Thanks again for your time. Here are the logs:
This is the first GMER log:
GMER 1.0.12.12011 -
http://www.gmer.net
Rootkit scan 2007-01-08 11:25:57
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess
---- Kernel code sections - GMER 1.0.12 ----
.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ 60, 0C, F2, B2, E0, 6E, F2, ... ]
.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ 60, 0C, F2, B2, E0, 6E, F2, ... ]
---- Devices - GMER 1.0.12 ----
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter IRP_MJ_CREATE [F88C666E] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter IRP_MJ_CREATE_NAMED_PIPE [F88C79A6] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter IRP_MJ_CLOSE [F88C78A2] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter IRP_MJ_READ [F88C79A6] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter IRP_MJ_WRITE [F88C7924] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter IRP_MJ_QUERY_INFORMATION [F88C79A6] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter IRP_MJ_SET_INFORMATION [F88C7820] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter IRP_MJ_QUERY_EA [F88C79A6] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter IRP_MJ_SET_EA [F88C79A6] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter IRP_MJ_FLUSH_BUFFERS [F88C79A6] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter IRP_MJ_QUERY_VOLUME_INFORMATION [F88C79A6] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter IRP_MJ_SET_VOLUME_INFORMATION [F88C79A6] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter IRP_MJ_DIRECTORY_CONTROL [F88C79A6] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter IRP_MJ_FILE_SYSTEM_CONTROL [F88C7A26] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter IRP_MJ_DEVICE_CONTROL [F88C79A6] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter IRP_MJ_INTERNAL_DEVICE_CONTROL [F88C66FA] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter IRP_MJ_SHUTDOWN [F88C79A6] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter IRP_MJ_LOCK_CONTROL [F88C79A6] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter IRP_MJ_CLEANUP [F88C779E] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter IRP_MJ_CREATE_MAILSLOT [F88C79A6] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter IRP_MJ_QUERY_SECURITY [F88C79A6] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter IRP_MJ_SET_SECURITY [F88C79A6] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter IRP_MJ_POWER [F88C79A6] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter IRP_MJ_SYSTEM_CONTROL [F88C79A6] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter IRP_MJ_DEVICE_CHANGE [F88C79A6] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter IRP_MJ_QUERY_QUOTA [F88C79A6] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter IRP_MJ_SET_QUOTA [F88C79A6] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter IRP_MJ_PNP [F88C79A6] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter FastIoCheckIfPossible [F88C7112] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter FastIoRead [F88C7154] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter FastIoWrite [F88C7196] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter FastIoQueryBasicInfo [F88C71DA] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter FastIoQueryStandardInfo [F88C7214] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter FastIoLock [F88C724E] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter FastIoUnlockSingle [F88C7292] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter FastIoUnlockAll [F88C72D0] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter FastIoUnlockAllByKey [F88C7304] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter FastIoDeviceControl [F88C733C] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter FastIoDetachDevice [F88C7382] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter FastIoQueryNetworkOpenInfo [F88C738E] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter MdlRead [F88C73C8] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter MdlReadComplete [F88C7408] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter PrepareMdlWrite [F88C743A] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter MdlWriteComplete [F88C747C] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter FastIoReadCompressed [F88C74B4] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter FastIoWriteCompressed [F88C74FC] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter MdlReadCompleteCompressed [F88C7546] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter MdlWriteCompleteCompressed [F88C7578] savonaccessfilter.sys
Device \FileSystem\SAVOnAccess Filter \Device\SAVOnAccessFilter FastIoQueryOpen [F88C75B0] savonaccessfilter.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [B2F322A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [B2F322A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [B2F322A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A5085A] avgtdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [B2F322A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [B2F322A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [B2F322A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [B2F322A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A5085A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [B2F322A0] vsdatant.sys
Device \FileSystem\SAVOnAccess Control \Device\SAVOnAccessControl IRP_MJ_CREATE [B2EB84F8] savonaccesscontrol.sys
Device \FileSystem\SAVOnAccess Control \Device\SAVOnAccessControl IRP_MJ_CLOSE [B2EB8590] savonaccesscontrol.sys
Device \FileSystem\SAVOnAccess Control \Device\SAVOnAccessControl IRP_MJ_READ [B2EB85D0] savonaccesscontrol.sys
Device \FileSystem\SAVOnAccess Control \Device\SAVOnAccessControl IRP_MJ_DEVICE_CONTROL [B2EBC2C6] savonaccesscontrol.sys
Device \FileSystem\SAVOnAccess Control \Device\SAVOnAccessControl FastIoRead [B2EB860E] savonaccesscontrol.sys
Device \FileSystem\SAVOnAccess Control \Device\SAVOnAccessControl FastIoWrite [B2EB866C] savonaccesscontrol.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [B2F322A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [B2F322A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [B2F322A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A5085A] avgtdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [B2F322A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [B2F322A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [B2F322A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [B2F322A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A5085A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [B2F322A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [B2F322A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [B2F322A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [B2F322A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A5085A] avgtdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [B2F322A0] vsdatant.sys
---- Files - GMER 1.0.12 ----
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FDBA7498
---- EOF - GMER 1.0.12 ----
This is the GMER autostart log:
GMER 1.0.12.12011 -
http://www.gmer.net
Autostart scan 2007-01-08 11:27:16
Windows 5.1.2600 Service Pack 2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
WgaLogon@DLLName = WgaLogon.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe
Avg7Alrt /*AVG7 Alert Manager Server*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Avg7UpdSvc /*AVG7 Update Service*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
AVGEMS /*AVG E-mail Scanner*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
vsmon /*TrueVector Internet Monitor*/@ = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SunJavaUpdateSched"C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" = "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
@MSConfigC:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
@Zone Labs Client"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
@AVG7_CCC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@getmail"C:\Program Files\GetMail\GetMail.exe" = "C:\Program Files\GetMail\GetMail.exe"
@EarthWatcherC:\Program Files\EarthWatcher\EarthWatcher.exe = C:\Program Files\EarthWatcher\EarthWatcher.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}C:\Program Files\Eudora\EuShlExt.dll /*file not found*/ = C:\Program Files\Eudora\EuShlExt.dll /*file not found*/
@{5BACC17E-BDF7-405B-BC68-ECB506395118}(null) =
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} /*Eudora's Shell Extension*/C:\Program Files\Eudora\EuShlExt.dll /*file not found*/ = C:\Program Files\Eudora\EuShlExt.dll /*file not found*/
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real Alternative\rpshell.dll = C:\Program Files\Real Alternative\rpshell.dll
@{FED7043D-346A-414D-ACD7-550D052499A7} /*dBpowerAMP Music Converter 1*/C:\Program Files\dBpowerAMP\dBShell.dll = C:\Program Files\dBpowerAMP\dBShell.dll
@{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} /*dBpowerAMP Music Converter*/C:\Program Files\dBpowerAMP\dMCShell.dll = C:\Program Files\dBpowerAMP\dMCShell.dll
@{D44E22BD-2D2C-4F13-BF1B-2DB458FD0C2C} /*KernelExtExt Extension*/C:\WINDOWS\System32\krnsvr32.dll /*file not found*/ = C:\WINDOWS\System32\krnsvr32.dll /*file not found*/
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/C:\Program Files\Grisoft\AVG Free\avgse.dll = C:\Program Files\Grisoft\AVG Free\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/C:\Program Files\Grisoft\AVG Free\avgse.dll = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Web Folders*/ = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
moveonboot_delete@{12B23346-6BD8-4812-BF8C-75E7C386ACB8} = C:\Program Files\GiPo@MoveOnBoot\mboot.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{53707962-6F74-2D53-2644-206D7942484F}C:\Program Files\Spybot - Search & Destroy\SDHelper.dll = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome =
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start
Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home =
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start
Pagehttp://www.straightdope.com/ =
http://www.straightdope.com/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll
C:\Documents and Settings\All Users\Start Menu\Programs\Startup >>>
Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk
Microsoft Office.lnk = Microsoft Office.lnk
---- EOF - GMER 1.0.12 ----
And here is the HJT uninstall list:
ACDSee 4.0.2 Trial Version
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Photoshop 7.0
Adobe Shockwave Player
Ahead Nero - Burning Rom
ATI Display Driver
AVG Free Edition
BSplayer
dBpowerAMP Music Converter
EarthWatcher 1.1.1
FLAC Installer 1.1.2a (remove only)
FLV Player 1.3.3
GetMail 3.2
GiPo@MoveOnBoot 1.9.5
Google Earth
HijackThis 1.99.1
HttpWatch 3.2.0.67
Intel A/V Codecs V2.0
Intel Application Accelerator
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
KeePass Password Safe 1.06
Last.fm 1.1.0.0
Microsoft Office 2000 Premium
mIRC
Mozilla Firefox (1.5.0.9)
Mozilla Thunderbird (1.5.0.9)
Mp3tag v2.37a
Music Label 2007 v13.0.1
PowerDVD
Quake III Arena
QuickTime Alternative 1.69
Real Alternative 1.29
Scrabble Blast Deluxe
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
SoulSeek Client 156c
Spybot - Search & Destroy 1.4
Trillian
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
Wireless PCI Card Configuration Utility
XP Codec Pack
ZoneAlarm
Zortam ID3 Tag Editor