well this pc was infected with the above malware and just wanted to see if i got it all out.
here are the logs, my wife ran malware bytes to get rid of it but i cant find the txt file.
also why do i have so many 018 entries?
thanks in advance
OTListIt logfile created on: 5/14/2009 8:21:53 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = E:\Documents and Settings\C. Rich\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
381.98 Mb Total Physical Memory | 103.18 Mb Available Physical Memory | 27.01% Memory free
921.36 Mb Paging File | 650.32 Mb Available in Paging File | 70.58% Paging File free
Paging file location(s): E:\pagefile.sys 576 1152 [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
Drive E: | 49.41 Gb Total Space | 28.12 Gb Free Space | 56.92% Space Free | Partition Type: FAT32
Unable to calculate disk information.
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STORE
Current User Name: C. Rich
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - [2008/04/13 20:12:34 | 00,013,312 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\savedump.exe
PRC - [2004/06/13 11:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- E:\WINDOWS\system32\brsvc01a.exe
PRC - [2008/10/24 13:33:54 | 00,068,865 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2001/12/12 20:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- E:\WINDOWS\system32\brss01a.exe
PRC - [2008/10/24 13:33:44 | 00,151,297 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2006/06/16 10:38:44 | 00,172,032 | ---- | M] (Anti-Malware Development a.s.) -- E:\Program Files\ewido anti-spyware 4.0\guard.exe
PRC - [2004/03/08 21:27:00 | 00,045,056 | ---- | M] () -- E:\WINDOWS\System32\wltrysvc.exe
PRC - [2008/04/13 20:12:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Explorer.EXE
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2005/06/06 23:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2002/07/17 07:59:48 | 00,143,360 | ---- | M] (Intel Corporation) -- E:\WINDOWS\system32\igfxtray.exe
PRC - [2002/07/17 07:45:02 | 00,090,112 | ---- | M] (Intel Corporation) -- E:\WINDOWS\system32\hkcmd.exe
PRC - [2008/02/12 18:17:18 | 00,339,968 | ---- | M] (Western Digital Technologies, Inc.) -- E:\WINDOWS\system32\WDBtnMgr.exe
PRC - [2008/06/12 14:28:46 | 00,266,497 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2001/10/22 11:05:46 | 00,196,608 | ---- | M] (HP) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
PRC - [2007/09/05 19:18:34 | 00,068,856 | ---- | M] (Google Inc.) -- E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/01/22 18:30:16 | 00,098,304 | ---- | M] (ArcSoft, Inc.) -- E:\Program Files\My Book\WD Backup\uBBMonitor.exe
PRC - [2008/04/23 03:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2004/03/16 14:27:24 | 00,610,304 | ---- | M] (Belkin Corporation) -- E:\WINDOWS\System32\bcmwltry.exe
PRC - [2009/05/14 20:15:14 | 00,501,248 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\C. Rich\Desktop\OTListIt2.exe
========== Win32 Services (SafeList) ==========
SRV - [2008/10/24 13:33:54 | 00,068,865 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
SRV - [2008/10/24 13:33:44 | 00,151,297 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2007/03/19 21:19:14 | 00,263,168 | ---- | M] (Ares Development Group) -- E:\Program Files\Ares\chatServer.exe -- (AresChatServer [On_Demand | Stopped])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2004/06/13 11:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- E:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/12 20:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- E:\WINDOWS\system32\CTSvcCDA.EXE -- (Creative Service for CDROM Access [Disabled | Stopped])
SRV - [2006/06/16 10:38:44 | 00,172,032 | ---- | M] (Anti-Malware Development a.s.) -- E:\Program Files\ewido anti-spyware 4.0\guard.exe -- (ewido anti-spyware 4.0 guard [Auto | Running])
SRV - [2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- e:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2007/09/03 21:38:14 | 00,138,168 | ---- | M] (Google) -- E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/02/23 15:45:06 | 00,323,584 | ---- | M] (Apple Computer, Inc.) -- E:\Program Files\iPod\bin\iPodService.exe -- (iPodService [On_Demand | Stopped])
SRV - [2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2004/03/18 16:55:48 | 00,065,536 | ---- | M] (HP) -- E:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - File not found -- -- (WinMBR [Disabled | Stopped])
SRV - [2004/03/08 21:27:00 | 00,045,056 | ---- | M] () -- E:\WINDOWS\System32\wltrysvc.exe -- (WLTRYSVC [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
========== Driver Services (SafeList) ==========
DRV - [2001/08/17 12:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- E:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Running])
DRV - [2005/02/23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- E:\WINDOWS\system32\drivers\Afc.sys -- (Afc [On_Demand | Running])
DRV - [2007/02/27 15:25:02 | 00,011,840 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
DRV - [2008/05/20 16:29:42 | 00,052,032 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
DRV - [2008/11/25 21:24:16 | 00,075,072 | ---- | M] (Avira GmbH) -- E:\WINDOWS\system32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2004/02/19 10:51:00 | 00,300,928 | ---- | M] (Broadcom Corporation) -- E:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2002/11/18 16:51:40 | 00,377,358 | ---- | M] (C-Media Inc) -- E:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci [On_Demand | Stopped])
DRV - [2006/06/16 10:38:54 | 00,003,968 | ---- | M] () -- E:\Program Files\ewido anti-spyware 4.0\guard.sys -- (ewido anti-spyware 4.0 driver [System | Running])
DRV - [2004/07/22 17:17:08 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- E:\WINDOWS\System32\DRIVERS\fetnd5b.sys -- (FETNDISB [On_Demand | Stopped])
DRV - [2008/04/13 14:45:30 | 00,010,624 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2005/02/02 01:21:04 | 00,014,408 | ---- | M] (GEAR Software Inc.) -- E:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2001/08/17 13:28:02 | 00,907,456 | ---- | M] (Conexant) -- E:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys -- (HCF_MSFT [On_Demand | Stopped])
DRV - [2004/03/22 05:35:48 | 00,051,088 | ---- | M] (HP) -- E:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2004/03/22 05:35:52 | 00,016,496 | ---- | M] (HP) -- E:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2004/03/22 05:35:58 | 00,021,744 | ---- | M] (HP) -- E:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:38 | 00,161,020 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\System32\DRIVERS\i81xnt5.sys -- (i81x [On_Demand | Running])
DRV - [2002/07/23 09:01:28 | 00,012,415 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\System32\DRIVERS\wADV01nt.sys -- (iAimFP0 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:30 | 00,012,127 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\System32\DRIVERS\wADV02NT.sys -- (iAimFP1 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:30 | 00,011,775 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\System32\DRIVERS\wADV05NT.sys -- (iAimFP2 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:28 | 00,012,063 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\System32\DRIVERS\wSiINTxx.sys -- (iAimFP3 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:28 | 00,019,455 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\System32\DRIVERS\wVchNTxx.sys -- (iAimFP4 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:32 | 00,011,807 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\system32\DRIVERS\wADV07nt.sys -- (iAimFP5 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:32 | 00,011,295 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\system32\DRIVERS\wADV08nt.sys -- (iAimFP6 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:32 | 00,011,871 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\system32\DRIVERS\wADV09nt.sys -- (iAimFP7 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:34 | 00,011,935 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\system32\DRIVERS\wADV11nt.sys -- (iAimFP8 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:22 | 00,029,311 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\System32\DRIVERS\wATV01nt.sys -- (iAimTV0 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:22 | 00,019,551 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\System32\DRIVERS\wATV02NT.sys -- (iAimTV1 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:24 | 00,033,599 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\System32\DRIVERS\wATV04nt.sys -- (iAimTV3 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:20 | 00,023,615 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys -- (iAimTV4 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:26 | 00,025,471 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\system32\DRIVERS\wATV10nt.sys -- (iAimTV5 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:26 | 00,022,271 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\system32\DRIVERS\wATV06nt.sys -- (iAimTV6 [On_Demand | Stopped])
DRV - [2004/12/10 12:47:58 | 00,013,056 | ---- | M] (Logitech, Inc.) -- E:\WINDOWS\system32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])
DRV - [2004/12/10 12:48:08 | 00,052,992 | ---- | M] (Logitech, Inc.) -- E:\WINDOWS\System32\Drivers\L8042mou.sys -- (L8042mou [On_Demand | Running])
DRV - [2004/12/10 12:48:46 | 00,024,704 | ---- | M] (Logitech, Inc.) -- E:\WINDOWS\system32\DRIVERS\LHidKE.Sys -- (LHidKe [On_Demand | Stopped])
DRV - [2004/12/10 12:48:18 | 00,036,480 | ---- | M] (Logitech, Inc.) -- E:\WINDOWS\System32\Drivers\LHidUsbK.Sys -- (LHidUsbK [On_Demand | Stopped])
DRV - [2004/12/10 12:48:40 | 00,068,992 | ---- | M] (Logitech, Inc.) -- E:\WINDOWS\System32\Drivers\LMouKE.sys -- (LMouKE [On_Demand | Running])
DRV - [2004/08/04 01:41:36 | 00,606,684 | ---- | M] (LT) -- E:\WINDOWS\system32\DRIVERS\ltmdmnt.sys -- (ltmodem5 [On_Demand | Running])
DRV - [2007/09/03 14:37:18 | 00,015,648 | ---- | M] (Meetinghouse Data Communications) -- E:\WINDOWS\system32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Running])
DRV - [2001/08/17 14:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
DRV - [2008/04/13 14:44:30 | 00,027,904 | ---- | M] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- E:\WINDOWS\System32\DRIVERS\perm2.sys -- (perm2 [On_Demand | Stopped])
DRV - [2003/03/05 12:19:28 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- E:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [2001/08/18 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- E:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2001/08/18 12:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Stopped])
DRV - [2004/08/04 01:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- E:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Running])
DRV - [2007/11/13 05:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- E:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2007/03/01 10:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- E:\WINDOWS\system32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2001/08/17 13:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Stopped])
DRV - [2003/05/27 12:00:34 | 00,073,496 | ---- | M] (Symantec Corporation) -- E:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped])
DRV - [2006/03/01 12:36:30 | 00,023,600 | ---- | M] (EnTech Taiwan) -- E:\WINDOWS\system32\dRIVERs\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
DRV - [2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2008/04/13 14:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\DRIVERS\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2001/08/17 13:28:16 | 00,793,598 | ---- | M] (U.S. Robotics, Inc.) -- E:\WINDOWS\System32\DRIVERS\USR1806.SYS -- (USR1806 [On_Demand | Stopped])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.affordablevacuum.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: E:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2006/01/10 15:56:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: E:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2006/01/10 15:56:20 | 00,000,000 | ---D | M]
[2008/08/03 14:08:34 | 00,000,000 | ---D | M] -- E:\Documents and Settings\C. Rich\Application Data\mozilla\Extensions
[2008/08/03 14:08:34 | 00,000,000 | ---D | M] -- E:\Documents and Settings\C. Rich\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2006/01/10 15:56:38 | 00,000,000 | ---D | M] -- E:\Documents and Settings\C. Rich\Application Data\mozilla\Firefox\Profiles\jgfu4ruh.default\extensions
[2006/01/10 15:56:52 | 00,000,000 | ---D | M] -- E:\Program Files\mozilla firefox\extensions
[2006/01/10 15:56:52 | 00,000,000 | ---D | M] -- E:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/28 14:41:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 14:41:30 | 00,134,648 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/07/02 12:31:38 | 00,001,394 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/07/02 12:31:38 | 00,002,193 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/07/02 12:31:38 | 00,001,534 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/07/02 12:31:38 | 00,001,706 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/07/02 12:31:38 | 00,001,178 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/07/02 12:31:38 | 00,000,792 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\yahoo.xml
[2008/11/14 07:39:44 | 00,002,343 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\eBay.xml
O1 HOSTS File: (734 bytes) - E:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] "E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [HotKeysCmds] E:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [IgfxTray] E:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [WD Button Manager] WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [WinPatrol] "E:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe" ()
O4 - HKLM..\Run: [WMC_AutoUpdate] File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
O4 - HKCU..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [updateMgr] "E:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1 (Adobe Systems Incorporated)
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk = E:\Program Files\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: E:\Documents and Settings\C. Rich\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = E:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .spop - E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: earthlink.net ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: pch.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.micr...0367/wmavax.CAB (Reg Error: Key error.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macrom...tor/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop...cpConnCheck.cab (iCC Class)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://download.ewid...oOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.h...staller_gmn.cab (VerifyGMN Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} http://di.imgag.com/...stall/AxCtp.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...DC_2.1.2.76.cab (FilePlanet Download Control Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1187879031250 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8214.8648958333 (Reg Error: Key error.)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} http://ak.imgag.com/...tall/AxCtp2.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} http://ax.phobos.app.../ITDetector.cab (iTunesDetector Class)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.c...driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: Microsoft XML Parser for Java file://E:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{9AD79629-1267-44F1-B659-DB63BECA5E3F}\\NameServer = 204.117.214.10,199.2.252.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{BD08683E-B0A0-4459-A2FF-A851D04BAA64}\\NameServer = 204.117.214.10,199.2.252.10
O18 - Protocol\Handler\bw+0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw+0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {AFC69DD7-1129-4FA7-BA66-901E9F0BE3F8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - E:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s.)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - E:\Program Files\SpywareGuard\spywareguard.dll ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{55b300bd-e429-11da-a3ce-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{55b300bd-e429-11da-a3ce-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - E:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/05/14 20:15:08 | 00,501,248 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\C. Rich\Desktop\OTListIt2.exe
[2009/05/14 20:13:38 | 00,000,000 | ---D | C] -- E:\Rooter$
[2009/05/14 20:11:41 | 00,000,000 | ---D | C] -- E:\WINDOWS\ERDNT
[2009/05/14 20:11:26 | 00,000,712 | ---- | C] () -- E:\Documents and Settings\C. Rich\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/14 20:11:18 | 00,000,000 | ---D | C] -- E:\Program Files\ERUNT
[2009/05/14 20:10:25 | 00,000,000 | ---D | C] -- E:\Documents and Settings\C. Rich\Desktop\GeeksToGo Files
[2009/05/14 14:20:50 | 00,000,000 | ---D | C] -- E:\Documents and Settings\C. Rich\Application Data\Malwarebytes
[2009/05/14 14:20:43 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2009/05/14 14:20:41 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/14 14:20:37 | 00,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2009/05/14 14:20:37 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/14 00:50:49 | 00,091,860 | ---- | C] () -- E:\Documents and Settings\C. Rich\Desktop\Ad-AwareAE.exe
[2009/05/13 10:03:42 | 00,000,000 | ---D | C] -- E:\Program Files\Common Files\Uninstall
[2009/05/02 20:42:27 | 00,202,072 | R--- | C] (Coupons, Inc.) -- E:\WINDOWS\System32\cpnprt2.cid
[2009/05/02 20:42:20 | 00,000,000 | ---D | C] -- E:\WINDOWS\Cache
[2009/05/02 20:42:16 | 00,000,000 | ---D | C] -- E:\Program Files\Coupons
[2009/05/02 20:41:17 | 01,277,680 | ---- | C] () -- E:\Documents and Settings\C. Rich\Desktop\couponprinter.exe
[2009/04/22 20:50:07 | 00,054,156 | -H-- | C] () -- E:\WINDOWS\QTFont.qfn
[2009/04/22 20:50:07 | 00,001,409 | ---- | C] () -- E:\WINDOWS\QTFont.for
[2009/04/22 14:50:37 | 00,004,989 | ---- | C] () -- E:\Documents and Settings\C. Rich\Desktop\mm0.jpg
[2009/04/22 14:50:24 | 00,006,592 | ---- | C] () -- E:\Documents and Settings\C. Rich\Desktop\hemingway2.jpg
[2009/04/22 14:50:07 | 00,006,744 | ---- | C] () -- E:\Documents and Settings\C. Rich\Desktop\hemingway.jpg
[2009/04/21 17:05:00 | 00,013,911 | ---- | C] () -- E:\Documents and Settings\C. Rich\Desktop\0421091920.jpg
[2009/04/21 16:45:00 | 00,011,153 | ---- | C] () -- E:\Documents and Settings\C. Rich\Desktop\0421091921.jpg
[2009/04/21 16:32:00 | 00,010,846 | ---- | C] () -- E:\Documents and Settings\C. Rich\My Documents\cinsbday82
[2009/04/20 23:30:46 | 00,004,786 | ---- | C] () -- E:\Documents and Settings\C. Rich\Desktop\s507836878_1283475_3246.jpg
[2009/04/20 01:53:06 | 00,777,304 | ---- | C] (Gamevance LLC) -- E:\Documents and Settings\C. Rich\Desktop\SetupGamevance.exe
[2009/04/15 22:07:08 | 00,284,160 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 22:07:07 | 00,473,600 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 22:07:07 | 00,401,408 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 22:07:07 | 00,110,592 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 22:07:06 | 00,453,120 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 22:07:06 | 00,227,840 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 22:07:05 | 00,729,088 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 22:07:05 | 00,714,752 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 22:07:05 | 00,617,472 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 22:06:05 | 00,002,560 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 22:06:04 | 01,203,922 | ---- | C] () -- E:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 22:06:03 | 00,215,552 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\wordpad.exe
[2008/08/04 19:29:02 | 00,000,254 | ---- | C] () -- E:\WINDOWS\System32\SunData.ini
[2008/08/04 19:28:25 | 00,000,128 | ---- | C] () -- E:\WINDOWS\TTL3.ini
[2007/09/03 14:37:13 | 00,651,264 | ---- | C] () -- E:\WINDOWS\System32\libeay32.dll
[2007/09/03 14:37:13 | 00,147,456 | ---- | C] () -- E:\WINDOWS\System32\ssleay32.dll
[2006/09/08 10:44:47 | 00,258,048 | ---- | C] () -- E:\WINDOWS\System32\shpshftr.dll
[2006/09/08 10:43:50 | 00,028,672 | ---- | C] () -- E:\WINDOWS\System32\igfxdgps.dll
[2006/09/08 10:43:49 | 00,012,351 | ---- | C] () -- E:\WINDOWS\System32\i81xcoin.dll
[2006/08/25 10:08:17 | 00,011,776 | ---- | C] () -- E:\WINDOWS\System32\ZPORT4AS.dll
[2006/06/29 14:03:42 | 00,000,116 | ---- | C] () -- E:\WINDOWS\NeroDigital.ini
[2006/06/24 16:18:43 | 00,000,030 | ---- | C] () -- E:\WINDOWS\System32\brss01a.ini
[2006/06/24 16:17:42 | 00,000,459 | ---- | C] () -- E:\WINDOWS\brwmark.ini
[2006/06/24 16:17:42 | 00,000,236 | ---- | C] () -- E:\WINDOWS\Brpfx04a.ini
[2006/06/24 16:17:42 | 00,000,092 | ---- | C] () -- E:\WINDOWS\brpcfx.ini
[2006/06/24 16:17:42 | 00,000,079 | ---- | C] () -- E:\WINDOWS\BRPP2KA.INI
[2006/06/24 16:17:14 | 00,106,496 | ---- | C] () -- E:\WINDOWS\System32\BrMuSNMP.dll
[2006/06/23 15:53:40 | 00,000,252 | ---- | C] () -- E:\WINDOWS\wininit.ini
[2006/06/13 14:10:24 | 00,000,000 | ---- | C] () -- E:\WINDOWS\hpqEmlSz.INI
[2006/02/14 10:23:05 | 00,000,730 | ---- | C] () -- E:\WINDOWS\CoD.INI
[2006/02/13 12:31:33 | 00,000,319 | ---- | C] () -- E:\WINDOWS\CoDUO.INI
[2006/01/28 13:15:21 | 00,021,840 | ---- | C] () -- E:\WINDOWS\System32\SIntfNT.dll
[2006/01/28 13:15:20 | 00,017,212 | ---- | C] () -- E:\WINDOWS\System32\SIntf32.dll
[2006/01/28 13:15:20 | 00,012,067 | ---- | C] () -- E:\WINDOWS\System32\SIntf16.dll
[2005/12/29 15:06:38 | 00,000,642 | ---- | C] () -- E:\WINDOWS\SIERRA.INI
[2005/12/28 16:46:44 | 00,185,344 | ---- | C] () -- E:\WINDOWS\patchw32.dll
[2005/12/28 16:45:31 | 00,363,520 | ---- | C] () -- E:\WINDOWS\System32\psisdecd.dll
[2005/01/12 02:40:35 | 00,000,037 | ---- | C] () -- E:\WINDOWS\ipixActivex.ini
[2004/08/30 21:52:32 | 00,000,000 | ---- | C] () -- E:\WINDOWS\Bootus.INI
[2004/08/29 15:40:09 | 00,000,000 | ---- | C] () -- E:\WINDOWS\TAPILDR.INI
[2004/08/28 20:30:19 | 00,000,101 | ---- | C] () -- E:\WINDOWS\CMMIXER.INI
[2004/08/16 14:29:22 | 00,000,025 | ---- | C] () -- E:\WINDOWS\mixerdef.ini
[2004/08/16 12:35:08 | 00,000,376 | ---- | C] () -- E:\WINDOWS\ODBC.INI
[2004/07/22 17:28:02 | 00,057,344 | ---- | C] () -- E:\WINDOWS\System32\vuins32.dll
[1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- E:\WINDOWS\System32\MSRTEDIT.DLL
[1998/08/16 06:00:00 | 00,004,096 | ---- | C] () -- E:\WINDOWS\System32\sysres.dll
[1998/01/12 03:00:00 | 00,040,448 | ---- | C] () -- E:\WINDOWS\System32\REGOBJ.DLL
[1980/01/01 00:00:00 | 00,001,005 | ---- | C] () -- E:\WINDOWS\win.ini
[1980/01/01 00:00:00 | 00,000,227 | ---- | C] () -- E:\WINDOWS\system.ini
========== Files - Modified Within 30 Days ==========
[2009/05/14 20:20:32 | 00,001,374 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2009/05/14 20:20:04 | 00,000,062 | -HS- | M] () -- E:\Documents and Settings\C. Rich\Local Settings\desktop.ini
[2009/05/14 20:20:00 | 00,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT
[2009/05/14 20:19:52 | 00,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2009/05/14 20:19:46 | 40,060,9280 | -HS- | M] () -- E:\hiberfil.sys
[2009/05/14 20:15:14 | 00,501,248 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\C. Rich\Desktop\OTListIt2.exe
[2009/05/14 20:11:28 | 00,000,712 | ---- | M] () -- E:\Documents and Settings\C. Rich\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/14 08:56:32 | 00,091,860 | ---- | M] () -- E:\Documents and Settings\C. Rich\Desktop\Ad-AwareAE.exe
[2009/05/11 19:51:30 | 00,054,156 | -H-- | M] () -- E:\WINDOWS\QTFont.qfn
[2009/05/07 03:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\MRT.exe
[2009/05/02 20:42:42 | 00,202,072 | R--- | M] (Coupons, Inc.) -- E:\WINDOWS\System32\cpnprt2.cid
[2009/05/02 20:41:26 | 01,277,680 | ---- | M] () -- E:\Documents and Settings\C. Rich\Desktop\couponprinter.exe
[2009/04/22 20:50:08 | 00,001,409 | ---- | M] () -- E:\WINDOWS\QTFont.for
[2009/04/22 17:23:46 | 00,000,116 | ---- | M] () -- E:\WINDOWS\NeroDigital.ini
[2009/04/22 14:50:40 | 00,004,989 | ---- | M] () -- E:\Documents and Settings\C. Rich\Desktop\mm0.jpg
[2009/04/22 14:50:26 | 00,006,592 | ---- | M] () -- E:\Documents and Settings\C. Rich\Desktop\hemingway2.jpg
[2009/04/22 14:50:18 | 00,006,744 | ---- | M] () -- E:\Documents and Settings\C. Rich\Desktop\hemingway.jpg
[2009/04/21 17:05:00 | 00,013,911 | ---- | M] () -- E:\Documents and Settings\C. Rich\Desktop\0421091920.jpg
[2009/04/21 16:45:00 | 00,011,153 | ---- | M] () -- E:\Documents and Settings\C. Rich\Desktop\0421091921.jpg
[2009/04/21 16:32:00 | 00,010,846 | ---- | M] () -- E:\Documents and Settings\C. Rich\My Documents\cinsbday82
[2009/04/20 23:30:50 | 00,004,786 | ---- | M] () -- E:\Documents and Settings\C. Rich\Desktop\s507836878_1283475_3246.jpg
[2009/04/20 01:53:24 | 00,777,304 | ---- | M] (Gamevance LLC) -- E:\Documents and Settings\C. Rich\Desktop\SetupGamevance.exe
[2009/04/18 09:15:46 | 00,548,006 | ---- | M] () -- E:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/18 09:15:46 | 00,459,344 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2009/04/18 09:15:46 | 00,078,866 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
< End of report >
next
OTListIt Extras logfile created on: 5/14/2009 8:21:53 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = E:\Documents and Settings\C. Rich\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
381.98 Mb Total Physical Memory | 103.18 Mb Available Physical Memory | 27.01% Memory free
921.36 Mb Paging File | 650.32 Mb Available in Paging File | 70.58% Paging File free
Paging file location(s): E:\pagefile.sys 576 1152 [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
Drive E: | 49.41 Gb Total Space | 28.12 Gb Free Space | 56.92% Space Free | Partition Type: FAT32
Unable to calculate disk information.
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STORE
Current User Name: C. Rich
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- E:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006/03/20 12:06:28 | 00,032,768 | ---- | M] (Logitech) -- E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
File not found -- E:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe:*:Enabled:IreIke
File not found -- E:\Program Files\WatchGuard\Mobile User VPN\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
File not found -- E:\Program Files\WatchGuard\Mobile User VPN\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
File not found -- E:\Program Files\WatchGuard\Mobile User VPN\Vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2000/10/31 17:03:02 | 00,565,248 | ---- | M] (Havas Interactive) -- E:\Program Files\Sierra On-Line\SIGSPat.exe:*:Enabled:SIGSPat
[2006/09/08 10:58:22 | 00,081,920 | ---- | M] (Valve) -- E:\Program Files\Valve\Steam\SteamApps\richclan\counter-strike\hl.exe:*:Enabled:Half-Life Launcher
[2006/03/20 12:06:28 | 00,032,768 | ---- | M] (Logitech) -- E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger
[2006/02/23 16:31:58 | 14,144,000 | ---- | M] (Apple Computer, Inc.) -- E:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
File not found -- E:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe:*:Enabled:IreIke
File not found -- E:\Program Files\WatchGuard\Mobile User VPN\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
File not found -- E:\Program Files\WatchGuard\Mobile User VPN\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
File not found -- E:\Program Files\WatchGuard\Mobile User VPN\Vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25EF00BE-F17B-11D6-88EA-000476CD2443}" = Verizon Online
"{25EF00D5-F17B-11D6-88EA-000476CD2443}" = Verizon Online Help & Support
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45401A03-BDF0-448F-9B0F-3882B96F6692}" = Belkin Wireless Utility
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{516F50FB-48CA-4D92-BA63-A98A7C0AF7E2}" = HT Fireman
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® 810/810E/815/815E/815EM Chipset Graphics Driver Software
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{A351224F-533A-4EED-89F4-0BF3417FD31D}" = WD Backup
"{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C51CD33D-D7A0-4328-A802-3CD9DA437208}" = Type to Learn 3 Home
"{C9618743-1A5C-461E-91C4-E013A3D70F3C}" = Adobe® Photoshop® Album Starter Edition 3.0.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEB17EA4-2BA8-4F3B-9B24-DD5E42E6F3A7}" = COD & UO Fixer
"{D89EF3B3-6F17-4665-B7A9-A4235A6DC787}" = Ghost Recon
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}" = WD Firewire HID Driver
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Ares" = Ares 2.0.9
"Call of Duty" = Call of Duty
"CleanUp!" = CleanUp!
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ewidoantispyware4" = ewido anti-spyware 4.0
"Half-Life: Counter-Strike" = Half-Life: Counter-Strike
"Half-Life: Opposing Force" = Half-Life: Opposing Force
"HijackThis" = HijackThis 1.99.1
"hp deskjet 940c series" = hp deskjet 940c series (Remove only)
"hp deskjet 940c series_Driver" = hp deskjet 940c series
"IGN Download Manager" = IGN Download Manager 2.1.2
"InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"mIRC" = mIRC
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"Panda ActiveScan" = Panda ActiveScan
"PCI Audio Driver" = PCI Audio Driver
"RAR Password Cracker" = RAR Password Cracker 4.12
"Sierra Utilities" = Sierra Utilities
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SpywareGuard_is1" = SpywareGuard v2.2
"Steam" = Steam
"Terminal Server Client" = Terminal Services Client
"VUInstRhine" = VIA Rhine Family Fast Ethernet Adapter
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 5/11/2009 11:30:51 PM | Computer Name = STORE | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.2416, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 5/13/2009 7:57:46 AM | Computer Name = STORE | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.2416, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 5/13/2009 7:58:26 AM | Computer Name = STORE | Source = Application Hang | ID = 1001
Description = Fault bucket 01889186.
Error - 5/13/2009 8:03:36 AM | Computer Name = STORE | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.2416, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 5/13/2009 8:31:09 AM | Computer Name = STORE | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.2416, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 5/13/2009 8:31:45 AM | Computer Name = STORE | Source = Application Hang | ID = 1001
Description = Fault bucket 01889186.
Error - 5/13/2009 10:03:51 AM | Computer Name = STORE | Source = Application Error | ID = 1000
Description = Faulting application install_2018-7(2).exe, version 0.0.0.0, faulting
module install_2018-7(2).exe, version 0.0.0.0, fault address 0x0000c8be.
Error - 5/13/2009 10:04:03 AM | Computer Name = STORE | Source = Application Error | ID = 1001
Description = Fault bucket 1273297534.
Error - 5/14/2009 2:12:55 PM | Computer Name = STORE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module urlmon.dll, version 6.0.2900.5764, fault address 0x0000e23f.
Error - 5/14/2009 8:19:09 PM | Computer Name = STORE | Source = WLTRYSVC | ID = 2
Description = SetServiceStatus() failed
[ System Events ]
Error - 1/17/2009 10:08:32 AM | Computer Name = STORE | Source = Print | ID = 54
Description = Document Test Page was corrupted and has been deleted. The associated
driver is: hp deskjet 940c.
Error - 1/17/2009 10:43:21 AM | Computer Name = STORE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.
Error - 1/19/2009 10:12:14 AM | Computer Name = STORE | Source = PlugPlayManager | ID = 12
Description = The device 'hp deskjet 940c' (LPTENUM\HEWLETT-PACKARDDESKJET_940C\6&35fb2ad7&0&LPT1.4)
disappeared from the system without first being prepared for removal.
Error - 2/12/2009 11:23:56 AM | Computer Name = STORE | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 2/15/2009 2:36:12 PM | Computer Name = STORE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.
Error - 4/8/2009 1:36:51 PM | Computer Name = STORE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.
Error - 5/1/2009 8:18:36 PM | Computer Name = STORE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.
Error - 5/7/2009 8:25:40 AM | Computer Name = STORE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.
Error - 5/14/2009 2:37:12 PM | Computer Name = STORE | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.
Error - 5/14/2009 2:37:54 PM | Computer Name = STORE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
viaagp ViaIde
< End of report >
next
Microsoft Windows XP Professional (5.1.2600) Service Pack 3
A:\ [Removable] (Total:0 Mo/Free:0 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [Fixed] - FAT32 - (Total:50598 Mo/Free:167 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
Thu 05/14/2009|20:13
----------------------\\ Processes..
--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\E:\WINDOWS\system32\csrss.exe
---------- \??\E:\WINDOWS\system32\winlogon.exe
---------- E:\WINDOWS\system32\services.exe
---------- E:\WINDOWS\system32\lsass.exe
---------- E:\WINDOWS\system32\svchost.exe
---------- E:\WINDOWS\system32\svchost.exe
---------- E:\WINDOWS\System32\svchost.exe
---------- E:\WINDOWS\System32\svchost.exe
---------- E:\WINDOWS\System32\svchost.exe
---------- E:\WINDOWS\system32\brsvc01a.exe
---------- E:\WINDOWS\system32\spoolsv.exe
---------- E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
---------- E:\WINDOWS\System32\svchost.exe
---------- E:\WINDOWS\system32\brss01a.exe
---------- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
---------- E:\Program Files\ewido anti-spyware 4.0\guard.exe
---------- E:\WINDOWS\System32\svchost.exe
---------- E:\WINDOWS\System32\wltrysvc.exe
---------- E:\WINDOWS\Explorer.EXE
---------- E:\WINDOWS\System32\alg.exe
---------- E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
---------- E:\WINDOWS\system32\igfxtray.exe
---------- E:\WINDOWS\System32\bcmwltry.exe
---------- E:\WINDOWS\system32\hkcmd.exe
---------- E:\WINDOWS\system32\WDBtnMgr.exe
---------- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
---------- E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
---------- E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- E:\Program Files\My Book\WD Backup\uBBMonitor.exe
---------- E:\Program Files\Mozilla Firefox\firefox.exe
---------- E:\WINDOWS\system32\cmd.exe
---------- E:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
1 - "E:\Rooter$\Rooter_1.txt" - Thu 05/14/2009|20:14
----------------------\\ Scan completed at 20:14