Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Problem. Cant Update Windows


  • This topic is locked This topic is locked
20 replies to this topic

#1 GAZMAN195

GAZMAN195

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 26 September 2008 - 05:36 PM

Hi can you help please?

Im running Windows xp Professional x64 Edition
Avast (free)
Ad Aware (free)
Spybot s&d
Comodo firewall

I started a topic about my problems in the xp thread: http://www.bleepingcomputer.com/forums/t/171450/cannot-update-windows/ and someone sugested doing this
Does anything look wrong here?



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:28:12, on 26/09/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files (x86)\MicroStar\Bluetooth Software\bin\btwdins.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\MSN Messenger\msnmsgr.exe
C:\Program Files (x86)\MicroStar\Bluetooth Software\BTTray.exe
C:\PROGRA~2\Yahoo!\browser\ybrwicon.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~2\Yahoo!\browser\ycommon.exe
C:\Program Files (x86)\RileysPoker\Utils\poker.exe
C:\Program Files (x86)\Yahoo!\browser\ybrowser.exe
C:\Program Files (x86)\MSN Messenger\usnsvc.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~2\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files (x86)\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files (x86)\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~2\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: WlanUtility.lnk = C:\Program Files (x86)\MicroStar\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files (x86)\MicroStar\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Casino-On-Net - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\Documents and Settings\Administrator\Application Data\PacificPoker4\bin\casinopoker\bin\casino.exe (file missing)
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~2\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Eurolinx Poker - {78AB8510-2944-4c6c-86E7-6412C2383349} - C:\Microgaming\Poker\EurolinxPokerMPP\MPPoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: RileysPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~2\RILEYS~1\rileyspoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files (x86)\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files (x86)\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files (x86)\MicroStar\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files (x86)\MicroStar\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ReeferPoker - 60a501e4-a078-4cb2-8728-3fab4264f3c1 - C:\Documents and Settings\Administrator\Start Menu\Programs\ReeferPoker\ReeferPoker.lnk (HKCU)
O15 - Trusted Zone: http://forums.888.com
O15 - Trusted Zone: http://www.888.com
O15 - Trusted Zone: http://www.facebook.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143906166281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145018794687
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/...tivePreQual.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\SysWOW64\guard32.dll C:\WINDOWS\SysWOW64\cssdll32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files (x86)\MicroStar\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 14501 bytes

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:22 AM

Posted 05 October 2008 - 06:29 PM

:thumbsup: to BleepingComputer.com

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
If you would still like help, please follow the instructions below:

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 GAZMAN195

GAZMAN195
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 06 October 2008 - 06:46 PM

Hello Im still here, Thanks in advance for any help you can give



OTViewIt logfile created on: 06/10/2008 22:51:07 - Run
OTViewIt by OldTimer - Version 1.0.10.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 63.46% Memory free
3.81 Gb Paging File | 3.09 Gb Available in Paging File | 81.06% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 152.66 Gb Total Space | 119.96 Gb Free Space | 78.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GAZMANGOD
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/09/14 23:46:32 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
[2008/07/19 15:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2008/07/19 15:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
[2008/07/19 15:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[2008/07/23 15:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[2005/09/22 09:42:24 | 00,090,112 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
[2005/03/25 13:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ctfmon.exe
[2007/01/19 13:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSN Messenger\msnmsgr.exe
[2006/07/21 17:19:46 | 00,129,536 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\browser\ybrwicon.exe
[2006/03/21 14:19:40 | 00,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
[2008/07/19 15:38:34 | 00,078,008 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2006/03/03 15:18:10 | 00,200,704 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files (x86)\Yahoo!\browser\ycommon.exe
[2007/01/19 13:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSN Messenger\usnsvc.exe
[2006/09/19 17:28:52 | 00,668,152 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files (x86)\Yahoo!\browser\ybrowser.exe
[2008/10/06 22:50:12 | 00,416,768 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/14 23:46:32 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (AeLookupSvc [Auto | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Alerter [Disabled | Stopped])
[2005/03/25 13:00:00 | 00,045,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe -- (ALG [On_Demand | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (AppMgmt [On_Demand | Stopped])
[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/07/19 15:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (AudioSrv [Auto | Running])
[2008/07/19 15:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2008/07/19 15:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2008/07/23 15:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (BITS [Auto | Stopped])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Browser [Auto | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (BthServ [Auto | Running])
[2005/03/25 13:00:00 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [Disabled | Stopped])
[2005/03/25 13:00:00 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv [On_Demand | Stopped])
[2008/09/07 12:05:10 | 00,690,944 | ---- | M] () -- C:\Program Files\Comodo\Firewall\cmdagent.exe -- (cmdAgent [Auto | Running])
[2007/02/18 11:05:26 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllhost.exe -- (COMSysApp [On_Demand | Stopped])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (CryptSvc [Auto | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (DcomLaunch [Auto | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Dhcp [Auto | Running])
File not found -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin [On_Demand | Stopped])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (dmserver [Auto | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Dnscache [Auto | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (ERSvc [Auto | Running])
File not found -- C:\WINDOWS\system32\services.exe -- (Eventlog [Auto | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (EventSystem [Auto | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (helpsvc [Auto | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (HidServ [Auto | Running])
File not found -- C:\WINDOWS\System32\lsass.exe -- (HTTPFilter [On_Demand | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\svchost.exe -- (IASJet [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\imapi.exe -- (ImapiService [On_Demand | Stopped])
[2006/02/23 15:45:06 | 00,323,584 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe -- (iPodService [On_Demand | Stopped])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Irmon [Auto | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (lanmanserver [Auto | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (lanmanworkstation [Auto | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (LmHosts [Auto | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Messenger [Disabled | Stopped])
[2005/03/25 13:00:00 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC [On_Demand | Stopped])
[2007/02/18 11:05:38 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msiexec.exe -- (MSIServer [On_Demand | Stopped])
[2007/02/18 11:05:42 | 00,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netdde.exe -- (NetDDE [On_Demand | Stopped])
[2007/02/18 11:05:42 | 00,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\lsass.exe -- (Netlogon [On_Demand | Stopped])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Netman [On_Demand | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Nla [On_Demand | Running])
File not found -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp [On_Demand | Stopped])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (NtmsSvc [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\nvsvc64.exe -- (NVSvc [Auto | Running])
File not found -- C:\WINDOWS\system32\services.exe -- (PlugPlay [Auto | Running])
File not found -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent [Auto | Running])
File not found -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage [Auto | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (RasAuto [On_Demand | Stopped])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (RasMan [On_Demand | Running])
File not found -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr [On_Demand | Stopped])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (RemoteAccess [Disabled | Stopped])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (RemoteRegistry [Auto | Running])
[2005/03/25 13:00:00 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\locator.exe -- (RpcLocator [On_Demand | Stopped])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (RpcSs [Auto | Running])
File not found -- C:\WINDOWS\system32\lsass.exe -- (SamSs [Auto | Running])
[2007/02/18 11:05:48 | 00,090,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr [On_Demand | Stopped])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Schedule [Auto | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (seclogon [Auto | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (SENS [Auto | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (SharedAccess [Auto | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (ShellHWDetection [Auto | Running])
[2007/02/17 00:55:54 | 00,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler [Auto | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (srservice [Auto | Stopped])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (SSDPSRV [On_Demand | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (stisvc [Auto | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (swprv [On_Demand | Stopped])
[2007/02/18 11:05:50 | 00,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog [Auto | Stopped])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (TapiSrv [On_Demand | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (TermService [On_Demand | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Themes [Auto | Running])
File not found -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr [Disabled | Stopped])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (TrkWks [Auto | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (upnphost [Auto | Running])
[2005/03/25 13:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ups.exe -- (UPS [On_Demand | Stopped])
[2007/01/19 13:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
File not found -- C:\WINDOWS\System32\vds.exe -- (vds [On_Demand | Stopped])
File not found -- C:\WINDOWS\System32\vssvc.exe -- (VSS [On_Demand | Stopped])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (W32Time [Auto | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (WebClient [Auto | Running])
[2006/11/03 20:36:20 | 00,014,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (WinHttpAutoProxySvc [On_Demand | Stopped])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (winmgmt [Auto | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (WmdmPmSN [On_Demand | Stopped])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Wmi [On_Demand | Stopped])
File not found -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv [On_Demand | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (wscsvc [Auto | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (wuauserv [Auto | Stopped])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (WudfSvc [On_Demand | Stopped])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (WZCSVC [Auto | Running])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (xmlprov [On_Demand | Stopped])
[2003/05/19 16:07:38 | 00,086,016 | ---- | M] (Yahoo! Inc.) -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService [On_Demand | Stopped])

========== Driver Services ==========

File not found -- -- (ACPI [Boot | Running])
File not found -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD [System | Running])
File not found -- -- (ALCXWDM [On_Demand | Running])
File not found -- -- (AmdK8 [System | Running])
File not found -- -- (aswFsBlk [Auto | Running])
File not found -- -- (aswMonFlt [Auto | Running])
File not found -- -- (aswRdr [On_Demand | Running])
File not found -- -- (aswSP [System | Running])
File not found -- -- (aswTdi [System | Running])
File not found -- -- (atapi [Boot | Running])
File not found -- -- (audstub [On_Demand | Running])
File not found -- -- (Beep [System | Running])
File not found -- -- (CdaC15BA [Auto | Running])
File not found -- -- (CdaD10BA [Auto | Running])
File not found -- -- (Cdfs [Disabled | Running])
File not found -- -- (Cdrom [System | Running])
File not found -- -- (cmdGuard [System | Running])
File not found -- -- (cmdHlp [System | Running])
File not found -- -- (crcdisk [Boot | Running])
File not found -- -- (Disk [Boot | Running])
File not found -- -- (dmio [Boot | Running])
File not found -- -- (dmload [Boot | Running])
File not found -- -- (Fdc [On_Demand | Running])
File not found -- -- (Fips [System | Running])
File not found -- -- (Flpydisk [On_Demand | Running])
File not found -- -- (FltMgr [Boot | Running])
File not found -- -- (Ftdisk [Boot | Running])
[2005/02/02 01:21:04 | 00,014,408 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped])
File not found -- -- (Gpc [On_Demand | Running])
File not found -- -- (HidUsb [On_Demand | Running])
File not found -- -- (HTTP [On_Demand | Running])
File not found -- -- (i8042prt [System | Running])
File not found -- -- (imapi [System | Running])
File not found -- -- (Inspect [On_Demand | Running])
File not found -- -- (IpNat [On_Demand | Running])
File not found -- -- (IPSec [System | Running])
File not found -- -- (irda [Auto | Running])
File not found -- -- (IRENUM [On_Demand | Running])
File not found -- -- (irsir [On_Demand | Running])
File not found -- -- (isapnp [Boot | Running])
File not found -- -- (Kbdclass [System | Running])
File not found -- -- (kmixer [On_Demand | Running])
File not found -- -- (KSecDD [Boot | Running])
File not found -- -- (ksthunk [On_Demand | Running])
[2005/03/25 13:00:00 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mnmdd.dll -- (mnmdd [System | Running])
File not found -- -- (Mouclass [System | Running])
File not found -- -- (mouhid [On_Demand | Running])
File not found -- -- (MountMgr [Boot | Running])
File not found -- -- (MRxDAV [On_Demand | Running])
File not found -- -- (MRxSmb [System | Running])
File not found -- -- (Msfs [System | Running])
File not found -- -- (mssmbios [On_Demand | Running])
File not found -- -- (ms_mpu401 [On_Demand | Running])
File not found -- -- (Mup [Boot | Running])
File not found -- -- (NDIS [Boot | Running])
File not found -- -- (NdisTapi [On_Demand | Running])
File not found -- -- (Ndisuio [On_Demand | Running])
File not found -- -- (NdisWan [On_Demand | Running])
File not found -- -- (NDProxy [On_Demand | Running])
File not found -- -- (NetBIOS [System | Running])
File not found -- -- (NetBT [System | Running])
File not found -- -- (Npfs [System | Running])
File not found -- -- (Ntfs [Disabled | Running])
File not found -- -- (Null [System | Running])
File not found -- -- (nv [On_Demand | Running])
File not found -- -- (nvata64 [Boot | Running])
File not found -- -- (nvnetbus [On_Demand | Running])
File not found -- -- (Parport [On_Demand | Running])
File not found -- -- (PartMgr [Boot | Running])
File not found -- -- (pavboot [Boot | Running])
File not found -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5 [On_Demand | Stopped])
File not found -- -- (PCASp50a64 [On_Demand | Running])
File not found -- -- (PCI [Boot | Running])
File not found -- -- (PCIIde [Boot | Running])
File not found -- -- (PptpMiniport [On_Demand | Running])
File not found -- -- (PSched [On_Demand | Running])
File not found -- -- (Ptilink [On_Demand | Running])
File not found -- -- (RasAcd [System | Running])
File not found -- -- (Rasirda [On_Demand | Running])
File not found -- -- (Rasl2tp [On_Demand | Running])
File not found -- -- (RasPppoe [On_Demand | Running])
File not found -- -- (Raspti [On_Demand | Running])
File not found -- -- (Rdbss [System | Running])
File not found -- -- (RDPCDD [System | Running])
File not found -- -- (rdpdr [On_Demand | Running])
File not found -- -- (redbook [System | Running])
File not found -- -- (RT2500 [On_Demand | Running])
[2008/09/03 14:07:14 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Stopped])
[2008/09/03 14:07:16 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2008/09/03 14:07:12 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Stopped])
File not found -- -- (Secdrv [Auto | Running])
File not found -- -- (serenum [On_Demand | Running])
File not found -- -- (Serial [System | Running])
File not found -- -- (sr [Boot | Running])
File not found -- -- (Srv [On_Demand | Running])
File not found -- -- (swenum [On_Demand | Running])
File not found -- -- (sysaudio [On_Demand | Running])
File not found -- -- (Tcpip [System | Running])
File not found -- -- (TermDD [System | Running])
[2008/09/20 16:25:59 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\Drivers\tmcomm.sys -- (tmcomm [Auto | Stopped])
File not found -- -- (Update [On_Demand | Running])
File not found -- -- (usbccgp [On_Demand | Running])
File not found -- -- (usbehci [On_Demand | Running])
File not found -- -- (usbhub [On_Demand | Running])
File not found -- -- (usbohci [On_Demand | Running])
File not found -- -- (usbprint [On_Demand | Running])
File not found -- -- (usbscan [On_Demand | Running])
File not found -- -- (USBSTOR [On_Demand | Running])
File not found -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave [System | Running])
File not found -- -- (VolSnap [Boot | Running])
File not found -- -- (Wanarp [On_Demand | Running])
File not found -- -- (wdmaud [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://home.bt.yahoo.com
"Default_Search_URL"=http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://home.bt.yahoo.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
"SearchMigratedDefaultName"=Live Search
"SearchMigratedDefaultURL"=http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
"Start Page"=http://home.bt.yahoo.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://home.bt.yahoo.com

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://home.bt.yahoo.com

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1777105085-4290262350-1035235109-500\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
"SearchMigratedDefaultName"=Live Search
"SearchMigratedDefaultURL"=http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
"Start Page"=http://home.bt.yahoo.com

[HKEY_USERS\S-1-5-21-1777105085-4290262350-1035235109-500\Software\Microsoft\Internet Explorer\SearchURL]
""=http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/

[HKEY_USERS\S-1-5-21-1777105085-4290262350-1035235109-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1777105085-4290262350-1035235109-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1777105085-4290262350-1035235109-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (224776 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
7888 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (HKLM) -- C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.2.2.28.dll (BitComet)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} (HKLM) -- C:\Program Files (x86)\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} (HKLM) -- C:\Program Files (x86)\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" (HKLM) -- C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1777105085-4290262350-1035235109-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1777105085-4290262350-1035235109-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1777105085-4290262350-1035235109-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1777105085-4290262350-1035235109-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1777105085-4290262350-1035235109-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
"OpwareSE4"="C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" (ScanSoft, Inc.)
"QuickTime Task"="C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"YBrowser"=C:\PROGRA~2\Yahoo!\browser\ybrwicon.exe (Yahoo! Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"msnmsgr"="C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\CTFMON.EXE (Microsoft Corporation)
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\CTFMON.EXE (Microsoft Corporation)
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\CTFMON.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\CTFMON.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1777105085-4290262350-1035235109-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"msnmsgr"="C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)

========== (O4) RunOnce Keys ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe File not found

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe File not found

========== (O4) Startup Folders ==========

[2005/09/26 09:31:22 | 00,709,632 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WlanUtility.lnk = C:\Program Files (x86)\MicroStar\WLANUtility\WlanUtility.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0
"NoDispBackgroundPage"=0
"NoDispScrSavPage"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1777105085-4290262350-1035235109-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1777105085-4290262350-1035235109-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0
"NoDispBackgroundPage"=0
"NoDispScrSavPage"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&D&ownload &with BitComet: C:\Program Files (x86)\BitComet\BitComet.exe [2008/06/03 04:42:44 | 02,596,152 | ---- | M] (www.BitComet.com)
&D&ownload all video with BitComet: C:\Program Files (x86)\BitComet\BitComet.exe [2008/06/03 04:42:44 | 02,596,152 | ---- | M] (www.BitComet.com)
&D&ownload all with BitComet: C:\Program Files (x86)\BitComet\BitComet.exe [2008/06/03 04:42:44 | 02,596,152 | ---- | M] (www.BitComet.com)
&Windows Live Search: C:\Program Files (x86)\Windows Live Toolbar\msntb.dll [2007/10/19 12:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation)
E&xport to Microsoft Excel: C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE File not found
Easy-WebPrint Add To Print List: C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 20:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 20:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 20:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 20:05:46 | 00,552,960 | ---- | M] ()

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE File not found

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1777105085-4290262350-1035235109-500\Software\Microsoft\Internet Explorer\MenuExt\]
&D&ownload &with BitComet: C:\Program Files (x86)\BitComet\BitComet.exe [2008/06/03 04:42:44 | 02,596,152 | ---- | M] (www.BitComet.com)
&D&ownload all video with BitComet: C:\Program Files (x86)\BitComet\BitComet.exe [2008/06/03 04:42:44 | 02,596,152 | ---- | M] (www.BitComet.com)
&D&ownload all with BitComet: C:\Program Files (x86)\BitComet\BitComet.exe [2008/06/03 04:42:44 | 02,596,152 | ---- | M] (www.BitComet.com)
&Windows Live Search: C:\Program Files (x86)\Windows Live Toolbar\msntb.dll [2007/10/19 12:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation)
E&xport to Microsoft Excel: C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE File not found
Easy-WebPrint Add To Print List: C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 20:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 20:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 20:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 20:05:46 | 00,552,960 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [2007/07/12 04:00:35 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{3015DB92-158E-4b77-9020-85C8E311FBB5}: Button: Casino-On-Net -- %AppData%\PacificPoker4\bin\casinopoker\bin\casino.exe File not found
{49783ED4-258D-4f9f-BE11-137C18D3E543}: Button: Titan Poker -- %SystemDrive%\Poker\Titan Poker\casino.exe File not found
{49783ED4-258D-4f9f-BE11-137C18D3E543}: Menu: Titan Poker -- %SystemDrive%\Poker\Titan Poker\casino.exe File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: BT Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2006/10/31 16:33:54 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{78AB8510-2944-4c6c-86E7-6412C2383349}: Button: Eurolinx Poker -- %SystemDrive%\Microgaming\Poker\EurolinxPokerMPP\MPPoker.exe [2008/02/26 09:40:06 | 00,011,264 | ---- | M] (Microgaming)
{94EDF7B4-4272-4af3-8F8B-4E2F68E225B7}: Button: RileysPoker -- %ProgramFiles%\RileysPoker\rileyspoker.exe [2007/08/08 11:15:28 | 00,212,992 | ---- | M] (Cassava Ent.)
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Button: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [2007/02/03 17:34:38 | 00,110,592 | ---- | M] ()
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Menu: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [2007/02/03 17:34:38 | 00,110,592 | ---- | M] ()
{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}: Button: BitComet -- %ProgramFiles%\BitComet\tools\BitCometBHO_1.2.2.28.dll [2008/02/29 09:49:22 | 00,468,280 | ---- | M] (BitComet)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search && Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %SystemDrive%\Program Files\Messenger\msmsgs.exe [2007/02/18 11:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %SystemDrive%\Program Files\Messenger\msmsgs.exe [2007/02/18 11:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
60a501e4-a078-4cb2-8728-3fab4264f3c1\\ButtonText [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
60a501e4-a078-4cb2-8728-3fab4264f3c1\\CLSID [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
60a501e4-a078-4cb2-8728-3fab4264f3c1\\Default Visible [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
60a501e4-a078-4cb2-8728-3fab4264f3c1\\Exec [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
60a501e4-a078-4cb2-8728-3fab4264f3c1\\HotIcon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
60a501e4-a078-4cb2-8728-3fab4264f3c1\\Icon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> [2007/07/12 04:00:35 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:33:54 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %SystemDrive%\Program Files\Messenger\msmsgs.exe [Messenger] -> [2007/02/18 11:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1777105085-4290262350-1035235109-500\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
60a501e4-a078-4cb2-8728-3fab4264f3c1\\ButtonText [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
60a501e4-a078-4cb2-8728-3fab4264f3c1\\CLSID [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
60a501e4-a078-4cb2-8728-3fab4264f3c1\\Default Visible [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
60a501e4-a078-4cb2-8728-3fab4264f3c1\\Exec [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
60a501e4-a078-4cb2-8728-3fab4264f3c1\\HotIcon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
60a501e4-a078-4cb2-8728-3fab4264f3c1\\Icon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> [2007/07/12 04:00:35 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:33:54 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %SystemDrive%\Program Files\Messenger\msmsgs.exe [Messenger] -> [2007/02/18 11:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
888.com\forums: http in My Computer
888.com\www: http in My Computer
888.com\www: https in Local intranet
facebook.com\www: http in My Computer
microsoft.com\update: http in My Computer
47 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1777105085-4290262350-1035235109-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
888.com\forums: http in My Computer
888.com\www: http in My Computer
888.com\www: https in Local intranet
facebook.com\www: http in My Computer
microsoft.com\update: http in My Computer
47 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab -- QuickTime Object
{0742B9EF-8C83-41CA-BFBA-830A59E23533}: https://support.microsoft.com/OAS/ActiveX/MSDcode.cab -- Microsoft Data Collection Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/3/9...heckControl.cab -- Windows Genuine Advantage Validation Tool
{193C772A-87BE-4B19-A7BB-445B226FE9A1}: http://downloads.ewido.net/ewidoOnlineScan.cab -- ewidoOnlineScan Control
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files (x86)\Yahoo!\Common\Yinsthelper20073151.dll -- Installation Support
{5ED80217-570B-4DA9-BF44-BE107C0EC166}: http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab -- Windows Live Safety Center Base Module
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/windowsupdate/...b?1143906166281 -- WUWebControl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1145018794687 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}: http://messenger.msn.com/download/MsnMesse...pDownloader.cab -- MsnMessengerSetupDownloadControl Class
{C606BA60-AB76-48B6-96A7-2C4D5C386F70}: http://help.broadbandassist.com/bbdesktop/...tivePreQual.cab -- PreQualifier Class
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_03
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_09
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_10
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_11
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{856208AF-0C34-4646-BFC3-A7086C9BE210} (Servers: | Description: 802.11g PCI Wireless Network Adapter)
{A14FC5C5-F39B-41A9-948F-FDF7C8140793} (Servers: | Description: NVIDIA nForce Networking Controller)
{B1E350EA-28BB-4D42-8596-339236531E50} (Servers: | Description: )
{E5DD7944-CC03-4EFB-B1ED-5339FCFC01CE} (Servers: | Description: )

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\WINDOWS\SysWOW64\guard32.dll C:\WINDOWS\SysWOW64\cssdll32.dll
>[2008/09/07 12:05:14 | 00,143,104 | ---- | M] () -- C:\WINDOWS\SysWOW64\guard32.dll
>[2008/09/07 12:07:26 | 00,249,592 | ---- | M] (COMODO) -- C:\WINDOWS\SysWOW64\cssdll32.dll

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=Explorer.exe
>File not found --

"System"=lsass.exe
>File not found --

"UserInit"=C:\WINDOWS\system32\userinit.exe,
>[2007/02/18 11:05:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userinit.exe

"UIHost"=%SystemRoot%\system32\logonui.exe
>[2007/02/18 11:05:34 | 00,516,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logonui.exe

"VMApplet"=rundll32 shell32,Control_RunDLL "sysdm.cpl"
>[2007/11/08 01:55:44 | 08,360,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
>File not found --


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
crypt32chain: "DllName" = crypt32.dll -- File not found
cryptnet: "DllName" = cryptnet.dll -- File not found
cscdll: "DllName" = cscdll.dll -- File not found
dimsntfy: "DllName" = dimsntfy.dll -- File not found
EFS: "DllName" = sclgntfy.dll -- File not found
ScCertProp: "DllName" = wlnotify.dll -- File not found
Schedule: "DllName" = wlnotify.dll -- File not found
sclgntfy: "DllName" = sclgntfy.dll -- File not found
SensLogn: "DllName" = WlNotify.dll -- File not found
termsrv: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
wlballoon: "DllName" = wlnotify.dll -- File not found

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CDBurn"={fbeb8a05-beee-4442-804e-409d6c4515e9} (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"={7849596a-48ea-486e-8937-a2a3009f31a9} (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SysTray"={35CEC8A3-2BE6-11D2-8773-92E220524153} (HKLM) -- C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} (HKLM) -- C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

========== (O22) Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}" (HKLM) = Browseui preloader -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}" (HKLM) = Component Categories cache daemon -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

========== IFEO "Debugger" Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\]
Your Image File Name Here without a path:"Debugger" = C:\WINDOWS\system32\ntsd.exe (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" (HKLM) -- File not found

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
>File not found --
>File not found --
>File not found --
>File not found --

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,
>[2007/02/18 11:05:42 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msv1_0.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,
>[2007/02/18 11:05:34 | 00,350,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kerberos.dll
>[2007/02/18 11:05:42 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msv1_0.dll
>[2007/04/25 14:45:30 | 00,146,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\schannel.dll
>[2007/02/18 11:06:04 | 00,076,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdigest.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/03/31 22:04:47 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2008/10/06 22:50:05 | 00,416,768 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2008/10/06 20:12:24 | 00,094,258 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\100k 72 hand.JPG
[2008/10/04 23:03:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\blue next wifi setup
[2008/10/02 18:47:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\psp backup 2.10.08
[2008/10/01 17:37:23 | 14,772,9520 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\REG FILES BACKUP.reg
[2008/10/01 16:56:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\PHONE CARD BACKUP
[2008/09/28 19:17:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\TowerTorneosPoker
[2008/09/28 19:14:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TowerTorneosPoker
[2008/09/27 14:01:01 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/09/26 23:27:04 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2008/09/25 16:04:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Albums
[2008/09/25 16:04:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ArcSoft
[2008/09/25 15:41:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Dads phone pics
[2008/09/25 15:32:12 | 00,446,508 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dad bye.wav
[2008/09/25 15:30:18 | 00,000,603 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Big Slick.lnk
[2008/09/24 22:01:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\anti virus etc
[2008/09/24 21:53:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008/09/24 21:53:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2008/09/24 21:53:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2008/09/24 21:21:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2008/09/24 21:21:18 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/09/24 21:21:09 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/24 21:21:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/09/24 21:20:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2008/09/20 16:26:57 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/09/15 19:28:47 | 01,163,960 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2008/09/15 19:28:47 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2008/09/14 23:45:18 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2008/09/14 23:45:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/09/14 23:42:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2008/09/14 15:57:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2008/09/08 23:42:48 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/09/08 23:42:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2008/09/08 17:30:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo
[2008/09/07 12:07:26 | 00,249,592 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cssdll32.dll
[2008/09/07 12:05:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\comodo
[2008/09/07 12:05:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Comodo
[2008/09/07 12:05:18 | 00,143,104 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2008/10/06 22:50:12 | 00,416,768 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2008/10/06 21:57:30 | 00,000,268 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2008/10/06 20:12:25 | 00,094,258 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\100k 72 hand.JPG
[2008/10/06 18:46:51 | 00,002,293 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2008/10/06 16:57:35 | 00,000,002 | ---- | M] () -- C:\WINDOWS\System32\config.nt
[2008/10/06 11:03:56 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2008/10/06 11:00:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/06 11:00:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/05 11:30:25 | 00,110,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/01 17:37:35 | 14,772,9520 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\REG FILES BACKUP.reg
[2008/09/28 19:17:04 | 00,001,689 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Tower Torneos Poker.lnk
[2008/09/28 10:44:59 | 00,061,576 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/09/27 14:01:55 | 00,000,460 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/09/25 16:08:06 | 00,001,102 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Titan Poker.lnk
[2008/09/25 15:32:13 | 00,446,508 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dad bye.wav
[2008/09/25 15:30:18 | 00,000,603 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Big Slick.lnk
[2008/09/24 21:32:12 | 00,004,547 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/09/24 15:04:16 | 00,008,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\My Slideshow dad2.pxp
[2008/09/20 16:25:59 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/09/10 00:07:22 | 00,038,528 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/10 00:07:18 | 00,017,200 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/09/08 23:42:48 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/09/07 12:07:26 | 00,249,592 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cssdll32.dll
[2008/09/07 12:05:14 | 00,143,104 | ---- | M] () -- C:\WINDOWS\System32\guard32.dll
< End of report >




OTViewIt Extras logfile created on: 06/10/2008 22:51:07 - Run
OTViewIt by OldTimer - Version 1.0.10.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 63.46% Memory free
3.81 Gb Paging File | 3.09 Gb Available in Paging File | 81.06% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 152.66 Gb Total Space | 119.96 Gb Free Space | 78.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GAZMANGOD
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.reg [@ = regfile] -- regedit.exe "%1"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
File not found -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/01/19 13:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 17:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2005/08/31 17:11:06 | 02,478,080 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger
[2005/08/31 17:06:46 | 00,053,248 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2006/09/19 17:28:52 | 00,668,152 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files (x86)\Yahoo!\browser\ybrowser.exe:*:Enabled:BT Yahoo! Broadband
[2004/09/08 10:18:42 | 03,645,952 | R--- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\AvRack\rtlrack.exe:*:Enabled:AvRack
[2006/08/31 17:01:42 | 00,448,040 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\YOP\yop.exe:*:Enabled:BT Yahoo! Online Protection
[2008/07/19 15:28:35 | 00,270,520 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashAvast.exe:*:Enabled:avast! Antivirus
[2005/03/25 13:00:00 | 01,327,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSN\MSNCoreFiles\Install\msnsusii.exe:*:Enabled:MSN
[2007/02/17 00:39:00 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe:*:Enabled:Outlook Express
[2006/02/23 16:31:58 | 14,144,000 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files (x86)\iTunes\iTunes.exe:*:Disabled:iTunes
[2007/02/18 11:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2005/09/26 09:31:22 | 00,709,632 | ---- | M] () -- C:\Program Files (x86)\MicroStar\WLANUtility\WlanUtility.exe:*:Enabled:WlanUtility
File not found -- C:\Program Files (x86)\ABC\abc.exe:*:Enabled:abc
[2005/10/31 16:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
File not found -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/01/19 13:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 17:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2006/10/10 18:53:46 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2008/06/03 04:42:44 | 02,596,152 | ---- | M] (www.BitComet.com) -- C:\Program Files (x86)\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
[2008/05/30 15:54:14 | 21,718,312 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] -- C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [Bluetooth Namespace] -- C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/05/08 09:33:00 | 03,591,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (about:{3050F406-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML About Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/05/08 09:33:00 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (cdl:{3dd53d40-7b8b-11D0-b013-00aa0059ce02} (HKLM) [CDL: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/18 11:05:42 | 01,563,136 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvidctl.dll (dvd:{12D51199-0DB5-46FE-A120-47A3D7D937CC} (HKLM) [DVD: Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/05/08 09:33:00 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (file:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/05/08 09:33:00 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (ftp:{79eac9e3-baf9-11ce-8c82-00aa004ba90b} (HKLM) [ftp: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/05/08 09:33:00 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll (gopher:{79eac9e4-baf9-11ce-8c82-00aa004ba90b} (HKLM) [gopher: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/05/08 09:33:00 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (http:{79eac9e2-baf9-11ce-8c82-00aa004ba90b} (HKLM) [http: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL http\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL http\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/05/08 09:33:00 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (https:{79eac9e5-baf9-11ce-8c82-00aa004ba90b} (HKLM) [https: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL https\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL https\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/18 11:05:32 | 00,137,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll (its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} (HKLM) [Microsoft InfoTech Protocols for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/05/08 09:33:00 | 03,591,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (java script:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/05/08 09:33:00 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (local:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/05/08 09:33:00 | 03,591,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (mailto:{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Mailto Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/08/17 13:51:24 | 00,694,784 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll (mhtml:{05300401-BCBC-11d0-85E3-00C04FD85AB4} (HKLM) [MHTML Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/05/08 09:33:00 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (mk:{79eac9e6-baf9-11ce-8c82-00aa004ba90b} (HKLM) [mk: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/18 11:05:32 | 00,137,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll (ms-its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} (HKLM) [Microsoft InfoTech Protocols for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/05/08 09:33:00 | 03,591,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (res:{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Resource Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/05/30 15:54:14 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/05/08 09:33:00 | 03,591,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll (sysimage:{76E67A63-06E9-11D2-A840-006008059382} (HKLM) [Microsoft HTML Resource Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/18 11:05:42 | 01,563,136 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvidctl.dll (tv:{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} (HKLM) [TV: Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/05/08 09:33:00 | 03,591,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (vbscript:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/03/25 13:00:00 | 00,074,240 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiascr.dll (wia:{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} (HKLM) [WiaProtocol Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/12/22 12:28:14 | 00,271,360 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscoree.dll application/octet-stream:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} (HKLM) [Cor MIME Filter, CorFltr, CorFltr 1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/12/22 12:28:14 | 00,271,360 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscoree.dll application/x-complus:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} (HKLM) [Cor MIME Filter, CorFltr, CorFltr 1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/12/22 12:28:14 | 00,271,360 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscoree.dll application/x-msdownload:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} (HKLM) [Cor MIME Filter, CorFltr, CorFltr 1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/05/08 09:33:00 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll Class Install Handler:{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} (HKLM) [AP Class Install Handler filter]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/05/08 09:33:00 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll deflate:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/05/08 09:33:00 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll gzip:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/05/08 09:33:00 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll lzdhtml:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/11/08 01:55:44 | 08,360,448 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll text/webviewhtml:{733AC4CB-F1A4-11d0-B951-00A0C90312E1} (HKLM) [WebView MIME Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}"=ScanSoft OmniPage SE 4.0
"{3248F0A8-6813-11D6-A77B-00B0D0150030}"=J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}"=J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}"=J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{59C4F14F-7590-45FC-BE9F-A67AB3590709}"=iTunes
"{5A063D9F-A50B-4164-92BD-0142A99F3E63}"=Scojacks Clock
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{85309D89-7BE9-4094-BB17-24999C6118FC}"=ArcSoft PhotoStudio 5.5
"{90ADAE77-36C9-4FD4-A50F-8486D792C2FC}"=Sitecom Station Adapter Utility
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}"=Nero - Burning Rom
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{C151CE54-E7EA-4804-854B-F515368B0798}"=Athlon 64 Processor Driver
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}"=QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}"=Full Tilt Poker
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}"=Windows Live Toolbar
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}"=Black and White
"{F652D238-5F29-42D5-BAF3-0115EF977EC2}"=Windows Live Sign-in Assistant
"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio
"ActiveScan 2.0"=Panda ActiveScan 2.0
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"AnalogX SuperShredder"=AnalogX SuperShredder
"avast!"=avast! Antivirus
"Big Slick"=Big Slick
"BitComet"=BitComet 1.02
"BT Yahoo! Applications"=BT Yahoo! Applications
"Canon MP180 User Registration"=Canon MP180 User Registration
"Desktop FLV Player_is1"=FLVhosting Desktop FLV Player Ver 2.00
"DVD PixPlay_is1"=DVD PixPlay
"Easy-PhotoPrint"=Canon Utilities Easy-PhotoPrint
"Easy-WebPrint"=Easy-WebPrint
"Eurolinx"=Eurolinx
"FileChecker_is1"=FileChecker v1.7
"HijackThis"=HijackThis 2.0.2
"InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}"=iTunes
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"MansionPoker"=MANSION Poker (remove only)
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.1)"=Mozilla Firefox (3.0.1)
"MP Navigator 3.0"=Canon MP Navigator 3.0
"PartyPoker"=PartyPoker
"Titan Poker"=Titan Poker
"Tower Torneos Poker"=Tower Torneos Poker
"Victor Chandler"=Victor Chandler
"VideoEgg"=VideoEgg Publisher
"ViewpointMediaPlayer"=Viewpoint Media Player
"Windows Live OneCare safety scanner"=Windows Live OneCare safety scanner
"Windows Live Toolbar"=Windows Live Toolbar
"WinRAR archiver"=WinRAR archiver
"XviD_is1"=XviD 1.1 final uninstall
"Yahoo! Toolbar"=Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ReeferPoker"=ReeferPoker

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1777105085-4290262350-1035235109-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ReeferPoker"=ReeferPoker

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 16/02/2008 14:57:01 | Computer Name = GAZMANGOD | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\Themes\Custom.theme
failed, 00000021.

Error - 16/02/2008 14:57:01 | Computer Name = GAZMANGOD | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\Themes\Custom.theme
failed, 00000021.

Error - 16/02/2008 14:57:01 | Computer Name = GAZMANGOD | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\Themes\Custom.theme
failed, 00000021.

Error - 16/02/2008 14:57:02 | Computer Name = GAZMANGOD | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\Themes\Custom.theme
failed, 00000021.

Error - 16/02/2008 14:57:02 | Computer Name = GAZMANGOD | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\Themes\Custom.theme
failed, 00000021.

Error - 16/02/2008 14:57:02 | Computer Name = GAZMANGOD | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\Themes\Custom.theme
failed, 00000021.

Error - 16/02/2008 14:57:02 | Computer Name = GAZMANGOD | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\Themes\Custom.theme
failed, 00000021.

Error - 16/02/2008 14:57:02 | Computer Name = GAZMANGOD | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\Themes\Custom.theme
failed, 00000021.

Error - 16/02/2008 14:57:02 | Computer Name = GAZMANGOD | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\Themes\Custom.theme
failed, 00000021.

Error - 18/02/2008 09:21:11 | Computer Name = GAZMANGOD | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3FJTCS26\VAT+Online+Registration+Service[1].pdf:Zone.Identifier
failed, 00000021.

[ Application Events ]
Error - 01/10/2008 17:23:31 | Computer Name = GAZMANGOD | Source = SecurityCenter | ID = 1802
Description =

Error - 02/10/2008 10:35:01 | Computer Name = GAZMANGOD | Source = SecurityCenter | ID = 1802
Description =

Error - 03/10/2008 02:34:57 | Computer Name = GAZMANGOD | Source = SecurityCenter | ID = 1802
Description =

Error - 04/10/2008 07:38:17 | Computer Name = GAZMANGOD | Source = SecurityCenter | ID = 1802
Description =

Error - 04/10/2008 07:59:09 | Computer Name = GAZMANGOD | Source = MPSampleSubmission | ID = 5000
Description =

Error - 04/10/2008 09:31:12 | Computer Name = GAZMANGOD | Source = MPSampleSubmission | ID = 5000
Description =

Error - 05/10/2008 06:12:36 | Computer Name = GAZMANGOD | Source = SecurityCenter | ID = 1802
Description =

Error - 05/10/2008 20:45:37 | Computer Name = GAZMANGOD | Source = Application Error | ID = 1000
Description = Faulting application fulltiltpoker.exe, version 4.15.34.7, faulting
module msvcr80.dll, version 8.0.50727.762, fault address 0x00050aaf.

Error - 06/10/2008 02:12:15 | Computer Name = GAZMANGOD | Source = SecurityCenter | ID = 1802
Description =

Error - 06/10/2008 06:00:54 | Computer Name = GAZMANGOD | Source = SecurityCenter | ID = 1802
Description =

[ System Events ]
Error - 06/10/2008 06:57:30 | Computer Name = GAZMANGOD | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 06/10/2008 07:57:00 | Computer Name = GAZMANGOD | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 06/10/2008 08:57:00 | Computer Name = GAZMANGOD | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 06/10/2008 09:57:00 | Computer Name = GAZMANGOD | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 06/10/2008 10:57:00 | Computer Name = GAZMANGOD | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 06/10/2008 11:57:05 | Computer Name = GAZMANGOD | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 06/10/2008 12:57:04 | Computer Name = GAZMANGOD | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 06/10/2008 13:57:02 | Computer Name = GAZMANGOD | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 06/10/2008 14:57:03 | Computer Name = GAZMANGOD | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 06/10/2008 15:57:00 | Computer Name = GAZMANGOD | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126


< End of report >



Tuesday, October 7, 2008
Operating System: Microsoft Windows XP Professional x64 Edition Service Pack 2 (build 3790)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, October 06, 2008 22:13:11
Records in database: 1295576


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\

Scan statistics
Files scanned 124823
Threat name 1
Infected objects 1
Suspicious objects 0
Duration of the scan 01:35:46

File name Threat name Threats count
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\EA9106EN\us[1].pdf Infected: Exploit.Win32.Pidief.gx 1

The selected area was scanned.

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:22 AM

Posted 06 October 2008 - 08:15 PM

Hello, GAZMAN195.
You have a Peer-To-Peer program installed.
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case BitComet). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

We need to clear out some temporary data.
Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 7...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-Language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe
  • Follow the on screen instructions to install the latest Java version.
In your next reply, please include the following:
  • A New HiJack This log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 GAZMAN195

GAZMAN195
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 07 October 2008 - 12:09 PM

Hello and thanks again.

I generally only use peer to peer with trusted freinds. You may have noticed the vast array of poker programs, I am a semi pro poker player and I and several others share vidios of ourselfs playing poker as a learning tool. Although I must admit I can never wait the extra couple of months for my weekly dose of Smallville here in the UK (guess I better do that on a computer that I dont run my banking and poker on from now on).

I have followed your steps above. On step 4. Select your Platform: "Windows". I went for the windows x64 (Im running Windows xp Professional x64 Edition, Did I do the right thing there?).

Unfortunaly I was unable to uninstall any of the Java softare (see screen shots) I got the same error message for each one that I tryed to uninstall. So I am stuck at step 12.

Attached Files



#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:22 AM

Posted 07 October 2008 - 08:13 PM

Hello, GAZMAN195.
The poker programs look fine. :thumbsup: See if this fix makes you able to remove these Java verisons..

We need to repair some of windows' internal registration settings
  • Please download Dial-A-Fix from one of the following mirrors:
  • Extract the zip file to your desktop.
  • Double click Dial-a-Fix.exe to start the program.
  • Press the green double checkmark box (Looks like this: Posted Image)
  • UNcheck "Empty Temp Folders", as well as "Adjust Time/Date" in the prep section. The prep section should then look like this:
    Posted Image
  • When the window looks like this, press the GO button in the bottom of the window.
    Posted Image
  • Exit/Close Dial-A-Fix
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 GAZMAN195

GAZMAN195
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 08 October 2008 - 09:30 AM

Right I have run that. I got an error message while starting dial a fix but it did load as soon as I clicked ok. Then I got 3 identical errors during the Register WUAU DLLs stage and one more error during the Explorer/IE/OE/shell/WMP.

Still unable to remove Java with the same message from before.

Attached Files



#8 GAZMAN195

GAZMAN195
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 08 October 2008 - 09:37 AM

I seem to have maxed out my attachment space so cant post any more screenshots. The other error message said:

Error 126 ("The specified module could not be found") was encountered while calling LoadLibary(C:\WINDOWS\system32\srclient.dll). This is usually caused by a missing or corrupt dependancy not presant in the PATH or the current folder (which is: C:\WINDOWS\system32)

#9 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:22 AM

Posted 08 October 2008 - 07:27 PM

Hello :thumbsup:

Please follow the instructions in USASMA's tutorial here to run SFC to verify windows' integrity:
http://www.bleepingcomputer.com/forums/ind...st&p=231230

Let me know if that helps.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#10 GAZMAN195

GAZMAN195
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 09 October 2008 - 05:41 PM

Hello again.
ran the SFC it did ask for my xp disc and ran for quite a while so looked like it did something but dosent seem to have made any difference (I never get simple problems :thumbsup: )
Still unable to download/install any windows updates.
Still unable to remove java

#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:22 AM

Posted 09 October 2008 - 06:02 PM

Hello, GAZMAN195.
We need to scan for rootkits with GMER
  • Please download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.)
  • When you have done this, disconnect from the Internet and close all running programs.
    Note: There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on "Settings", then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
    Important! Please do not select the "Show all" checkbox during the scan.
  • Click on the "Scan" and wait for the scan to finish.
    • Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in Safe Mode
In your next reply, please include the following:
  • GMER's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#12 GAZMAN195

GAZMAN195
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 10 October 2008 - 05:42 AM

Ok I have run gmer.

While starting the program I got an error stating: System\CurrentControlSet\gmer: The handle is invalid. After clicking ok it continued to load ok. I set it up and restarted as instucted.
I was unable to check all the boxs on the right hand side as most were greyed out, The ones that were checked were:
Services
Registry
Files
C:
ADS

I tryed to run in safe mode also to see if I could check the rest of the boxs but they were greyed out there too.

This is what I got with just the 5 boxs checked:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-10 11:11:09
Windows 5.2.3790 Service Pack 2


---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a685739
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a685739@000e6d0b9839 0x49 0xDB 0x17 0x28 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a3a685739
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a3a685739@000e6d0b9839 0x49 0xDB 0x17 0x28 ...

---- EOF - GMER 1.0.14 ----

#13 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:22 AM

Posted 10 October 2008 - 06:28 PM

Hello, GAZMAN195.
Please try this and then run GMER again :thumbsup:

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :services
    gmer
    :commands
    [EmptyTemp]
    [Reboot]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
In your next reply, please include the following:
  • OTMoveIt3's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#14 GAZMAN195

GAZMAN195
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 11 October 2008 - 05:19 AM

Ok have done that:

========== SERVICES/DRIVERS ==========
Unable to stop service gmer .
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.4.2 log created on 10112008_104616

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.


I then ran gmer again but was exsactly the same as last time boxs still greyed out:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-11 11:14:13
Windows 5.2.3790 Service Pack 2


---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a685739
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a685739@000e6d0b9839 0x49 0xDB 0x17 0x28 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a3a685739
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a3a685739@000e6d0b9839 0x49 0xDB 0x17 0x28 ...

---- EOF - GMER 1.0.14 ----

#15 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:22 AM

Posted 11 October 2008 - 05:04 PM

Hello, GAZMAN195.
We need to run OTScanIt
Before running a new scan let's clean out the temporary folders.
Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • In the Rootkit Search area select Yes
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - Disabled MS Config Items
      Reg - File Associations
      Reg - Uninstall List
      File - Additional Folder Scans
  • Check the "Scan All Users" and "Include MD5" checkboxes at the top of the window.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post.

In your next reply, please include the following:
  • OTScanIt Report

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users