Sadly not everything went as expected, here are the results.
I was not able to upload c:\windows\system32\drivers\anp61.sys as access is denied, nor was I able to scan it manually with AVG. However a minute later AVG reported on its own the file is infected. I have saved all recent AVG resident shield detections in an exported csv file and attached it here for you to review. Virus list.csv which I had to zip to allow the forum to upload.
I also converted that csv file to unicode txt, and here is the cut and paste
Resident Shield detection
"Infection;""Object"";""Result"";""Detection time"";""Object Type"";""Process"""
"Trojan horse Generic10.BEPH;""C:\System Volume Information\_restore{C6E6E49E-395E-411E-B604-75F03AE2B6AD}\RP606\A0083083.sys"";""Moved to Virus Vault"";""7/28/2008, 6:28:52 PM"";""file"";""C:\WINDOWS\System32\svchost.exe"""
"Trojan horse Generic10.BEPH;""C:\windows\system32\drivers\anp61.sys"";""Infected"";""7/28/2008, 8:05:15 PM"";""file"";""C:\DOCUME~1\Owner\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe"""
"Trojan horse SpamBot.G;""C:\System Volume Information\_restore{C6E6E49E-395E-411E-B604-75F03AE2B6AD}\RP609\A0083746.sys"";""Infected"";""7/29/2008, 12:37:18 AM"";""file"";""C:\WINDOWS\System32\svchost.exe"""
"Trojan horse SpamBot.G;""C:\WINDOWS\System32\drivers\tcpsr.sys"";""Moved to Virus Vault"";""7/29/2008, 12:39:02 AM"";""file"";""System"""
"Trojan horse SpamBot.G;""C:\System Volume Information\_restore{C6E6E49E-395E-411E-B604-75F03AE2B6AD}\RP609\A0083746.sys"";""Moved to Virus Vault"";""7/29/2008, 1:14:25 AM"";""file"";""C:\WINDOWS\System32\svchost.exe"""
"Trojan horse SpamBot.G;""C:\System Volume Information\_restore{C6E6E49E-395E-411E-B604-75F03AE2B6AD}\RP609\A0083746.sys"";""Infected"";""7/29/2008, 2:13:20 AM"";""file"";""C:\WINDOWS\System32\svchost.exe"""
"Trojan horse SpamBot.G;""C:\System Volume Information\_restore{C6E6E49E-395E-411E-B604-75F03AE2B6AD}\RP609\A0083746.sys"";""Infected"";""7/29/2008, 3:13:20 AM"";""file"";""C:\WINDOWS\System32\svchost.exe"""
"Trojan horse SpamBot.G;""C:\System Volume Information\_restore{C6E6E49E-395E-411E-B604-75F03AE2B6AD}\RP609\A0083746.sys"";""Infected"";""7/29/2008, 4:13:20 AM"";""file"";""C:\WINDOWS\System32\svchost.exe"""
"Trojan horse SpamBot.G;""C:\System Volume Information\_restore{C6E6E49E-395E-411E-B604-75F03AE2B6AD}\RP609\A0083746.sys"";""Infected"";""7/29/2008, 5:13:20 AM"";""file"";""C:\WINDOWS\System32\svchost.exe"""
"Trojan horse SpamBot.G;""C:\System Volume Information\_restore{C6E6E49E-395E-411E-B604-75F03AE2B6AD}\RP609\A0083746.sys"";""Infected"";""7/29/2008, 6:13:20 AM"";""file"";""C:\WINDOWS\System32\svchost.exe"""
"Trojan horse SpamBot.G;""C:\System Volume Information\_restore{C6E6E49E-395E-411E-B604-75F03AE2B6AD}\RP609\A0083746.sys"";""Infected"";""7/29/2008, 7:13:20 AM"";""file"";""C:\WINDOWS\System32\svchost.exe"""
"Trojan horse Generic10.BEPH;""C:\windows\system32\drivers\anp61.sys"";""Moved to Virus Vault"";""7/29/2008, 8:15:10 AM"";""file"";""C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"""
I was not able to copy this file to another location for scanning for the same reason.
As for C:\WINDOWS\system32\drivers\nqnwskpk.sys, here is the virscan.org results
VirSCAN.org Scanned Report :
Scanned time : 2008/07/29 07:08:10 (CDT)
Scanner results: All Scanners reported not find malware!
File Name : nqnwskpk.sys
File Size : 61440 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : 589312a3b46721c5a751e4d5222a89be
SHA1 : 3a497d3968a4f6e3c648d196da38e5f98e75ec30
Online report :
http://virscan.org/r...cee43dab85.htmlScanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 3.5.0.22 2008.07.28 2008-07-28 2.39 -
AhnLab V3 2008.07.29.02 2008.07.29 2008-07-29 0.90 -
AntiVir 7.8.1.12 7.0.5.185 2008-07-29 2.14 -
Arcavir 1.0.5 200807281039 2008-07-28 1.24 -
AVAST! 3.0.1 080728-0 2008-07-28 0.66 -
AVG 7.5.51.442 270.5.6/1579 2008-07-29 1.50 -
BitDefender 7.60825.1408879 7.20246 2008-07-29 2.64 -
CA (VET) 9.0.0.143 31.6.5992 2008-07-29 1.18 -
ClamAV 0.93.3 7876 2008-07-29 0.01 -
Comodo 2.11 2.0.0.600 2008-07-29 0.42 -
CP Secure 1.1.0.715 2008.07.29 2008-07-29 5.59 -
Dr.Web 4.44.0.9170 2008.07.29 2008-07-29 3.05 -
ewido 4.0.0.2 2008.07.29 2008-07-29 2.35 -
F-Prot 4.4.4.56 20080728 2008-07-28 0.97 -
F-Secure 5.51.6100 2008.07.29.02 2008-07-29 2.82 -
Fortinet 2.81-3.11 9.362 2008-07-29 1.63 -
ViRobot 20080728 2008.07.28 2008-07-28 0.41 -
Ikarus T3.1.01.34 2008.07.29.71180 2008-07-29 3.02 -
JiangMin 11.0.706 2008.07.29 2008-07-29 1.15 -
Kaspersky 5.5.10 2008.07.29 2008-07-29 0.03 -
KingSoft 2008.1.14.15 2008.7.29.17 2008-07-29 0.74 -
McAfee 5.2.00 5348 2008-07-28 2.21 -
Microsoft 1.3806 2008.07.29 2008-07-29 4.57 -
mks_vir 2.01 2008.07.28 2008-07-28 2.60 -
Norman 5.93.01 5.93.00 2008-07-28 4.73 -
Panda 9.05.01 2008.07.28 2008-07-28 2.33 -
Trend Micro 8.700-1004 5.440.03 2008-07-29 0.03 -
Quick Heal 9.50 2008.07.28 2008-07-28 1.60 -
Rising 20.0 20.55.12.00 2008-07-29 0.76 -
Sophos 2.75.4 4.31 2008-07-29 1.91 -
Sunbelt 3.1.1536.1 2166 2008-07-25 0.43 -
Symantec 1.3.0.24 20080728.003 2008-07-28 0.36 -
nProtect 2008-07-29.00 1727206 2008-07-29 6.19 -
The Hacker 6.2.96 v00389 2008-07-24 0.40 -
VBA32 3.12.8.1 20080728.0803 2008-07-28 1.12 -
VirusBuster 4.5.11.10 10.82.25/596881 2008-07-28 0.80 -
Follow the OTMoveit2 procedure crashed the program and windows explorer. It produced a partial log, not in the folder which was created but empty, but within OTMoveit2 itself. I transcribed that partial log into a txt file but had to reboot the computer using the task manager to make things useable, even after stopping OTMoveit2.
Here is that partial OTMovie2 log as it displayed while frozen.
explorer killed successfully
tcpsr service deleted successfully
file/folder c:\windows\system32\drivers\tcpsr.sys not found
< karina.dat /s >
I did the fresh DSS scan, it produced only one log this time, Main.txt, here is the result, and I did do it from the desktop as asked.
Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-29 08:32:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-29 08:32:48
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\TOSHIBA e-STUDIO Client\TOSHIBA e-BRIDGE Viewer\eBVServ.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Ofps.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Icons\SetIcon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSHIBA e-STUDIO Client\TOSHIBA e-BRIDGE Viewer\e-BRIDGE Viewer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com/ieR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ieR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.comR1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ieR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://www.google.com/search?q=%sR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com/ieR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.comR1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.comR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Seticon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EBViewer] C:\Program Files\TOSHIBA\TOSHIBA e-STUDIO Client\TOSHIBA e-BRIDGE Viewer\e-BRIDGE Viewer.exe /q
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://download.micr...heckControl.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1217267463312O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1217267453281O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) -
https://www.topprodu...ads/arview2.cabO16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () -
http://fpdownload.ma...t/ultrashim.cabO16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://delivery1.cor...sCamControl.cabO16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) -
http://support.f-sec...m/ols/fscax.cabO16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) -
http://office.micros...ntent/opuc4.cabO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
https://lwolf.webex....ort/ieatgpc.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: karina.dat?r???r?Rk??????????????????,avgrsstx.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: eBVServ - Unknown owner - C:\Program Files\TOSHIBA\TOSHIBA e-STUDIO Client\TOSHIBA e-BRIDGE Viewer\eBVServ.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OmniForm Printer - ScanSoft, Inc. - C:\WINDOWS\system32\Ofps.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 12545 bytes
-- Files created between 2008-06-29 and 2008-07-29 -----------------------------
2008-07-28 22:05:35 1282 --a------ C:\backup.reg
2008-07-28 22:05:34 61440 --a------ C:\WINDOWS\system32\drivers\nqnwskpk.sys
2008-07-28 19:48:03 0 d-------- C:\fsaua.data
2008-07-28 17:36:46 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-07-28 17:35:06 0 d-------- C:\Program Files\CCleaner
2008-07-28 17:29:29 0 d--h----- C:\$AVG8.VAULT$
2008-07-28 17:25:49 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-28 17:25:44 0 d-------- C:\Program Files\AVG
2008-07-28 17:25:44 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-28 14:18:47 0 d-------- C:\WINDOWS\Prefetch
2008-07-28 14:11:52 0 d-------- C:\WINDOWS\system32\scripting
2008-07-28 14:11:52 0 d-------- C:\WINDOWS\l2schemas
2008-07-28 14:11:51 0 d-------- C:\WINDOWS\system32\en
2008-07-28 14:11:51 0 d-------- C:\WINDOWS\system32\bits
2008-07-28 14:10:30 0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-28 14:06:02 0 d-------- C:\WINDOWS\EHome
2008-07-28 13:02:38 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-28 13:02:35 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-28 13:02:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-27 07:40:29 0 d-------- C:\Documents and Settings\All Users\Local Settings
2008-07-14 17:19:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-07-08 10:01:57 0 d-------- C:\Documents and Settings\All Users\Application Data\MySpell
2008-07-08 10:01:50 683825 --a------ C:\WINDOWS\unins000.exe <Not Verified; ; Inno Setup>
2008-07-08 10:01:50 16944 --a------ C:\WINDOWS\unins000.dat
2008-07-08 10:01:50 354816 --a------ C:\WINDOWS\system32\sciter-wp.dll <Not Verified; Top Producer Systems Inc.; Top Producer Systems Inc. sciter-wp>
2008-07-08 10:01:50 288768 --a------ C:\WINDOWS\system32\sciter-bn.dll <Not Verified; Top Producer Systems Inc.; Top Producer Systems Inc. WYSIWYG html editing extension for the Sciter>
-- Find3M Report ---------------------------------------------------------------
2008-07-28 14:12:03 0 d-------- C:\Program Files\Messenger
2008-07-28 14:11:51 0 d-------- C:\Program Files\Movie Maker
2008-07-28 14:10:22 0 d-------- C:\Program Files\Windows NT
2008-07-27 07:40:10 0 d-------- C:\Program Files\Common Files
2008-07-26 19:38:38 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-25 09:11:32 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-14 17:19:26 0 d-------- C:\Documents and Settings\Owner\Application Data\Ahead
2008-06-14 09:33:50 0 d-------- C:\Program Files\C6 Corvette
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [04/29/2006 09:21 AM]
"SigmatelSysTrayApp"="sttray.exe" []
"Seticon"="C:\Program Files\Icons\Seticon.exe" [10/04/2002 11:39 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/07/2005 11:57 PM]
"nwiz"="nwiz.exe" [12/09/2005 03:06 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/09/2005 03:06 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/09/2005 03:06 PM]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe" [03/28/2005 04:45 AM]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [07/19/2006 01:03 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [04/13/2006 12:09 PM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [07/19/2006 01:03 PM C:\WINDOWS\KHALMNPR.Exe]
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [08/02/2006 06:17 PM]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [09/28/2006 03:21 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/25/2006 09:03 AM]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [01/11/2007 01:01 PM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [01/11/2007 12:58 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 03:40 PM]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [11/10/2006 04:19 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/28/2008 05:25 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]
"EBViewer"="C:\Program Files\TOSHIBA\TOSHIBA e-STUDIO Client\TOSHIBA e-BRIDGE Viewer\e-BRIDGE Viewer.exe" [05/16/2006 10:35 AM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [1/29/2007 11:50:34 AM]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [12/17/2002 6:23:32 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=karina.dat?r???r?Rk??????????????????,avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Anp61.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a05d35e-871c-11dc-a640-001676e51808}]
AutoRun\command- J:\LaunchU3.exe -a
-- End of Deckard's System Scanner: finished at 2008-07-29 08:33:04 ------------
I hope you do not mind the inclusion of the additional information but it did spring up as I was working so I felt it was helpful, especially given the contents.