[Fisholio]

I was instructed by wannabe1 to post my logs. I have been having problems for the past week. Firefox has been shutting down, Skype has been shutting down, every time I try to update any virus software it shuts down. So here are my logs and I will wait patiently for a willing expert to assist me. I have run all the software recommended by the forums and the rooter program will not work.





OTListIt logfile created on: 4/1/2009 09:27:18 Fritz night - Run 2
OTListIt2 by OldTimer - Version 2.0.8.0 Folder = C:\Documents and Settings\Ron Fitzgerald\Desktop\Fitz Shiz
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.48 Mb Total Physical Memory | 265.69 Mb Available Physical Memory | 34.62% Memory free
1.27 Gb Paging File | 0.89 Gb Available in Paging File | 70.03% Paging File free
Paging file location(s): C:\pagefile.sys 574 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.81 Gb Total Space | 14.97 Gb Free Space | 44.28% Space Free | Partition Type: NTFS
Drive D: | 3.44 Gb Total Space | 0.69 Gb Free Space | 20.06% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MINE-6JD83E3DUQ
Current User Name: Ron Fitzgerald
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Documents and Settings\Ron Fitzgerald\Desktop\Fitz Shiz\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AdobeActiveFileMonitor6.0 [Auto | Running]) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Belkin 54Mbps Wireless USB [Disabled | Stopped]) -- C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe ()
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FreeAgentGoNext Service [Auto | Running]) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Disabled | Stopped]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (Nero BackItUp Scheduler 3 [Auto | Running]) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NMIndexingService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [Disabled | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc [Disabled | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Disabled | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AnyDVD [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (BANTExt [System | Running]) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (ElbyCDIO [System | Running]) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ElbyDelay [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (GTNDIS5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\GTNDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ltmodem5 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys (LT)
DRV - (MDC8021X [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (pcouffin [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (PRISM_A02 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\PRISMAXP.sys (GlobespanVirata, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (usbbus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lgusbbus.sys (LG Electronics Inc.)
DRV - (UsbDiag [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys (LG Electronics Inc.)
DRV - (VIAudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\vinyl97.sys (VIA Technologies, Inc.)
DRV - (vmfilter303 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\vmfilter303.sys (Vimicro Corporation)
DRV - (ZSMC303 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbVM303.sys (Vimicro Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.tracnet24.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.defaulturl: "http://search.babylo...=browsersearch"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.startup.homepage: "http://us.mg1.mail.y...=bo5vs6jt8lota"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.4
FF - prefs.js..extensions.enabledItems: [email protected]:2.6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:1.5.47.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/31 22:22:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/30 23:37:23 | 00,000,000 | ---D | M]

[2008/08/29 00:03:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ron Fitzgerald\Application Data\mozilla\Extensions
[2008/08/29 00:03:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ron Fitzgerald\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/01 13:16:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ron Fitzgerald\Application Data\mozilla\Firefox\Profiles\e8mq8vnr.default\extensions
[2007/11/13 17:53:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ron Fitzgerald\Application Data\mozilla\Firefox\Profiles\e8mq8vnr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/02/20 02:58:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ron Fitzgerald\Application Data\mozilla\Firefox\Profiles\e8mq8vnr.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/03/05 00:48:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ron Fitzgerald\Application Data\mozilla\Firefox\Profiles\e8mq8vnr.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2009/03/30 17:08:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ron Fitzgerald\Application Data\mozilla\Firefox\Profiles\e8mq8vnr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2008/12/17 17:04:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ron Fitzgerald\Application Data\mozilla\Firefox\Profiles\e8mq8vnr.default\extensions\[email protected]
[2009/02/23 22:37:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ron Fitzgerald\Application Data\mozilla\Firefox\Profiles\e8mq8vnr.default\extensions\[email protected]
[2007/09/18 22:08:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ron Fitzgerald\Application Data\mozilla\Firefox\Profiles\e8mq8vnr.default\extensions\[email protected]
[2008/12/12 14:23:54 | 00,002,158 | ---- | M] () -- C:\Documents and Settings\Ron Fitzgerald\Application Data\Mozilla\FireFox\Profiles\e8mq8vnr.default\searchplugins\MySpace.xml
[2009/03/31 23:18:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/05/25 17:04:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/03/28 21:39:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/03 22:18:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/28 21:39:17 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/28 21:39:17 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/09/24 18:35:33 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/24 18:35:33 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/05 00:48:06 | 00,002,194 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2008/09/24 18:35:33 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/14 00:02:26 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/24 18:35:33 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/24 18:35:33 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/24 18:35:33 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (GrandBar IE Helper) - {84BA8988-33E1-4c89-A150-BF428E8D3213} - C:\Program Files\GrandPack\GrandPack2.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) File not found
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKCU..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Ron Fitzgerald\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O4 - Startup: C:\Documents and Settings\Ron Fitzgerald\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Popup Blocker - Add to Black List - C:\Program Files\iolo\Common\Lib\AddToPSBlackList.htm
O8 - Extra context menu item: Popup Blocker - Add to White List - C:\Program Files\iolo\Common\Lib\AddToPSWhiteList.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: ([]msn in My Computer)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akama...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...a/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files\The Count Of Monte Cristo\Images\stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} http://inst.c-wss.co...ll/gtdownlr.cab (Automatic Driver Installation Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by123fd.bay12...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files\G.H.O.S.T. Hunters\Images\armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (karna.dat) - File not found
O20 - AppInit_DLLs: (mmdymo.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\acpiz: DllName - acpiz.dll - File not found
O24 - Desktop Components:0 (Privacy Protection) -
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - ( digeste.dll) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - C:\AUTOEXEC.VBE () - [ NTFS ]
O32 - Autorun File - D:\AUTOEXEC.BAT () - [ FAT32 ]
O32 - Autorun File - D:\Autorun.inf () - [ FAT32 ]
O32 - Autorun File - D:\AUTORUN.FCB () - [ FAT32 ]
O33 - MountPoints2\{5bed3dc8-f07d-11dc-b49e-0030bdaeedc0}\Shell\AutoRun\command - "" = G:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\{5bed3dc8-f07d-11dc-b49e-0030bdaeedc0}\Shell\Flip Video for PC\command - "" = G:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\{5bed3dca-f07d-11dc-b49e-0030bdaeedc0}\Shell\AutoRun\command - "" = J:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\{5bed3dca-f07d-11dc-b49e-0030bdaeedc0}\Shell\Flip Video for PC\command - "" = J:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\{5db03b8e-b508-11dc-b411-d69352871156}\Shell\AutoRun\command - "" = G:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\{5db03b8e-b508-11dc-b411-d69352871156}\Shell\Flip Video for PC\command - "" = G:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\{b778f9c5-de8c-11dc-b46f-0030bdaeedc0}\Shell\AutoRun\command - "" = G:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\{b778f9c5-de8c-11dc-b46f-0030bdaeedc0}\Shell\Flip Video for PC\command - "" = G:\system\viewer\FlipVideoforPC.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/04/01 00:03:32 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/31 23:14:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\CMMGR32.EXE
[2009/03/31 23:08:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/03/31 23:08:22 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/31 23:08:20 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/03/31 23:08:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ron Fitzgerald\Application Data\SUPERAntiSpyware.com
[2009/03/31 23:07:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/03/31 22:27:57 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Ron Fitzgerald\Desktop\HijackThis.lnk
[2009/03/30 23:33:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2009/03/30 22:42:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/03/24 17:07:28 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/03/24 17:07:28 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/03/23 17:51:54 | 00,001,863 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Seagate Manager.lnk
[2009/03/19 00:24:44 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\Ron Fitzgerald\Desktop\CD Burner.lnk
[2009/03/19 00:16:09 | 00,000,337 | ---- | C] () -- C:\Documents and Settings\Ron Fitzgerald\Desktop\Free Agent Drive (K).lnk
[2009/03/06 17:48:05 | 00,000,035 | ---- | C] () -- C:\WINDOWS\Blink.ini

========== Files - Modified Within 30 Days ==========

[11 C:\WINDOWS\System32\*.tmp files]
[14 C:\WINDOWS\*.tmp files]
[2009/04/01 18:00:00 | 00,000,312 | ---- | M] () -- C:\WINDOWS\tasks\lyamhnpw.job
[2009/04/01 17:04:44 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/01 17:04:00 | 00,017,145 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/01 17:03:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/01 17:03:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/01 00:06:52 | 00,119,296 | ---- | M] () -- C:\Documents and Settings\Ron Fitzgerald\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/01 00:00:43 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/31 23:47:14 | 00,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/31 23:14:04 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\CMMGR32.EXE
[2009/03/31 23:08:22 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/31 22:27:57 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Ron Fitzgerald\Desktop\HijackThis.lnk
[2009/03/31 22:07:28 | 00,000,182 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/31 21:49:35 | 00,000,906 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/31 21:49:35 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/31 21:49:35 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/03/30 20:02:18 | 00,000,667 | ---- | M] () -- C:\Documents and Settings\Ron Fitzgerald\Application Data\vso_ts_preview.xml
[2009/03/29 18:05:17 | 00,000,337 | ---- | M] () -- C:\Documents and Settings\Ron Fitzgerald\Desktop\Free Agent Drive (K).lnk
[2009/03/27 01:16:33 | 00,000,046 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2009/03/27 00:58:05 | 00,001,632 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/03/26 22:48:35 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/25 17:55:12 | 00,520,704 | -HS- | M] () -- C:\WINDOWS\Thumbs.db
[2009/03/24 17:07:28 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/03/23 17:51:54 | 00,001,863 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Seagate Manager.lnk
[2009/03/19 00:24:44 | 00,000,129 | ---- | M] () -- C:\Documents and Settings\Ron Fitzgerald\Desktop\CD Burner.lnk
[2009/03/09 17:26:53 | 00,458,340 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/09 17:26:53 | 00,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/09 17:26:53 | 00,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/06 17:48:05 | 00,000,035 | ---- | M] () -- C:\WINDOWS\Blink.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\WINDOWS:5E0D2877D3BDDE45
< End of report >


And the Extras Log



OTListIt Extras logfile created on: 4/1/2009 12:02:18 Fritz day - Run 1
OTListIt2 by OldTimer - Version 2.0.8.0 Folder = C:\Documents and Settings\Ron Fitzgerald\Desktop\Fitz Shiz
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.48 Mb Total Physical Memory | 222.24 Mb Available Physical Memory | 28.96% Memory free
1.27 Gb Paging File | 0.93 Gb Available in Paging File | 73.40% Paging File free
Paging file location(s): C:\pagefile.sys 574 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.81 Gb Total Space | 14.95 Gb Free Space | 44.23% Space Free | Partition Type: NTFS
Drive D: | 3.44 Gb Total Space | 0.69 Gb Free Space | 20.06% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MINE-6JD83E3DUQ
Current User Name: Ron Fitzgerald
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"8000:UDP" = 8000:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8001:UDP" = 8001:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8002:UDP" = 8002:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8003:UDP" = 8003:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8004:UDP" = 8004:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8005:UDP" = 8005:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8006:UDP" = 8006:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8007:UDP" = 8007:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8008:UDP" = 8008:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8009:UDP" = 8009:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"5060:UDP" = 5060:UDP:*:Enabled:Express Talk Sip Incoming Calls (UDP)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire File not found
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)
C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer (Microsoft Corporation)
C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer (Microsoft Corporation)
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader File not found
C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:DNA File not found
C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent (BitTorrent, Inc.)
C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa File not found
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client (Veoh Networks)
C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent File not found
C:\Program Files\DNA\btdna.exe:*:Enabled:DNA (BitTorrent, Inc.)
C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord File not found
C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome File not found
C:\Program Files\EA GAMES\American McGee's Alice\alice.exe:*:Disabled:American McGee's Alice File not found
G:\empires2.exe:*:Enabled:Age of Empires II File not found
E:\empires2.exe:*:Enabled:Age of Empires II File not found
C:\Program Files\AoE2\empires2.exe:*:Enabled:Age of Empires II File not found
C:\Program Files\AoE2\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion File not found
C:\Program Files\VoipCheapCom\VoipCheapCom.exe:*:Enabled:VoipCheapCom File not found
C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home File not found
C:\Program Files\iCall\iCall.exe:*:Enabled:iCall File not found
C:\Program Files\InnoMedia\BuddyTalk\BUDDYTALK.EXE:*:Enabled:BuddyTalk Application File not found
C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter (Nero AG)
C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service File not found
C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime (Nero AG)
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)
C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost File not found
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger ()
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)
C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary (Sun Microsystems, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{25F31730-1B6C-4E8E-A3B9-818DC0CD961D}" = Seagate Manager Installer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = MyDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.4.8.123
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1033}" = Nero 8
"{8D5D99B8-DFA2-4018-ADE9-A6B83E655C65}" =
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE3B8E96-B0AF-4871-9178-1519B58E3A93}" = USB PC Camera (Vimicro301 Neptune)
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D3F0CC05-91DF-403D-9B4B-B612CA5C10D0}" = Belkin 54Mbps Wireless USB Network Adapter
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"3ivx MPEG-4 5.0 Decoder" = 3ivx MPEG-4 5.0 Decoder (remove only)
"AC3Filter" = AC3Filter (remove only)
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"AnyDVD" = AnyDVD
"AVIcodec" = AVIcodec (remove only)
"Belarc Advisor" = Belarc Advisor 7.2
"CamStudio" = CamStudio
"CloneDVD2" = CloneDVD2
"CoffeeCup Free HTML Editor" = CoffeeCup Free HTML Editor
"CoffeeCup HTML Editor 2008" = CoffeeCup HTML Editor 2008
"DVD Flick_is1" = DVD Flick
"DVD Shrink_is1" = DVD Shrink 3.2
"FLV to AVI MPEG WMV 3GP MP4 iPod Converter_is1" = FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.2.0607
"GrandPack" = Internet Speed Monitor
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8 Beta 2
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{25F31730-1B6C-4E8E-A3B9-818DC0CD961D}" = Seagate Manager Installer
"LG USB Drivers" = LG USB Drivers
"LucasArts' Curse of Monkey Island" = LucasArts' Curse of Monkey Island
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Move Networks Player_is1" = Move Networks Player for Internet Explorer
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MySpaceIM" = MySpaceIM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Peggle Deluxe 1.0" = Peggle Deluxe 1.0
"Peggle Nights Deluxe 1.0" = Peggle Nights Deluxe 1.0
"PhotoMeister2_is1" = PhotoMeister 2
"ULTIMATER" = Microsoft Office Ultimate 2007
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"ZoomTown" = ZoomTown Software

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"QUICKMEDIACONVERTER" = Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/31/2009 10:17:34 Fritz night | Computer Name = MINE-6JD83E3DUQ | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3372, faulting module
unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 3/31/2009 10:17:47 Fritz night | Computer Name = MINE-6JD83E3DUQ | Source = Application Error | ID = 1001
Description = Fault bucket 1204584019.

Error - 3/31/2009 10:37:33 Fritz night | Computer Name = MINE-6JD83E3DUQ | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 3.8.0.180, faulting module
unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 3/31/2009 10:37:37 Fritz night | Computer Name = MINE-6JD83E3DUQ | Source = Application Error | ID = 1001
Description = Fault bucket 1205160801.

Error - 3/31/2009 10:47:08 Fritz night | Computer Name = MINE-6JD83E3DUQ | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 3.8.0.180, faulting module
unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 3/31/2009 10:47:32 Fritz night | Computer Name = MINE-6JD83E3DUQ | Source = Application Error | ID = 1001
Description = Fault bucket 1205160801.

Error - 3/31/2009 11:46:48 Fritz night | Computer Name = MINE-6JD83E3DUQ | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3372, faulting module
unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 3/31/2009 11:46:51 Fritz night | Computer Name = MINE-6JD83E3DUQ | Source = Application Error | ID = 1001
Description = Fault bucket 1204584019.

Error - 4/1/2009 12:01:12 Fritz day | Computer Name = MINE-6JD83E3DUQ | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.35.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x20021e39.

Error - 4/1/2009 12:01:20 Fritz day | Computer Name = MINE-6JD83E3DUQ | Source = Application Error | ID = 1001
Description = Fault bucket 1204755610.

[ System Events ]
Error - 3/31/2009 09:48:09 Fritz night | Computer Name = MINE-6JD83E3DUQ | Source = Service Control Manager | ID = 7034
Description = The AVG8 E-mail Scanner service terminated unexpectedly. It has done
this 3 time(s).

Error - 3/31/2009 09:48:21 Fritz night | Computer Name = MINE-6JD83E3DUQ | Source = Service Control Manager | ID = 7034
Description = The AVG8 E-mail Scanner service terminated unexpectedly. It has done
this 4 time(s).

Error - 3/31/2009 09:48:32 Fritz night | Computer Name = MINE-6JD83E3DUQ | Source = Service Control Manager | ID = 7034
Description = The AVG8 E-mail Scanner service terminated unexpectedly. It has done
this 5 time(s).

Error - 3/31/2009 09:53:26 Fritz night | Computer Name = MINE-6JD83E3DUQ | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 3/31/2009 10:03:24 Fritz night | Computer Name = MINE-6JD83E3DUQ | Source = Service Control Manager | ID = 7034
Description = The AVGIDSAgent service terminated unexpectedly. It has done this
1 time(s).

Error - 3/31/2009 10:03:33 Fritz night | Computer Name = MINE-6JD83E3DUQ | Source = Service Control Manager | ID = 7034
Description = The AVGIDSWatcher service terminated unexpectedly. It has done this
1 time(s).

Error - 3/31/2009 10:21:05 Fritz night | Computer Name = MINE-6JD83E3DUQ | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 3/31/2009 10:21:05 Fritz night | Computer Name = MINE-6JD83E3DUQ | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 3/31/2009 10:21:05 Fritz night | Computer Name = MINE-6JD83E3DUQ | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Documents and Settings\Ron
Fitzgerald\Application Data\Mozilla\Firefox\Profiles\e8mq8vnr.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFAlert.dll.
Reference
error message: The operation completed successfully. .

Error - 3/31/2009 10:24:13 Fritz night | Computer Name = MINE-6JD83E3DUQ | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep


< End of report >

[Advertisements]

Please download RSIT by random/random and save it to your Desktop.

• Double click on RSIT.exe to run RSIT
• Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.

NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>

• Open the program and click on the Rootkit tab.
• Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
• Click on Scan.
• When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.

IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. RSIT log.txt
2. RSIT info.txt
3. Attach GMER result..

[fenzodahl512]

Please download RSIT by random/random and save it to your Desktop.

• Double click on RSIT.exe to run RSIT
• Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.

NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>

• Open the program and click on the Rootkit tab.
• Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
• Click on Scan.
• When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.

IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. RSIT log.txt
2. RSIT info.txt
3. Attach GMER result..

[Fisholio]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Ron Fitzgerald at 2009-04-18 01:06:08
Microsoft Windows XP Professional Service Pack 3
System drive C: has 16 GB (47%) free of 35 GB
Total RAM: 767 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:06:16 Fritz day, on 4/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ron Fitzgerald\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Ron Fitzgerald.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.tracnet24.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Popup Blocker - Add to Black List - C:\Program Files\iolo\Common\Lib\AddToPSBlackList.htm
O8 - Extra context menu item: Popup Blocker - Add to White List - C:\Program Files\iolo\Common\Lib\AddToPSWhiteList.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcp...a/PCPitStop.CAB
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\The Count Of Monte Cristo\Images\stg_drm.ocx
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.co...ll/gtdownlr.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay12...es/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\G.H.O.S.T. Hunters\Images\armhelper.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: karna.dat mmdymo.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: acpiz - acpiz.dll (file missing)
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate1c9b40936b59046) (gupdate1c9b40936b59046) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 7490 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
C:\WINDOWS\tasks\lyamhnpw.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-03 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-03 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BigDog303"=C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-10-29 4620288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-03-27 24103720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe [2007-09-11 67488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AplEnCmd]
C:\WINDOWS\system32\olmfexkr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVGIDS]
C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog303]
C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe [2008-12-18 342848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\brastk]
brastk.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-10 216520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
C:\WINDOWS\Domino.EXE [2006-06-28 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
C:\WINDOWS\FixCamera.exe [2007-02-12 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fykifmvjlrlsghq]
C:\WINDOWS\System32\regsvr32.exe [2008-04-13 11776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetModule32]
C:\Program Files\GetModule\GetModule32.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetPack26]
C:\Program Files\GetPack\GetPack26.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [2008-07-17 177448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-08-08 1828136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2004-10-29 4620288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2007-12-11 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Manager Scanner]
C:\Program Files\Startup Mechanic\StartupMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-03 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-04-01 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Mechanic Popup Blocker]
C:\Program Files\iolo\System Mechanic 7\PopupBlocker.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
C:\WINDOWS\tsnp2std.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
C:\WINDOWS\VMSnap3.EXE [2006-08-30 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2002-06-21 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ron Fitzgerald^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
C:\Documents and Settings\Ron Fitzgerald\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ron Fitzgerald^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
C:\Documents and Settings\Ron Fitzgerald\Start Menu\Programs\Startup\PowerReg Scheduler.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3
"WMPNetworkSvc"=2
"ose"=3
"WLSetupSvc"=3
"LightScribeService"=2
"Belkin 54Mbps Wireless USB"=2
"AVGEMS"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat mmdymo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-04-01 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acpiz]
acpiz.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2009-04-01 77824]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\acup.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\acup.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\BitTorrent_DNA\dna.exe"="C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE"="C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome"
"C:\Program Files\EA GAMES\American McGee's Alice\alice.exe"="C:\Program Files\EA GAMES\American McGee's Alice\alice.exe:*:Disabled:American McGee's Alice"
"G:\empires2.exe"="G:\empires2.exe:*:Enabled:Age of Empires II"
"E:\empires2.exe"="E:\empires2.exe:*:Enabled:Age of Empires II"
"C:\Program Files\AoE2\empires2.exe"="C:\Program Files\AoE2\empires2.exe:*:Enabled:Age of Empires II"
"C:\Program Files\AoE2\age2_x1\age2_x1.exe"="C:\Program Files\AoE2\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\VoipCheapCom\VoipCheapCom.exe"="C:\Program Files\VoipCheapCom\VoipCheapCom.exe:*:Enabled:VoipCheapCom"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Program Files\iCall\iCall.exe"="C:\Program Files\iCall\iCall.exe:*:Enabled:iCall"
"C:\Program Files\InnoMedia\BuddyTalk\BUDDYTALK.EXE"="C:\Program Files\InnoMedia\BuddyTalk\BUDDYTALK.EXE:*:Enabled:BuddyTalk Application"
"C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
"C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE"="C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE:*:Enabled:SUPERAntiSpyware Free Edition"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45a1844e-f251-11dd-84e8-0040ca409497}]
shell\AutoRun\command - K:\.\EncryptionTool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bed3dc8-f07d-11dc-b49e-0030bdaeedc0}]
shell\AutoRun\command - G:\system\viewer\FlipVideoforPC.exe
shell\Flip Video for PC\command - G:\system\viewer\FlipVideoforPC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bed3dca-f07d-11dc-b49e-0030bdaeedc0}]
shell\AutoRun\command - K:\system\viewer\FlipVideoforPC.exe
shell\Flip Video for PC\command - K:\system\viewer\FlipVideoforPC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5db03b8e-b508-11dc-b411-d69352871156}]
shell\AutoRun\command - G:\system\viewer\FlipVideoforPC.exe
shell\Flip Video for PC\command - G:\system\viewer\FlipVideoforPC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b778f9c5-de8c-11dc-b46f-0030bdaeedc0}]
shell\AutoRun\command - G:\system\viewer\FlipVideoforPC.exe
shell\Flip Video for PC\command - G:\system\viewer\FlipVideoforPC.exe


======File associations======

.js - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 3 months======

2009-04-18 01:06:08 ----D---- C:\rsit
2009-04-17 20:55:00 ----D---- C:\WINDOWS\LastGood
2009-04-17 02:38:40 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-17 02:36:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-17 02:33:37 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-17 02:33:26 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-16 19:47:43 ----DC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-16 17:39:47 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-15 22:38:16 ----D---- C:\a7b2243729150b654dc6d2e9ed49b77b
2009-04-15 18:45:44 ----A---- C:\Rooter.txt
2009-04-14 13:46:53 ----D---- C:\WINDOWS\ie8updates
2009-04-14 13:43:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-04-14 13:42:36 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-04-14 13:41:15 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-04-14 13:41:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-04-14 13:40:51 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-04-14 13:40:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-04-14 13:39:43 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-04-12 21:34:33 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-04-12 21:31:50 ----D---- C:\Program Files\MSBuild
2009-04-12 21:22:23 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-04-02 15:42:02 ----D---- C:\Program Files\Common Files\Skype
2009-04-01 00:03:32 ----D---- C:\Rooter$
2009-03-31 23:14:04 ----A---- C:\WINDOWS\system32\CMMGR32.EXE
2009-03-31 23:08:29 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-31 23:08:20 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-31 23:08:20 ----D---- C:\Documents and Settings\Ron Fitzgerald\Application Data\SUPERAntiSpyware.com
2009-03-31 23:07:46 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-30 23:33:40 ----D---- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
2009-03-30 22:42:12 ----D---- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2009-03-06 17:48:05 ----A---- C:\WINDOWS\Blink.ini
2009-03-03 22:18:24 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-03 22:18:24 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-03 22:18:23 ----A---- C:\WINDOWS\system32\java.exe
2009-02-20 22:39:39 ----D---- C:\Program Files\ConvertHelper
2009-02-03 20:19:10 ----D---- C:\Program Files\Seagate
2009-02-03 20:19:10 ----D---- C:\Documents and Settings\All Users\Application Data\Seagate
2009-01-28 20:57:43 ----D---- C:\Program Files\Transparent
2009-01-28 20:57:43 ----D---- C:\Documents and Settings\All Users\Application Data\Transparent

======List of files/folders modified in the last 3 months======

2009-04-18 01:03:04 ----D---- C:\Program Files\Mozilla Firefox
2009-04-18 00:30:56 ----A---- C:\WINDOWS\NeroDigital.ini
2009-04-17 22:45:12 ----D---- C:\Documents and Settings\Ron Fitzgerald\Application Data\Skype
2009-04-17 22:43:19 ----D---- C:\WINDOWS\Temp
2009-04-17 22:12:17 ----D---- C:\WINDOWS\system32
2009-04-17 20:55:19 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-17 20:55:17 ----HD---- C:\WINDOWS\inf
2009-04-17 20:55:00 ----AD---- C:\WINDOWS
2009-04-17 19:46:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-17 19:45:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-17 19:41:39 ----D---- C:\Documents and Settings\Ron Fitzgerald\Application Data\skypePM
2009-04-17 19:40:52 ----D---- C:\WINDOWS\system32\wbem
2009-04-17 19:40:52 ----D---- C:\WINDOWS\AppPatch
2009-04-17 02:38:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-17 02:38:36 ----A---- C:\WINDOWS\imsins.BAK
2009-04-17 02:38:31 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-17 02:36:02 ----D---- C:\Config.Msi
2009-04-17 02:36:01 ----SHD---- C:\WINDOWS\Installer
2009-04-17 02:35:58 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-04-17 02:34:58 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-16 21:29:49 ----RASH---- C:\boot.ini
2009-04-16 21:29:49 ----A---- C:\WINDOWS\win.ini
2009-04-16 21:29:49 ----A---- C:\WINDOWS\system.ini
2009-04-16 21:29:48 ----D---- C:\WINDOWS\pss
2009-04-16 19:55:56 ----D---- C:\WINDOWS\Prefetch
2009-04-15 22:35:46 ----D---- C:\WINDOWS\system32\en-US
2009-04-15 22:35:43 ----D---- C:\WINDOWS\Media
2009-04-15 22:35:43 ----D---- C:\WINDOWS\Help
2009-04-15 22:35:43 ----D---- C:\Program Files\Internet Explorer
2009-04-15 19:58:53 ----D---- C:\Documents and Settings\Ron Fitzgerald\Application Data\BitTorrent
2009-04-14 15:31:09 ----D---- C:\Program Files\Microsoft Silverlight
2009-04-14 13:47:58 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-04-14 13:42:37 ----D---- C:\WINDOWS\WinSxS
2009-04-14 13:41:09 ----D---- C:\WINDOWS\system32\drivers
2009-04-14 13:35:31 ----RSD---- C:\WINDOWS\assembly
2009-04-13 19:00:25 ----RD---- C:\Program Files
2009-04-12 21:30:17 ----D---- C:\WINDOWS\SHELLNEW
2009-04-12 21:28:57 ----D---- C:\Program Files\Microsoft Office
2009-04-12 21:28:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-12 21:21:29 ----D---- C:\Program Files\Common Files\System
2009-04-12 21:09:52 ----SD---- C:\Documents and Settings\Ron Fitzgerald\Application Data\Microsoft
2009-04-06 10:57:24 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-02 23:10:35 ----D---- C:\Program Files\Google
2009-04-02 23:06:43 ----SD---- C:\WINDOWS\Tasks
2009-04-02 22:03:07 ----D---- C:\Program Files\CoffeeCup Software
2009-04-02 15:42:02 ----RD---- C:\Program Files\Skype
2009-04-02 15:42:02 ----D---- C:\Program Files\Common Files
2009-04-02 15:42:02 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-04-01 00:00:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-31 23:14:04 ----D---- C:\Program Files\BELKIN USB Wireless Monitor
2009-03-31 21:49:38 ----D---- C:\Documents and Settings\Ron Fitzgerald\Application Data\DNA
2009-03-31 17:23:00 ----D---- C:\Program Files\DNA
2009-03-30 23:35:08 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-30 23:35:08 ----D---- C:\Program Files\CyberLink
2009-03-30 23:29:33 ----D---- C:\Program Files\MagicISO
2009-03-30 20:02:17 ----D---- C:\Documents and Settings\Ron Fitzgerald\Application Data\Vso
2009-03-21 10:06:58 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-06 10:22:18 ----A---- C:\WINDOWS\system32\pdh.dll
2009-03-05 01:02:34 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-03-03 22:17:27 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-03 22:16:57 ----D---- C:\Program Files\Java
2009-03-01 18:56:58 ----D---- C:\Documents and Settings\Ron Fitzgerald\Application Data\Canon
2009-02-09 08:10:49 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-02-09 08:10:48 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-02-09 08:10:48 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-02-09 08:10:48 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-02-08 21:23:28 ----RSD---- C:\WINDOWS\Fonts
2009-02-07 19:02:58 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-02-06 07:11:05 ----A---- C:\WINDOWS\system32\services.exe
2009-02-06 07:08:19 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-02-06 06:39:08 ----A---- C:\WINDOWS\system32\sc.exe
2009-02-03 20:28:29 ----D---- C:\WINDOWS\Downloaded Installations
2009-02-03 15:59:07 ----A---- C:\WINDOWS\system32\secur32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.6; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2003-11-20 15781]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-10-26 4124352]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-12-01 103360]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-15 11984]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-04 606684]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-10-29 2826944]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-11-30 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-09-27 9856]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-03-31 5888]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 acup;VPower Control Service; C:\WINDOWS\system32\acup.sys []
S3 a8bvycva;a8bvycva; C:\WINDOWS\system32\drivers\a8bvycva.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBVeo532;Veo Stingray/Connect Web Camera; C:\WINDOWS\System32\Drivers\ubVeo532.sys []
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PRISM_A02;Belkin 54Mbps Wireless USB Network Adapter; C:\WINDOWS\System32\DRIVERS\PRISMAXP.sys [2003-11-11 336800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2006-04-13 204160]
S3 vmfilter303;vmfilter303; C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-25 428160]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZSMC303;USB PC Camera (Vimicro301 Neptune); C:\WINDOWS\System32\Drivers\usbVM303.sys [2006-08-31 392058]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 FreeAgentGoNext Service;Seagate Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-07-17 161064]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-03 152984]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-10-29 127043]
S2 gupdate1c9b40936b59046;Google Update Service (gupdate1c9b40936b59046); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-02 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-18 658432]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-08-03 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Belkin 54Mbps Wireless USB;Belkin 54Mbps Wireless USB Network Service; C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe [2003-06-09 49152]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

[Fisholio]

info.txt logfile of random's system information tool 1.06 2009-04-18 01:06:20

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D5D99B8-DFA2-4018-ADE9-A6B83E655C65}\setup.exe" -l0x9 -L0x9anything
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
3ivx MPEG-4 5.0 Decoder (remove only)-->"C:\Program Files\3ivx\3ivx MPEG-4 5.0 Decoder\uninstall.exe"
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements 6.0-->msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Amazon MP3 Downloader 1.0.3-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVIcodec (remove only)-->"C:\Program Files\AVIcodec\uninst.exe"
Belarc Advisor 7.2-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Belkin 54Mbps Wireless USB Network Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3F0CC05-91DF-403D-9B4B-B612CA5C10D0}\setup.exe" -l0x9 -L0x9
CamStudio-->C:\Program Files\CamStudio\uninstall.exe
Canon CanoScan Toolbox 4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\Setup.exe" -l0x9 anything
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
CoffeeCup Free HTML Editor-->C:\PROGRA~1\COFFEE~1\COFFEE~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~1\INSTALL.LOG
CoffeeCup HTML Editor 2008-->C:\PROGRA~1\COFFEE~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\INSTALL.LOG
ConvertHelper 2.2-->"C:\Program Files\ConvertHelper\unins000.exe"
ConvertXtoDVD 3.4.8.123-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Flick-->"C:\Program Files\DVD Flick\unins000.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.2.0607-->"C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter\unins000.exe"
Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
InterVideo WinDVD 4-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
Java™ 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
LG USB Drivers-->C:\PROGRA~1\LGDRIV~1\LGUSBD~1\UNWISE.EXE C:\PROGRA~1\LGDRIV~1\LGUSBD~1\INSTALL.LOG
LucasArts' Curse of Monkey Island-->C:\WINDOWS\uninst.exe -f"C:\Program Files\LucasArts\Curse\DeIsL1.isu"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Ultimate 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ULTIMATER /dll OSETUP.DLL
Microsoft Office Ultimate 2007-->MsiExec.exe /X{91120000-002E-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Move Networks Player for Internet Explorer-->"C:\Documents and Settings\Ron Fitzgerald\Application Data\Move Networks\ie_bin\unins000.exe"
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
muvee Plugin 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82CA0A0C-A3EC-4167-B694-909205B2EDEC}\setup.exe" -l0x9
MyDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\setup.exe" -l0x9 -L0x9 /SMAINT
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
Nero 8-->MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Peggle Deluxe 1.0-->C:\Program Files\PopCap Games\Peggle Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Peggle Deluxe\Install.log"
Peggle Nights Deluxe 1.0-->C:\Program Files\PopCap Games\Peggle Nights Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Peggle Nights Deluxe\Install.log"
PhotoMeister 2-->"C:\Program Files\PhotoMeister2\unins000.exe"
PhotoNow! 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Seagate Manager Installer-->"C:\Program Files\InstallShield Installation Information\{25F31730-1B6C-4E8E-A3B9-818DC0CD961D}\setup.exe" -runfromtemp -l0x0409 -removeonly
Seagate Manager Installer-->MsiExec.exe /X{25F31730-1B6C-4E8E-A3B9-818DC0CD961D}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
USB PC Camera (Vimicro301 Neptune)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE3B8E96-B0AF-4871-9178-1519B58E3A93}\setup.exe" -l0x9
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ZoomTown Software-->C:\WINDOWS\ztuninstall.exe

=====HijackThis Backups=====

O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Ron Fitzgerald\Application Data\SpeedRunner\SpeedRunner.exe [2008-12-22]
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Ron Fitzgerald\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A [2008-12-22]

======System event log======

Computer Name: MINE-6JD83E3DUQ
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 31915
Source Name: Disk
Time Written: 20090319145633.000000-240
Event Type: warning
User:

Computer Name: MINE-6JD83E3DUQ
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 31912
Source Name: Disk
Time Written: 20090319143723.000000-240
Event Type: warning
User:

Computer Name: MINE-6JD83E3DUQ
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 31911
Source Name: Tcpip
Time Written: 20090319142509.000000-240
Event Type: warning
User:

Computer Name: MINE-6JD83E3DUQ
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 31910
Source Name: Disk
Time Written: 20090319140840.000000-240
Event Type: warning
User:

Computer Name: MINE-6JD83E3DUQ
Event Code: 59
Message: Generate Activation Context failed for C:\Documents and Settings\Ron Fitzgerald\Application Data\Mozilla\Firefox\Profiles\e8mq8vnr.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFAlert.dll.
Reference error message: The operation completed successfully.
.

Record Number: 31909
Source Name: SideBySide
Time Written: 20090319135855.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: MINE-6JD83E3DUQ
Event Code: 1024
Message: Product: Microsoft Office Professional Edition 2003 - Update 'Update for Outlook 2003: Junk E-mail Filter (KB957257): OUTLFLTR' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Record Number: 6648
Source Name: MsiInstaller
Time Written: 20081017190108.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: MINE-6JD83E3DUQ
Event Code: 10005
Message: Product: Microsoft Office Professional Edition 2003 -- Error 25090. Office Setup encountered a problem with the Office Source Engine, system error: -2147023838. Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM and look for "Office Source Engine" for information on how to resolve this problem.

Record Number: 6647
Source Name: MsiInstaller
Time Written: 20081017190107.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: MINE-6JD83E3DUQ
Event Code: 1001
Message: Fault bucket 553528827.

Record Number: 6646
Source Name: Application Hang
Time Written: 20081017180924.000000-240
Event Type: error
User:

Computer Name: MINE-6JD83E3DUQ
Event Code: 1002
Message: Hanging application msnmsgr.exe, version 8.5.1302.1018, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 6645
Source Name: Application Hang
Time Written: 20081017180904.000000-240
Event Type: error
User:

Computer Name: MINE-6JD83E3DUQ
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 6642
Source Name: usnjsvc
Time Written: 20081017180834.000000-240
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Sonic\MyDVD;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Smart Projects\IsoBuster
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip

-----------------EOF-----------------

[fenzodahl512]

waiting for GMER result

[Fisholio]

Sorry, you should have it now. I had to let it run and go to bed(work early). A few more things about my computer, it has been giving the same system noise at a random time evert time after 20 minutes of rebooting. There is a process running for far too long when I reboot and after(it seems) this process is finished, the screen will go to an old windows version for a minute then return. Also the sound has been going out, I reboot and it is fine. Could you educate me on what it is you look for in all these reports.
I appreciate all your help. I will be getting off work at 1900 EST.
Hope to hear from you soon and good luck on the tests.

Thanks,

Fitz

[fenzodahl512]

Lets wait for GMER log for me to analyze what might hidden in the computer.. I'm off to bed now

[Fisholio]

did you get the gmer? If not I can run it again.

[fenzodahl512]

did you get the gmer? If not I can run it again.

I don't see GMER report here

[Fisholio]

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-18 07:47:51
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT spha.sys ZwCreateKey [0xF764F0E0]
SSDT spha.sys ZwEnumerateKey [0xF766DCA2]
SSDT spha.sys ZwEnumerateValueKey [0xF766E030]
SSDT spha.sys ZwOpenKey [0xF764F0C0]
SSDT spha.sys ZwQueryKey [0xF766E108]
SSDT spha.sys ZwQueryValueKey [0xF766DF88]
SSDT spha.sys ZwSetValueKey [0xF766E19A]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF27EBF20]

INT 0x62 ? 83FDDBF8
INT 0x63 ? 83D39F00
INT 0x63 ? 83D39F00
INT 0x63 ? 83D39F00
INT 0x63 ? 83D39F00
INT 0x63 ? 83D39F00
INT 0x82 ? 83FDDBF8

---- Kernel code sections - GMER 1.0.15 ----

? spha.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F6BFB8AC 5 Bytes JMP 83D394E0
.text a8bvycva.SYS F675F386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a8bvycva.SYS F675F3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a8bvycva.SYS F675F3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a8bvycva.SYS F675F3C9 1 Byte [2E]
.text a8bvycva.SYS F675F3C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[344] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[344] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[344] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[344] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[344] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[344] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\winlogon.exe[556] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\winlogon.exe[556] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\winlogon.exe[556] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\winlogon.exe[556] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\winlogon.exe[556] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\winlogon.exe[556] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\lsass.exe[612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\lsass.exe[612] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\lsass.exe[612] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\lsass.exe[612] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\lsass.exe[612] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\lsass.exe[612] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\rundll32.exe[756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\rundll32.exe[756] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\rundll32.exe[756] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\rundll32.exe[756] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\rundll32.exe[756] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\rundll32.exe[756] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\svchost.exe[784] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\svchost.exe[784] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\svchost.exe[784] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\svchost.exe[784] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\svchost.exe[784] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\svchost.exe[840] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\svchost.exe[840] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\svchost.exe[840] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\svchost.exe[840] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\svchost.exe[840] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\System32\svchost.exe[916] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\System32\svchost.exe[916] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\System32\svchost.exe[916] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\System32\svchost.exe[916] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\System32\svchost.exe[916] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\System32\svchost.exe[916] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\System32\svchost.exe[968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\System32\svchost.exe[968] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\System32\svchost.exe[968] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\System32\svchost.exe[968] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\System32\svchost.exe[968] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\System32\svchost.exe[968] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\System32\svchost.exe[1164] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\System32\svchost.exe[1164] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\System32\svchost.exe[1164] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\System32\svchost.exe[1164] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\System32\svchost.exe[1164] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\System32\svchost.exe[1164] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\System32\svchost.exe[1260] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\System32\svchost.exe[1260] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\System32\svchost.exe[1260] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\System32\svchost.exe[1260] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\System32\svchost.exe[1260] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\spoolsv.exe[1488] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\spoolsv.exe[1488] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\spoolsv.exe[1488] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\spoolsv.exe[1488] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\spoolsv.exe[1488] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1712] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 1503AC40; RET
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1712] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 009E5415 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1712] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 00B7C510 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1712] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 00B7C491 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1712] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 00B7C4D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1712] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 00B7C3D9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1712] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 00B7C413 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1712] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 00B7C54B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1712] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 00B7C44D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1712] WININET.dll!HttpSendRequestA 771C7519 6 Bytes PUSH 1503A728; RET
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1712] WININET.dll!HttpSendRequestW 771DDB8E 6 Bytes PUSH 1503A448; RET
.text C:\WINDOWS\system32\ctfmon.exe[1716] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\ctfmon.exe[1716] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\ctfmon.exe[1716] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\ctfmon.exe[1716] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\ctfmon.exe[1716] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\ctfmon.exe[1716] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\Program Files\Mozilla Firefox\firefox.exe[1820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\Program Files\Mozilla Firefox\firefox.exe[1820] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\Program Files\Mozilla Firefox\firefox.exe[1820] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\Program Files\Mozilla Firefox\firefox.exe[1820] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\Program Files\Mozilla Firefox\firefox.exe[1820] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\Program Files\Mozilla Firefox\firefox.exe[1820] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\System32\svchost.exe[1924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\System32\svchost.exe[1924] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\System32\svchost.exe[1924] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\System32\svchost.exe[1924] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\System32\svchost.exe[1924] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\System32\svchost.exe[1924] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\System32\alg.exe[2424] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\System32\alg.exe[2424] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\System32\alg.exe[2424] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\System32\alg.exe[2424] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\System32\alg.exe[2424] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\System32\alg.exe[2424] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2800] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2800] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2800] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2800] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2800] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 83F712D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7680C4C] spha.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7680CA0] spha.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7650040] spha.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F765013C] spha.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F76500BE] spha.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F76507FC] spha.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F76506D2] spha.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 83D395E0
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!RtlInitUnicodeString] 2266E852
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!swprintf] 478B0000
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!KeSetEvent] 50016A40
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoGetConfigurationInformation] E8510000
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00002254
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!MmFreeMappingAddress] 6A18538B
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 868D5200
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 00001C98
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!MmUnmapIoSpace] 2242E850
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 4B8B0000
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IofCompleteRequest] 51016A18
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 1CB4968D
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IofCallDriver] E8520000
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 00002230
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoConnectInterrupt] 001CBB8E
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoDetachDevice] 30C48300
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!KeWaitForSingleObject] 1CBD8688
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!KeInitializeEvent] 80E90000
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!KeCancelTimer] C6000000
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 001CBB86
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!RtlInitAnsiString] 438B0100
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 8E8D5018
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoQueueWorkItem] 00001C90
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!MmMapIoSpace] 2202E851
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 538B0000
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoReportDetectedDevice] 52016A18
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoReportResourceForDetection] 1CAC868D
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] E8500000
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!NlsMbCodePageTag] 000021F0
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!PoRequestPowerIrp] 8A05478A
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB8E
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 18C48300
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!sprintf] 1CBD8688
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 43EB0000
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!ObfDereferenceObject] 320C538A
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 88F93BC0
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 001CBB96
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!ZwClose] F6317300
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 74070647
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 75C0841A
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 05578A0B
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 968801B0
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoCreateDevice] 00001CBD
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 57B60F66
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 533B6604
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 03087408
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!ZwOpenKey] 72F93B3F
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 8A09EBDA
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoStartTimer] 86880547
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!KeInitializeTimer] 00001CBD
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoInitializeTimer] 88084B8A
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!KeInitializeDpc] 001CBE8E
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!KeInitializeSpinLock] 40578B00
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoInitializeIrp] 8D52006A
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!ZwCreateKey] 001CC086
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 81E85000
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 8B000021
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!ZwSetValueKey] 001CB88E
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!KeInsertQueueDpc] BC968B00
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 8900001C
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoStartPacket] 001CC48E
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] C8968900
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 8B00001C
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoFreeMdl] 016A4047
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!MmUnlockPages] CCC68150
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 5600001C
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 002157E8
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!KeSynchronizeExecution] CCCCCCC3
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoStartNextPacket] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!KeBugCheckEx] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!KeSetTimer] 8BEC8B55
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!_allmul] 00C73445
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000000
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!_except_handler3] 830C458B
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!PoSetPowerState] C0840CEC
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 053C0D74
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B80974
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 8B000000
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!_aulldiv] 56C35DE5
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!strstr] 8D08758B
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!_strupr] 8D51FC4D
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!KeQuerySystemTime] 8D52FD55
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 8D51FE4D
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!KeTickCount] 8D52FF55
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 8D51F84D
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoDeleteDevice] 5052F455
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] EACAE856
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoAllocateWorkItem] C483FFFF
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoAllocateIrp] 0FC08520
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoAllocateMdl] 0001AD85
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 46B70F00
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!MmLockPagableDataSection] F44D8B48
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] C1815753
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 00002590
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!ExFreePoolWithTag] 467C8D51
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoFreeIrp] 7622E84A
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!IoFreeWorkItem] D88BFFFF
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!InitSafeBootMode] 8504C483
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!RtlCompareMemory] 5F0A75DB
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!PoCallDriver] 5B08438D
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!memmove] 5DE58B5E
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[ntoskrnl.exe!MmHighestUserAddress] 259068C3
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\a8bvycva.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 83FDC1F8
Device \FileSystem\Fastfat \FatCdrom 839E8500
Device \Driver\usbuhci \Device\USBPDO-0 83DBF1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 83F6F1F8
Device \Driver\dmio \Device\DmControl\DmConfig 83F6F1F8
Device \Driver\dmio \Device\DmControl\DmPnP 83F6F1F8
Device \Driver\dmio \Device\DmControl\DmInfo 83F6F1F8
Device \Driver\usbuhci \Device\USBPDO-1 83DBF1F8
Device \Driver\usbuhci \Device\USBPDO-2 83DBF1F8
Device \Driver\usbehci \Device\USBPDO-3 83D2A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 83FDE1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 83FDE1F8
Device \Driver\Cdrom \Device\CdRom0 83DA81F8
Device \Driver\USBSTOR \Device\00000072 83A2B500
Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\Cdrom \Device\CdRom1 83DA81F8
Device \Driver\Cdrom \Device\CdRom2 83DA81F8
Device \Driver\Cdrom \Device\CdRom3 83DA81F8
Device \Driver\Cdrom \Device\CdRom4 83DA81F8
Device \Driver\Cdrom \Device\CdRom5 83DA81F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8375B1F8
Device \Driver\PCI_PNP6456 \Device\0000004b spha.sys
Device \Driver\NetBT \Device\NetbiosSmb 8375B1F8
Device \Driver\sptd \Device\636227706 spha.sys
Device \Driver\usbuhci \Device\USBFDO-0 83DBF1F8
Device \Driver\usbuhci \Device\USBFDO-1 83DBF1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 83B9E1F8
Device \Driver\usbuhci \Device\USBFDO-2 83DBF1F8
Device \Driver\USBSTOR \Device\0000006e 83A2B500
Device \Driver\usbehci \Device\USBFDO-3 83D2A1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 83B9E1F8
Device \Driver\Ftdisk \Device\FtControl 83FDE1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{4F26B3BC-D3E0-4B16-BB16-C40665930513} 8375B1F8
Device \Driver\a8bvycva \Device\Scsi\a8bvycva1Port2Path0Target2Lun0 83D7E1F8
Device \Driver\a8bvycva \Device\Scsi\a8bvycva1 83D7E1F8
Device \Driver\a8bvycva \Device\Scsi\a8bvycva1Port2Path0Target1Lun0 83D7E1F8
Device \Driver\a8bvycva \Device\Scsi\a8bvycva1Port2Path0Target0Lun0 83D7E1F8
Device \FileSystem\Fastfat \Fat 839E8500
Device \FileSystem\Cdfs \Cdfs 839DB500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCC 0xCB 0xC8 0xD8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBA 0x15 0x67 0xB4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x69 0x5E 0xB9 0x76 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD9 0x8F 0x91 0xE4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x3C 0x68 0x64 0xA0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xA5 0x1C 0x26 0xA6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9A 0xD1 0xA0 0xF3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x03 0x73 0x84 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x63 0xCB 0xBA 0xA6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF6 0x52 0x58 0x18 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x9F 0xBB 0x71 0xD3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xA5 0x1C 0x26 0xA6 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9A 0xD1 0xA0 0xF3 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x03 0x73 0x84 0x62 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x63 0xCB 0xBA 0xA6 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF6 0x52 0x58 0x18 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x9F 0xBB 0x71 0xD3 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xA5 0x1C 0x26 0xA6 ...

---- EOF - GMER 1.0.15 ----

[Fisholio]

hope this is what you need, and hope we can get my computer fixed.

Thanks for the help so far.

[fenzodahl512]

IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..

1. Ask Toolbar
2. Lavasoft Ad-Aware
3. Spybot - Search & Destroy
4. Viewpoint (all of them..)



The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry

• Go HERE and download ERUNT
  (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
• Install ERUNT by following the prompts
  (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
• Start ERUNT
  (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
• Choose a location for the backup
  (the default location is C:\WINDOWS\ERDNT which is acceptable).
• Make sure that at least the first two check boxes are ticked
• Press OK
• Press YES to create the folder.

For detailed instruction on how to back-up registry via ERUNT, please visit HERE



NEXT


Please download the OTMoveIt3 by OldTimer

• Save it to your Desktop.
• Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
• Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)
  
  

  :processes
  explorer.exe
  
  :services
  acup.sys
  acup
  
  :files
  C:\WINDOWS\tasks\lyamhnpw.job
  C:\WINDOWS\system32\olmfexkr.exe
  C:\Program Files\GetModule
  C:\Program Files\GetPack
  C:\WINDOWS\system32\acup.sys
  
  :reg
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AplEnCmd]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\brastk]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fykifmvjlrlsghq]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetModule32]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetPack26]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
  "AppInit_DLLS"=""
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acpiz]
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\acup.sys]
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\acup.sys]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bed3dc8-f07d-11dc-b49e-0030bdaeedc0}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bed3dca-f07d-11dc-b49e-0030bdaeedc0}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5db03b8e-b508-11dc-b411-d69352871156}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b778f9c5-de8c-11dc-b46f-0030bdaeedc0}]
  
  :commands
  [purity]
  [emptytemp]
  [start explorer]
  [reboot]

• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again... Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

[Fisholio]

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service\Driver acup.sys not found.
Service\Driver acup.sys not found.
Service\Driver acup.sys not found.
Service\Driver acup deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\lyamhnpw.job moved successfully.
File/Folder C:\WINDOWS\system32\olmfexkr.exe not found.
File/Folder C:\Program Files\GetModule not found.
File/Folder C:\Program Files\GetPack not found.
File/Folder C:\WINDOWS\system32\acup.sys not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AplEnCmd\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\brastk\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fykifmvjlrlsghq\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetModule32\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetPack26\\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acpiz\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\acup.sys\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\acup.sys\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bed3dc8-f07d-11dc-b49e-0030bdaeedc0}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bed3dca-f07d-11dc-b49e-0030bdaeedc0}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5db03b8e-b508-11dc-b411-d69352871156}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b778f9c5-de8c-11dc-b46f-0030bdaeedc0}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\RONFIT~1\LOCALS~1\Temp\etilqs_5ifp064T5UcMOG1Dl0JR scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Ron Fitzgerald\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ron Fitzgerald\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7f4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Ron Fitzgerald\Local Settings\Application Data\Mozilla\Firefox\Profiles\e8mq8vnr.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ron Fitzgerald\Local Settings\Application Data\Mozilla\Firefox\Profiles\e8mq8vnr.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ron Fitzgerald\Local Settings\Application Data\Mozilla\Firefox\Profiles\e8mq8vnr.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ron Fitzgerald\Local Settings\Application Data\Mozilla\Firefox\Profiles\e8mq8vnr.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ron Fitzgerald\Local Settings\Application Data\Mozilla\Firefox\Profiles\e8mq8vnr.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ron Fitzgerald\Local Settings\Application Data\Mozilla\Firefox\Profiles\e8mq8vnr.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04202009_010006

Files moved on Reboot...
File C:\DOCUME~1\RONFIT~1\LOCALS~1\Temp\etilqs_5ifp064T5UcMOG1Dl0JR not found!
C:\Documents and Settings\Ron Fitzgerald\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_7f4.dat not found!
C:\Documents and Settings\Ron Fitzgerald\Local Settings\Application Data\Mozilla\Firefox\Profiles\e8mq8vnr.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Ron Fitzgerald\Local Settings\Application Data\Mozilla\Firefox\Profiles\e8mq8vnr.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Ron Fitzgerald\Local Settings\Application Data\Mozilla\Firefox\Profiles\e8mq8vnr.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Ron Fitzgerald\Local Settings\Application Data\Mozilla\Firefox\Profiles\e8mq8vnr.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Ron Fitzgerald\Local Settings\Application Data\Mozilla\Firefox\Profiles\e8mq8vnr.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Ron Fitzgerald\Local Settings\Application Data\Mozilla\Firefox\Profiles\e8mq8vnr.default\XUL.mfl moved successfully.

[Fisholio]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Ron Fitzgerald at 2009-04-20 01:08:17
Microsoft Windows XP Professional Service Pack 3
System drive C: has 16 GB (46%) free of 35 GB
Total RAM: 767 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:08:41 Fritz day, on 4/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ron Fitzgerald\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Ron Fitzgerald.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.tracnet24.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Popup Blocker - Add to Black List - C:\Program Files\iolo\Common\Lib\AddToPSBlackList.htm
O8 - Extra context menu item: Popup Blocker - Add to White List - C:\Program Files\iolo\Common\Lib\AddToPSWhiteList.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcp...a/PCPitStop.CAB
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\The Count Of Monte Cristo\Images\stg_drm.ocx
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.co...ll/gtdownlr.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay12...es/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\G.H.O.S.T. Hunters\Images\armhelper.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate1c9b40936b59046) (gupdate1c9b40936b59046) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 7284 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-03 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-03 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BigDog303"=C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-10-29 4620288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-03-27 24103720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe [2007-09-11 67488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVGIDS]
C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog303]
C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe [2008-12-18 342848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-10 216520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
C:\WINDOWS\Domino.EXE [2006-06-28 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
C:\WINDOWS\FixCamera.exe [2007-02-12 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [2008-07-17 177448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-08-08 1828136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2004-10-29 4620288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2007-12-11 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Manager Scanner]
C:\Program Files\Startup Mechanic\StartupMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-03 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-04-01 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Mechanic Popup Blocker]
C:\Program Files\iolo\System Mechanic 7\PopupBlocker.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
C:\WINDOWS\tsnp2std.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
C:\WINDOWS\VMSnap3.EXE [2006-08-30 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2002-06-21 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ron Fitzgerald^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
C:\Documents and Settings\Ron Fitzgerald\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ron Fitzgerald^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
C:\Documents and Settings\Ron Fitzgerald\Start Menu\Programs\Startup\PowerReg Scheduler.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3
"WMPNetworkSvc"=2
"ose"=3
"WLSetupSvc"=3
"LightScribeService"=2
"Belkin 54Mbps Wireless USB"=2
"AVGEMS"=2

C:\Documents and Settings\Ron Fitzgerald\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-04-01 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2009-04-01 77824]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\BitTorrent_DNA\dna.exe"="C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE"="C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome"
"C:\Program Files\EA GAMES\American McGee's Alice\alice.exe"="C:\Program Files\EA GAMES\American McGee's Alice\alice.exe:*:Disabled:American McGee's Alice"
"G:\empires2.exe"="G:\empires2.exe:*:Enabled:Age of Empires II"
"E:\empires2.exe"="E:\empires2.exe:*:Enabled:Age of Empires II"
"C:\Program Files\AoE2\empires2.exe"="C:\Program Files\AoE2\empires2.exe:*:Enabled:Age of Empires II"
"C:\Program Files\AoE2\age2_x1\age2_x1.exe"="C:\Program Files\AoE2\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\VoipCheapCom\VoipCheapCom.exe"="C:\Program Files\VoipCheapCom\VoipCheapCom.exe:*:Enabled:VoipCheapCom"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Program Files\iCall\iCall.exe"="C:\Program Files\iCall\iCall.exe:*:Enabled:iCall"
"C:\Program Files\InnoMedia\BuddyTalk\BUDDYTALK.EXE"="C:\Program Files\InnoMedia\BuddyTalk\BUDDYTALK.EXE:*:Enabled:BuddyTalk Application"
"C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
"C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE"="C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE:*:Enabled:SUPERAntiSpyware Free Edition"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45a1844e-f251-11dd-84e8-0040ca409497}]
shell\AutoRun\command - K:\.\EncryptionTool\MaxtorEncryption.exe


======File associations======

.js - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 3 months======

2009-04-20 01:00:06 ----D---- C:\_OTMoveIt
2009-04-20 00:58:10 ----D---- C:\WINDOWS\ERDNT
2009-04-20 00:57:33 ----D---- C:\Program Files\ERUNT
2009-04-18 07:54:29 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-18 01:06:08 ----D---- C:\rsit
2009-04-17 02:38:40 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-17 02:36:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-17 02:33:37 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-17 02:33:26 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-16 19:47:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-16 17:39:47 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-15 22:38:16 ----D---- C:\a7b2243729150b654dc6d2e9ed49b77b
2009-04-15 18:45:44 ----A---- C:\Rooter.txt
2009-04-14 13:46:53 ----D---- C:\WINDOWS\ie8updates
2009-04-14 13:43:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-04-14 13:42:36 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-04-14 13:41:15 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-04-14 13:41:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-04-14 13:40:51 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-04-14 13:40:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-04-14 13:39:43 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-04-12 21:34:33 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-04-12 21:31:50 ----D---- C:\Program Files\MSBuild
2009-04-12 21:22:23 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-04-02 15:42:02 ----D---- C:\Program Files\Common Files\Skype
2009-04-01 00:03:32 ----D---- C:\Rooter$
2009-03-31 23:14:04 ----A---- C:\WINDOWS\system32\CMMGR32.EXE
2009-03-31 23:08:29 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-31 23:08:20 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-31 23:08:20 ----D---- C:\Documents and Settings\Ron Fitzgerald\Application Data\SUPERAntiSpyware.com
2009-03-31 23:07:46 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-30 23:33:40 ----D---- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
2009-03-30 22:42:12 ----D---- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2009-03-06 17:48:05 ----A---- C:\WINDOWS\Blink.ini
2009-03-03 22:18:24 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-03 22:18:24 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-03 22:18:23 ----A---- C:\WINDOWS\system32\java.exe
2009-02-20 22:39:39 ----D---- C:\Program Files\ConvertHelper
2009-02-03 20:19:10 ----D---- C:\Program Files\Seagate
2009-02-03 20:19:10 ----D---- C:\Documents and Settings\All Users\Application Data\Seagate
2009-01-28 20:57:43 ----D---- C:\Program Files\Transparent
2009-01-28 20:57:43 ----D---- C:\Documents and Settings\All Users\Application Data\Transparent

======List of files/folders modified in the last 3 months======

2009-04-20 01:08:14 ----D---- C:\WINDOWS\Prefetch
2009-04-20 01:05:22 ----D---- C:\Program Files\Mozilla Firefox
2009-04-20 01:05:16 ----D---- C:\Documents and Settings\Ron Fitzgerald\Application Data\Skype
2009-04-20 01:05:01 ----D---- C:\Documents and Settings\Ron Fitzgerald\Application Data\skypePM
2009-04-20 01:03:40 ----D---- C:\WINDOWS\Temp
2009-04-20 01:01:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-20 01:01:39 ----D---- C:\Documents and Settings\Ron Fitzgerald\Application Data\BitTorrent
2009-04-20 01:00:07 ----SD---- C:\WINDOWS\Tasks
2009-04-20 00:58:10 ----AD---- C:\WINDOWS
2009-04-20 00:57:33 ----RD---- C:\Program Files
2009-04-19 23:20:25 ----A---- C:\WINDOWS\NeroDigital.ini
2009-04-19 21:22:45 ----D---- C:\WINDOWS\system32
2009-04-18 07:54:33 ----HD---- C:\WINDOWS\inf
2009-04-18 07:54:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-18 07:54:25 ----A---- C:\WINDOWS\imsins.BAK
2009-04-18 07:54:15 ----D---- C:\WINDOWS\system32\en-US
2009-04-18 07:54:15 ----D---- C:\Program Files\Internet Explorer
2009-04-17 20:55:19 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-17 19:45:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-17 19:40:52 ----D---- C:\WINDOWS\system32\wbem
2009-04-17 19:40:52 ----D---- C:\WINDOWS\AppPatch
2009-04-17 02:38:43 ----A---- C:\WINDOWS\iis6.BAK
2009-04-17 02:38:31 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-17 02:36:02 ----D---- C:\Config.Msi
2009-04-17 02:36:01 ----SHD---- C:\WINDOWS\Installer
2009-04-17 02:35:58 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-04-17 02:34:58 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-16 21:29:49 ----RASH---- C:\boot.ini
2009-04-16 21:29:49 ----A---- C:\WINDOWS\win.ini
2009-04-16 21:29:49 ----A---- C:\WINDOWS\system.ini
2009-04-16 21:29:48 ----D---- C:\WINDOWS\pss
2009-04-15 22:35:43 ----D---- C:\WINDOWS\Media
2009-04-15 22:35:43 ----D---- C:\WINDOWS\Help
2009-04-14 15:31:09 ----D---- C:\Program Files\Microsoft Silverlight
2009-04-14 13:47:58 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-04-14 13:42:37 ----D---- C:\WINDOWS\WinSxS
2009-04-14 13:41:09 ----D---- C:\WINDOWS\system32\drivers
2009-04-14 13:35:31 ----RSD---- C:\WINDOWS\assembly
2009-04-12 21:30:17 ----D---- C:\WINDOWS\SHELLNEW
2009-04-12 21:28:57 ----D---- C:\Program Files\Microsoft Office
2009-04-12 21:28:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-12 21:21:29 ----D---- C:\Program Files\Common Files\System
2009-04-12 21:09:52 ----SD---- C:\Documents and Settings\Ron Fitzgerald\Application Data\Microsoft
2009-04-06 10:57:24 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-02 23:10:35 ----D---- C:\Program Files\Google
2009-04-02 22:03:07 ----D---- C:\Program Files\CoffeeCup Software
2009-04-02 15:42:02 ----RD---- C:\Program Files\Skype
2009-04-02 15:42:02 ----D---- C:\Program Files\Common Files
2009-04-02 15:42:02 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-04-01 00:00:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-31 23:14:04 ----D---- C:\Program Files\BELKIN USB Wireless Monitor
2009-03-31 21:49:38 ----D---- C:\Documents and Settings\Ron Fitzgerald\Application Data\DNA
2009-03-31 17:23:00 ----D---- C:\Program Files\DNA
2009-03-30 23:35:08 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-30 23:35:08 ----D---- C:\Program Files\CyberLink
2009-03-30 23:29:33 ----D---- C:\Program Files\MagicISO
2009-03-30 20:02:17 ----D---- C:\Documents and Settings\Ron Fitzgerald\Application Data\Vso
2009-03-21 10:06:58 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-06 10:22:18 ----A---- C:\WINDOWS\system32\pdh.dll
2009-03-05 01:02:34 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-03-03 22:17:27 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-03 22:16:57 ----D---- C:\Program Files\Java
2009-03-02 20:18:25 ----A---- C:\WINDOWS\system32\wininet.dll
2009-03-01 18:56:58 ----D---- C:\Documents and Settings\Ron Fitzgerald\Application Data\Canon
2009-02-20 14:09:38 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-02-20 14:09:38 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-02-20 14:09:38 ----A---- C:\WINDOWS\system32\url.dll
2009-02-20 14:09:38 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-02-20 14:09:38 ----A---- C:\WINDOWS\system32\occache.dll
2009-02-20 14:09:38 ----A---- C:\WINDOWS\system32\mstime.dll
2009-02-20 14:09:38 ----A---- C:\WINDOWS\system32\msrating.dll
2009-02-20 14:09:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-02-20 14:09:38 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-02-20 14:09:37 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-02-20 14:09:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-02-20 14:09:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-02-20 14:09:37 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-02-20 14:09:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-02-20 14:09:37 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-02-20 14:09:36 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-02-20 14:09:36 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-02-20 14:09:36 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-02-20 14:09:36 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-02-20 14:09:36 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-02-20 14:09:36 ----A---- C:\WINDOWS\system32\icardie.dll
2009-02-20 14:09:36 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-02-20 14:09:36 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-02-20 14:09:35 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-02-20 14:09:35 ----A---- C:\WINDOWS\system32\advpack.dll
2009-02-20 06:20:49 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-02-20 01:14:12 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-02-09 08:10:49 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-02-09 08:10:48 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-02-09 08:10:48 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-02-09 08:10:48 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-02-08 21:23:28 ----RSD---- C:\WINDOWS\Fonts
2009-02-07 19:02:58 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-02-06 07:11:05 ----A---- C:\WINDOWS\system32\services.exe
2009-02-06 07:08:19 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-02-06 06:39:08 ----A---- C:\WINDOWS\system32\sc.exe
2009-02-03 20:28:29 ----D---- C:\WINDOWS\Downloaded Installations
2009-02-03 15:59:07 ----A---- C:\WINDOWS\system32\secur32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.6; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2003-11-20 15781]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-10-26 4124352]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-12-01 103360]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-15 11984]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-04 606684]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-10-29 2826944]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-11-30 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-09-27 9856]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-03-31 5888]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 aqabk8co;aqabk8co; C:\WINDOWS\system32\drivers\aqabk8co.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBVeo532;Veo Stingray/Connect Web Camera; C:\WINDOWS\System32\Drivers\ubVeo532.sys []
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PRISM_A02;Belkin 54Mbps Wireless USB Network Adapter; C:\WINDOWS\System32\DRIVERS\PRISMAXP.sys [2003-11-11 336800]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2006-04-13 204160]
S3 vmfilter303;vmfilter303; C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-25 428160]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZSMC303;USB PC Camera (Vimicro301 Neptune); C:\WINDOWS\System32\Drivers\usbVM303.sys [2006-08-31 392058]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 FreeAgentGoNext Service;Seagate Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-07-17 161064]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-03 152984]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-10-29 127043]
S2 gupdate1c9b40936b59046;Google Update Service (gupdate1c9b40936b59046); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-02 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-18 658432]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-08-03 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Belkin 54Mbps Wireless USB;Belkin 54Mbps Wireless USB Network Service; C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe [2003-06-09 49152]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

[Fisholio]

I hope I did these right. Could you briefly explain why we are doing these things.
I also have something running for a long time on startup.

Thanks for the continued help.