck on deleting the file C:\Windows\System32\HookApi.dll. :-(

Is there another path I can take?

EDIT: Nevermind, it just took 3-4 hours. Here's the log! :-)

(Unable to disable or uninstall AVG, and not connected to internet for recovery console dl because connect through network and can't risk contaminating it. Scan was done in safe mode.)

ComboFix 10-03-10.08 - Administrator 03/11/2010 10:47:39.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.749 [GMT -6:00]
Running from: F:\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\HookApi.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-11 to 2010-03-11 )))))))))))))))))))))))))))))))
.

2010-03-10 19:40 . 2010-03-10 19:40 -------- d-----w- c:\documents and settings\dschmucker\Application Data\Malwarebytes
2010-03-10 19:36 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-10 19:36 . 2010-03-10 19:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-10 19:36 . 2010-03-10 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-10 19:36 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 17:58 . 2010-03-10 17:58 -------- d-----w- c:\documents and settings\dschmucker\Application Data\Blitware
2010-03-10 17:57 . 2010-03-10 17:58 -------- d-----w- c:\windows\system32\dontcopy
2010-03-10 17:57 . 2010-03-10 17:57 -------- d-----w- c:\program files\Driver Robot
2010-03-10 17:07 . 2010-03-10 17:07 -------- d-----w- c:\documents and settings\dschmucker\Application Data\AVG8
2010-03-10 15:36 . 2010-03-10 15:36 -------- d-----w- c:\documents and settings\dschmucker\Local Settings\Application Data\vieqig
2010-02-26 16:11 . 2010-02-26 16:11 -------- d-----w- c:\documents and settings\dschmucker\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-11 16:41 . 2008-05-23 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-03-11 16:37 . 2010-03-11 16:37 99048 ----a-w- c:\documents and settings\Administrator.WSENG10\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-11 16:33 . 2009-12-23 21:02 -------- d-----w- c:\documents and settings\dschmucker\Application Data\uTorrent
2010-03-10 17:40 . 2006-11-14 22:30 -------- d-----w- c:\program files\AutoCAD R14
2010-02-10 15:42 . 2009-09-29 19:33 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-04 19:52 . 2010-02-04 19:52 -------- d-----w- c:\program files\Wolsink
2010-02-01 19:04 . 2007-11-06 22:43 -------- d-----w- c:\program files\Google
2010-01-05 16:27 . 2010-01-05 16:27 152576 ----a-w- c:\documents and settings\dschmucker\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-05 16:27 . 2010-01-05 16:27 79488 ----a-w- c:\documents and settings\dschmucker\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2006-11-14 19:56 . 2006-11-14 19:56 56 ----a-w- c:\program files\Common Files\appop.log
2005-03-03 15:10 . 2006-11-14 19:53 16896 ----a-w- c:\program files\Common Files\so_icon_lib.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RestoreIT!"="c:\program files\FarStone\RestoreIT\RestoreIT_XP\VBPTASK.EXE" [2005-04-29 122880]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2005-04-09 7081984]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-01 1947928]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-20 286720]
"CalCompUtil"="ccwtup32.exe" [2003-06-19 57344]
"GTCO.wtxpload"="c:\windows\GTCO\wtxpload.exe" [2003-06-19 45056]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"tymgaadx"="c:\documents and settings\dschmucker\Local Settings\Application Data\vieqig\gdtusftav.exe" [2010-03-10 269056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-23 11000]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-01 13:40 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2003-10-31 17:01 8704 ----a-w- c:\windows\system32\PCANotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 ivicd;Ivi CDVD Filter Driver;c:\windows\system32\drivers\ivicd.sys [11/14/2006 1:55 PM 38784]
R0 RITFSD;RITFSD;c:\windows\system32\drivers\RITFSD.sys [11/14/2006 2:00 PM 33249]
R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VVBackd5.sys [11/14/2006 2:00 PM 183987]
R3 iviudf;iviudf;c:\windows\system32\drivers\IviUdf.sys [11/14/2006 1:55 PM 116224]
R3 W2gtuf;W2gtuf;c:\windows\system32\drivers\w2gtuf.sys [7/23/2008 8:29 AM 30720]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/23/2008 9:58 AM 325896]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/9/2009 4:27 PM 298776]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 1:04 PM 135664]
S2 Rcfilter;Rcfilter;c:\windows\system32\drivers\Rcfilter.sys [11/14/2006 2:00 PM 31872]
S3 exdisk;Express Disk Service;c:\windows\system32\drivers\exdisk.sys [11/14/2006 2:00 PM 14074]

--- Other Services/Drivers In Memory ---

*Deregistered* - udffsrec
.
Contents of the 'Scheduled Tasks' folder

2010-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 19:04]

2010-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 19:04]
.
.
------- Supplementary Scan -------
.
TCP: {6920ADD4-1C90-48BA-ACDE-3A286EA28ECE} = 192.168.2.40,4.2.2.2
DPF: {1A1F0774-EDE6-4255-A411-B2A730D6A6DD} - hxxp://raiseinstall.rockwellautomation.com/np1-dvd/setup.exe
DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - hxxp://server2/ProjectServer/objects/pjclient.cab
DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} - hxxp://server2/ProjectServer/objects/1033/pjcintl.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-11 12:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(232)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-03-11 12:49:23
ComboFix-quarantined-files.txt 2010-03-11 18:49

Pre-Run: 23,534,837,760 bytes free
Post-Run: 37,821,403,136 bytes free

- - End Of File - - 40C484BAA99901BC3B38F954FAB1A6B4

Anyone?

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.