Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

personal anti-virus infection

Started by richclan , May 14 2009 06:42 PM

  • Please log in to reply

#1
richclan
Posted 14 May 2009 - 06:42 PM

richclan

    Member

  • Member
  • PipPipPip
  • 187 posts
wow :) this forum has been very busy since i last visited
well this pc was infected with the above malware and just wanted to see if i got it all out.
here are the logs, my wife ran malware bytes to get rid of it but i cant find the txt file.
also why do i have so many 018 entries?
thanks in advance

OTListIt logfile created on: 5/14/2009 8:21:53 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = E:\Documents and Settings\C. Rich\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

381.98 Mb Total Physical Memory | 103.18 Mb Available Physical Memory | 27.01% Memory free
921.36 Mb Paging File | 650.32 Mb Available in Paging File | 70.58% Paging File free
Paging file location(s): E:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
Drive E: | 49.41 Gb Total Space | 28.12 Gb Free Space | 56.92% Space Free | Partition Type: FAT32
Unable to calculate disk information.
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STORE
Current User Name: C. Rich
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/04/13 20:12:34 | 00,013,312 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\savedump.exe
PRC - [2004/06/13 11:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- E:\WINDOWS\system32\brsvc01a.exe
PRC - [2008/10/24 13:33:54 | 00,068,865 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2001/12/12 20:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- E:\WINDOWS\system32\brss01a.exe
PRC - [2008/10/24 13:33:44 | 00,151,297 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2006/06/16 10:38:44 | 00,172,032 | ---- | M] (Anti-Malware Development a.s.) -- E:\Program Files\ewido anti-spyware 4.0\guard.exe
PRC - [2004/03/08 21:27:00 | 00,045,056 | ---- | M] () -- E:\WINDOWS\System32\wltrysvc.exe
PRC - [2008/04/13 20:12:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Explorer.EXE
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2005/06/06 23:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2002/07/17 07:59:48 | 00,143,360 | ---- | M] (Intel Corporation) -- E:\WINDOWS\system32\igfxtray.exe
PRC - [2002/07/17 07:45:02 | 00,090,112 | ---- | M] (Intel Corporation) -- E:\WINDOWS\system32\hkcmd.exe
PRC - [2008/02/12 18:17:18 | 00,339,968 | ---- | M] (Western Digital Technologies, Inc.) -- E:\WINDOWS\system32\WDBtnMgr.exe
PRC - [2008/06/12 14:28:46 | 00,266,497 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2001/10/22 11:05:46 | 00,196,608 | ---- | M] (HP) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
PRC - [2007/09/05 19:18:34 | 00,068,856 | ---- | M] (Google Inc.) -- E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/01/22 18:30:16 | 00,098,304 | ---- | M] (ArcSoft, Inc.) -- E:\Program Files\My Book\WD Backup\uBBMonitor.exe
PRC - [2008/04/23 03:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2004/03/16 14:27:24 | 00,610,304 | ---- | M] (Belkin Corporation) -- E:\WINDOWS\System32\bcmwltry.exe
PRC - [2009/05/14 20:15:14 | 00,501,248 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\C. Rich\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/10/24 13:33:54 | 00,068,865 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
SRV - [2008/10/24 13:33:44 | 00,151,297 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2007/03/19 21:19:14 | 00,263,168 | ---- | M] (Ares Development Group) -- E:\Program Files\Ares\chatServer.exe -- (AresChatServer [On_Demand | Stopped])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2004/06/13 11:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- E:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/12 20:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- E:\WINDOWS\system32\CTSvcCDA.EXE -- (Creative Service for CDROM Access [Disabled | Stopped])
SRV - [2006/06/16 10:38:44 | 00,172,032 | ---- | M] (Anti-Malware Development a.s.) -- E:\Program Files\ewido anti-spyware 4.0\guard.exe -- (ewido anti-spyware 4.0 guard [Auto | Running])
SRV - [2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- e:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2007/09/03 21:38:14 | 00,138,168 | ---- | M] (Google) -- E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/02/23 15:45:06 | 00,323,584 | ---- | M] (Apple Computer, Inc.) -- E:\Program Files\iPod\bin\iPodService.exe -- (iPodService [On_Demand | Stopped])
SRV - [2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2004/03/18 16:55:48 | 00,065,536 | ---- | M] (HP) -- E:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - File not found -- -- (WinMBR [Disabled | Stopped])
SRV - [2004/03/08 21:27:00 | 00,045,056 | ---- | M] () -- E:\WINDOWS\System32\wltrysvc.exe -- (WLTRYSVC [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 12:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- E:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Running])
DRV - [2005/02/23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- E:\WINDOWS\system32\drivers\Afc.sys -- (Afc [On_Demand | Running])
DRV - [2007/02/27 15:25:02 | 00,011,840 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
DRV - [2008/05/20 16:29:42 | 00,052,032 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
DRV - [2008/11/25 21:24:16 | 00,075,072 | ---- | M] (Avira GmbH) -- E:\WINDOWS\system32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2004/02/19 10:51:00 | 00,300,928 | ---- | M] (Broadcom Corporation) -- E:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2002/11/18 16:51:40 | 00,377,358 | ---- | M] (C-Media Inc) -- E:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci [On_Demand | Stopped])
DRV - [2006/06/16 10:38:54 | 00,003,968 | ---- | M] () -- E:\Program Files\ewido anti-spyware 4.0\guard.sys -- (ewido anti-spyware 4.0 driver [System | Running])
DRV - [2004/07/22 17:17:08 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- E:\WINDOWS\System32\DRIVERS\fetnd5b.sys -- (FETNDISB [On_Demand | Stopped])
DRV - [2008/04/13 14:45:30 | 00,010,624 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2005/02/02 01:21:04 | 00,014,408 | ---- | M] (GEAR Software Inc.) -- E:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2001/08/17 13:28:02 | 00,907,456 | ---- | M] (Conexant) -- E:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys -- (HCF_MSFT [On_Demand | Stopped])
DRV - [2004/03/22 05:35:48 | 00,051,088 | ---- | M] (HP) -- E:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2004/03/22 05:35:52 | 00,016,496 | ---- | M] (HP) -- E:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2004/03/22 05:35:58 | 00,021,744 | ---- | M] (HP) -- E:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:38 | 00,161,020 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\System32\DRIVERS\i81xnt5.sys -- (i81x [On_Demand | Running])
DRV - [2002/07/23 09:01:28 | 00,012,415 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\System32\DRIVERS\wADV01nt.sys -- (iAimFP0 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:30 | 00,012,127 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\System32\DRIVERS\wADV02NT.sys -- (iAimFP1 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:30 | 00,011,775 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\System32\DRIVERS\wADV05NT.sys -- (iAimFP2 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:28 | 00,012,063 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\System32\DRIVERS\wSiINTxx.sys -- (iAimFP3 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:28 | 00,019,455 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\System32\DRIVERS\wVchNTxx.sys -- (iAimFP4 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:32 | 00,011,807 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\system32\DRIVERS\wADV07nt.sys -- (iAimFP5 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:32 | 00,011,295 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\system32\DRIVERS\wADV08nt.sys -- (iAimFP6 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:32 | 00,011,871 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\system32\DRIVERS\wADV09nt.sys -- (iAimFP7 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:34 | 00,011,935 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\system32\DRIVERS\wADV11nt.sys -- (iAimFP8 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:22 | 00,029,311 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\System32\DRIVERS\wATV01nt.sys -- (iAimTV0 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:22 | 00,019,551 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\System32\DRIVERS\wATV02NT.sys -- (iAimTV1 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:24 | 00,033,599 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\System32\DRIVERS\wATV04nt.sys -- (iAimTV3 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:20 | 00,023,615 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys -- (iAimTV4 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:26 | 00,025,471 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\system32\DRIVERS\wATV10nt.sys -- (iAimTV5 [On_Demand | Stopped])
DRV - [2002/07/23 09:01:26 | 00,022,271 | ---- | M] (Intel® Corporation) -- E:\WINDOWS\system32\DRIVERS\wATV06nt.sys -- (iAimTV6 [On_Demand | Stopped])
DRV - [2004/12/10 12:47:58 | 00,013,056 | ---- | M] (Logitech, Inc.) -- E:\WINDOWS\system32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])
DRV - [2004/12/10 12:48:08 | 00,052,992 | ---- | M] (Logitech, Inc.) -- E:\WINDOWS\System32\Drivers\L8042mou.sys -- (L8042mou [On_Demand | Running])
DRV - [2004/12/10 12:48:46 | 00,024,704 | ---- | M] (Logitech, Inc.) -- E:\WINDOWS\system32\DRIVERS\LHidKE.Sys -- (LHidKe [On_Demand | Stopped])
DRV - [2004/12/10 12:48:18 | 00,036,480 | ---- | M] (Logitech, Inc.) -- E:\WINDOWS\System32\Drivers\LHidUsbK.Sys -- (LHidUsbK [On_Demand | Stopped])
DRV - [2004/12/10 12:48:40 | 00,068,992 | ---- | M] (Logitech, Inc.) -- E:\WINDOWS\System32\Drivers\LMouKE.sys -- (LMouKE [On_Demand | Running])
DRV - [2004/08/04 01:41:36 | 00,606,684 | ---- | M] (LT) -- E:\WINDOWS\system32\DRIVERS\ltmdmnt.sys -- (ltmodem5 [On_Demand | Running])
DRV - [2007/09/03 14:37:18 | 00,015,648 | ---- | M] (Meetinghouse Data Communications) -- E:\WINDOWS\system32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Running])
DRV - [2001/08/17 14:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
DRV - [2008/04/13 14:44:30 | 00,027,904 | ---- | M] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- E:\WINDOWS\System32\DRIVERS\perm2.sys -- (perm2 [On_Demand | Stopped])
DRV - [2003/03/05 12:19:28 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- E:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [2001/08/18 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- E:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2001/08/18 12:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Stopped])
DRV - [2004/08/04 01:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- E:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Running])
DRV - [2007/11/13 05:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- E:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2007/03/01 10:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- E:\WINDOWS\system32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2001/08/17 13:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Stopped])
DRV - [2003/05/27 12:00:34 | 00,073,496 | ---- | M] (Symantec Corporation) -- E:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped])
DRV - [2006/03/01 12:36:30 | 00,023,600 | ---- | M] (EnTech Taiwan) -- E:\WINDOWS\system32\dRIVERs\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
DRV - [2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2008/04/13 14:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\DRIVERS\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2001/08/17 13:28:16 | 00,793,598 | ---- | M] (U.S. Robotics, Inc.) -- E:\WINDOWS\System32\DRIVERS\USR1806.SYS -- (USR1806 [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.affordablevacuum.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: E:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2006/01/10 15:56:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: E:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2006/01/10 15:56:20 | 00,000,000 | ---D | M]

[2008/08/03 14:08:34 | 00,000,000 | ---D | M] -- E:\Documents and Settings\C. Rich\Application Data\mozilla\Extensions
[2008/08/03 14:08:34 | 00,000,000 | ---D | M] -- E:\Documents and Settings\C. Rich\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2006/01/10 15:56:38 | 00,000,000 | ---D | M] -- E:\Documents and Settings\C. Rich\Application Data\mozilla\Firefox\Profiles\jgfu4ruh.default\extensions
[2006/01/10 15:56:52 | 00,000,000 | ---D | M] -- E:\Program Files\mozilla firefox\extensions
[2006/01/10 15:56:52 | 00,000,000 | ---D | M] -- E:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/28 14:41:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 14:41:30 | 00,134,648 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/07/02 12:31:38 | 00,001,394 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/07/02 12:31:38 | 00,002,193 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/07/02 12:31:38 | 00,001,534 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/07/02 12:31:38 | 00,001,706 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/07/02 12:31:38 | 00,001,178 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/07/02 12:31:38 | 00,000,792 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\yahoo.xml
[2008/11/14 07:39:44 | 00,002,343 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\eBay.xml

O1 HOSTS File: (734 bytes) - E:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] "E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [HotKeysCmds] E:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [IgfxTray] E:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [WD Button Manager] WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [WinPatrol] "E:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe" ()
O4 - HKLM..\Run: [WMC_AutoUpdate] File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
O4 - HKCU..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [updateMgr] "E:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1 (Adobe Systems Incorporated)
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk = E:\Program Files\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: E:\Documents and Settings\C. Rich\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = E:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .spop - E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: earthlink.net ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: pch.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.micr...0367/wmavax.CAB (Reg Error: Key error.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macrom...tor/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop...cpConnCheck.cab (iCC Class)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://download.ewid...oOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.h...staller_gmn.cab (VerifyGMN Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} http://di.imgag.com/...stall/AxCtp.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...DC_2.1.2.76.cab (FilePlanet Download Control Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1187879031250 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8214.8648958333 (Reg Error: Key error.)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} http://ak.imgag.com/...tall/AxCtp2.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} http://ax.phobos.app.../ITDetector.cab (iTunesDetector Class)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.c...driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: Microsoft XML Parser for Java file://E:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{9AD79629-1267-44F1-B659-DB63BECA5E3F}\\NameServer = 204.117.214.10,199.2.252.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{BD08683E-B0A0-4459-A2FF-A851D04BAA64}\\NameServer = 204.117.214.10,199.2.252.10
O18 - Protocol\Handler\bw+0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw+0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0 {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0s {afc69dd7-1129-4fa7-ba66-901e9f0be3f8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {AFC69DD7-1129-4FA7-BA66-901E9F0BE3F8} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - E:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s.)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - E:\Program Files\SpywareGuard\spywareguard.dll ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{55b300bd-e429-11da-a3ce-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{55b300bd-e429-11da-a3ce-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - E:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/05/14 20:15:08 | 00,501,248 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\C. Rich\Desktop\OTListIt2.exe
[2009/05/14 20:13:38 | 00,000,000 | ---D | C] -- E:\Rooter$
[2009/05/14 20:11:41 | 00,000,000 | ---D | C] -- E:\WINDOWS\ERDNT
[2009/05/14 20:11:26 | 00,000,712 | ---- | C] () -- E:\Documents and Settings\C. Rich\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/14 20:11:18 | 00,000,000 | ---D | C] -- E:\Program Files\ERUNT
[2009/05/14 20:10:25 | 00,000,000 | ---D | C] -- E:\Documents and Settings\C. Rich\Desktop\GeeksToGo Files
[2009/05/14 14:20:50 | 00,000,000 | ---D | C] -- E:\Documents and Settings\C. Rich\Application Data\Malwarebytes
[2009/05/14 14:20:43 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2009/05/14 14:20:41 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/14 14:20:37 | 00,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2009/05/14 14:20:37 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/14 00:50:49 | 00,091,860 | ---- | C] () -- E:\Documents and Settings\C. Rich\Desktop\Ad-AwareAE.exe
[2009/05/13 10:03:42 | 00,000,000 | ---D | C] -- E:\Program Files\Common Files\Uninstall
[2009/05/02 20:42:27 | 00,202,072 | R--- | C] (Coupons, Inc.) -- E:\WINDOWS\System32\cpnprt2.cid
[2009/05/02 20:42:20 | 00,000,000 | ---D | C] -- E:\WINDOWS\Cache
[2009/05/02 20:42:16 | 00,000,000 | ---D | C] -- E:\Program Files\Coupons
[2009/05/02 20:41:17 | 01,277,680 | ---- | C] () -- E:\Documents and Settings\C. Rich\Desktop\couponprinter.exe
[2009/04/22 20:50:07 | 00,054,156 | -H-- | C] () -- E:\WINDOWS\QTFont.qfn
[2009/04/22 20:50:07 | 00,001,409 | ---- | C] () -- E:\WINDOWS\QTFont.for
[2009/04/22 14:50:37 | 00,004,989 | ---- | C] () -- E:\Documents and Settings\C. Rich\Desktop\mm0.jpg
[2009/04/22 14:50:24 | 00,006,592 | ---- | C] () -- E:\Documents and Settings\C. Rich\Desktop\hemingway2.jpg
[2009/04/22 14:50:07 | 00,006,744 | ---- | C] () -- E:\Documents and Settings\C. Rich\Desktop\hemingway.jpg
[2009/04/21 17:05:00 | 00,013,911 | ---- | C] () -- E:\Documents and Settings\C. Rich\Desktop\0421091920.jpg
[2009/04/21 16:45:00 | 00,011,153 | ---- | C] () -- E:\Documents and Settings\C. Rich\Desktop\0421091921.jpg
[2009/04/21 16:32:00 | 00,010,846 | ---- | C] () -- E:\Documents and Settings\C. Rich\My Documents\cinsbday82
[2009/04/20 23:30:46 | 00,004,786 | ---- | C] () -- E:\Documents and Settings\C. Rich\Desktop\s507836878_1283475_3246.jpg
[2009/04/20 01:53:06 | 00,777,304 | ---- | C] (Gamevance LLC) -- E:\Documents and Settings\C. Rich\Desktop\SetupGamevance.exe
[2009/04/15 22:07:08 | 00,284,160 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 22:07:07 | 00,473,600 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 22:07:07 | 00,401,408 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 22:07:07 | 00,110,592 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 22:07:06 | 00,453,120 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 22:07:06 | 00,227,840 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 22:07:05 | 00,729,088 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 22:07:05 | 00,714,752 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 22:07:05 | 00,617,472 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 22:06:05 | 00,002,560 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 22:06:04 | 01,203,922 | ---- | C] () -- E:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 22:06:03 | 00,215,552 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\wordpad.exe
[2008/08/04 19:29:02 | 00,000,254 | ---- | C] () -- E:\WINDOWS\System32\SunData.ini
[2008/08/04 19:28:25 | 00,000,128 | ---- | C] () -- E:\WINDOWS\TTL3.ini
[2007/09/03 14:37:13 | 00,651,264 | ---- | C] () -- E:\WINDOWS\System32\libeay32.dll
[2007/09/03 14:37:13 | 00,147,456 | ---- | C] () -- E:\WINDOWS\System32\ssleay32.dll
[2006/09/08 10:44:47 | 00,258,048 | ---- | C] () -- E:\WINDOWS\System32\shpshftr.dll
[2006/09/08 10:43:50 | 00,028,672 | ---- | C] () -- E:\WINDOWS\System32\igfxdgps.dll
[2006/09/08 10:43:49 | 00,012,351 | ---- | C] () -- E:\WINDOWS\System32\i81xcoin.dll
[2006/08/25 10:08:17 | 00,011,776 | ---- | C] () -- E:\WINDOWS\System32\ZPORT4AS.dll
[2006/06/29 14:03:42 | 00,000,116 | ---- | C] () -- E:\WINDOWS\NeroDigital.ini
[2006/06/24 16:18:43 | 00,000,030 | ---- | C] () -- E:\WINDOWS\System32\brss01a.ini
[2006/06/24 16:17:42 | 00,000,459 | ---- | C] () -- E:\WINDOWS\brwmark.ini
[2006/06/24 16:17:42 | 00,000,236 | ---- | C] () -- E:\WINDOWS\Brpfx04a.ini
[2006/06/24 16:17:42 | 00,000,092 | ---- | C] () -- E:\WINDOWS\brpcfx.ini
[2006/06/24 16:17:42 | 00,000,079 | ---- | C] () -- E:\WINDOWS\BRPP2KA.INI
[2006/06/24 16:17:14 | 00,106,496 | ---- | C] () -- E:\WINDOWS\System32\BrMuSNMP.dll
[2006/06/23 15:53:40 | 00,000,252 | ---- | C] () -- E:\WINDOWS\wininit.ini
[2006/06/13 14:10:24 | 00,000,000 | ---- | C] () -- E:\WINDOWS\hpqEmlSz.INI
[2006/02/14 10:23:05 | 00,000,730 | ---- | C] () -- E:\WINDOWS\CoD.INI
[2006/02/13 12:31:33 | 00,000,319 | ---- | C] () -- E:\WINDOWS\CoDUO.INI
[2006/01/28 13:15:21 | 00,021,840 | ---- | C] () -- E:\WINDOWS\System32\SIntfNT.dll
[2006/01/28 13:15:20 | 00,017,212 | ---- | C] () -- E:\WINDOWS\System32\SIntf32.dll
[2006/01/28 13:15:20 | 00,012,067 | ---- | C] () -- E:\WINDOWS\System32\SIntf16.dll
[2005/12/29 15:06:38 | 00,000,642 | ---- | C] () -- E:\WINDOWS\SIERRA.INI
[2005/12/28 16:46:44 | 00,185,344 | ---- | C] () -- E:\WINDOWS\patchw32.dll
[2005/12/28 16:45:31 | 00,363,520 | ---- | C] () -- E:\WINDOWS\System32\psisdecd.dll
[2005/01/12 02:40:35 | 00,000,037 | ---- | C] () -- E:\WINDOWS\ipixActivex.ini
[2004/08/30 21:52:32 | 00,000,000 | ---- | C] () -- E:\WINDOWS\Bootus.INI
[2004/08/29 15:40:09 | 00,000,000 | ---- | C] () -- E:\WINDOWS\TAPILDR.INI
[2004/08/28 20:30:19 | 00,000,101 | ---- | C] () -- E:\WINDOWS\CMMIXER.INI
[2004/08/16 14:29:22 | 00,000,025 | ---- | C] () -- E:\WINDOWS\mixerdef.ini
[2004/08/16 12:35:08 | 00,000,376 | ---- | C] () -- E:\WINDOWS\ODBC.INI
[2004/07/22 17:28:02 | 00,057,344 | ---- | C] () -- E:\WINDOWS\System32\vuins32.dll
[1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- E:\WINDOWS\System32\MSRTEDIT.DLL
[1998/08/16 06:00:00 | 00,004,096 | ---- | C] () -- E:\WINDOWS\System32\sysres.dll
[1998/01/12 03:00:00 | 00,040,448 | ---- | C] () -- E:\WINDOWS\System32\REGOBJ.DLL
[1980/01/01 00:00:00 | 00,001,005 | ---- | C] () -- E:\WINDOWS\win.ini
[1980/01/01 00:00:00 | 00,000,227 | ---- | C] () -- E:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[2009/05/14 20:20:32 | 00,001,374 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2009/05/14 20:20:04 | 00,000,062 | -HS- | M] () -- E:\Documents and Settings\C. Rich\Local Settings\desktop.ini
[2009/05/14 20:20:00 | 00,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT
[2009/05/14 20:19:52 | 00,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2009/05/14 20:19:46 | 40,060,9280 | -HS- | M] () -- E:\hiberfil.sys
[2009/05/14 20:15:14 | 00,501,248 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\C. Rich\Desktop\OTListIt2.exe
[2009/05/14 20:11:28 | 00,000,712 | ---- | M] () -- E:\Documents and Settings\C. Rich\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/14 08:56:32 | 00,091,860 | ---- | M] () -- E:\Documents and Settings\C. Rich\Desktop\Ad-AwareAE.exe
[2009/05/11 19:51:30 | 00,054,156 | -H-- | M] () -- E:\WINDOWS\QTFont.qfn
[2009/05/07 03:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\MRT.exe
[2009/05/02 20:42:42 | 00,202,072 | R--- | M] (Coupons, Inc.) -- E:\WINDOWS\System32\cpnprt2.cid
[2009/05/02 20:41:26 | 01,277,680 | ---- | M] () -- E:\Documents and Settings\C. Rich\Desktop\couponprinter.exe
[2009/04/22 20:50:08 | 00,001,409 | ---- | M] () -- E:\WINDOWS\QTFont.for
[2009/04/22 17:23:46 | 00,000,116 | ---- | M] () -- E:\WINDOWS\NeroDigital.ini
[2009/04/22 14:50:40 | 00,004,989 | ---- | M] () -- E:\Documents and Settings\C. Rich\Desktop\mm0.jpg
[2009/04/22 14:50:26 | 00,006,592 | ---- | M] () -- E:\Documents and Settings\C. Rich\Desktop\hemingway2.jpg
[2009/04/22 14:50:18 | 00,006,744 | ---- | M] () -- E:\Documents and Settings\C. Rich\Desktop\hemingway.jpg
[2009/04/21 17:05:00 | 00,013,911 | ---- | M] () -- E:\Documents and Settings\C. Rich\Desktop\0421091920.jpg
[2009/04/21 16:45:00 | 00,011,153 | ---- | M] () -- E:\Documents and Settings\C. Rich\Desktop\0421091921.jpg
[2009/04/21 16:32:00 | 00,010,846 | ---- | M] () -- E:\Documents and Settings\C. Rich\My Documents\cinsbday82
[2009/04/20 23:30:50 | 00,004,786 | ---- | M] () -- E:\Documents and Settings\C. Rich\Desktop\s507836878_1283475_3246.jpg
[2009/04/20 01:53:24 | 00,777,304 | ---- | M] (Gamevance LLC) -- E:\Documents and Settings\C. Rich\Desktop\SetupGamevance.exe
[2009/04/18 09:15:46 | 00,548,006 | ---- | M] () -- E:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/18 09:15:46 | 00,459,344 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2009/04/18 09:15:46 | 00,078,866 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
< End of report >



next


OTListIt Extras logfile created on: 5/14/2009 8:21:53 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = E:\Documents and Settings\C. Rich\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

381.98 Mb Total Physical Memory | 103.18 Mb Available Physical Memory | 27.01% Memory free
921.36 Mb Paging File | 650.32 Mb Available in Paging File | 70.58% Paging File free
Paging file location(s): E:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
Drive E: | 49.41 Gb Total Space | 28.12 Gb Free Space | 56.92% Space Free | Partition Type: FAT32
Unable to calculate disk information.
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STORE
Current User Name: C. Rich
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- E:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006/03/20 12:06:28 | 00,032,768 | ---- | M] (Logitech) -- E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
File not found -- E:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe:*:Enabled:IreIke
File not found -- E:\Program Files\WatchGuard\Mobile User VPN\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
File not found -- E:\Program Files\WatchGuard\Mobile User VPN\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
File not found -- E:\Program Files\WatchGuard\Mobile User VPN\Vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2000/10/31 17:03:02 | 00,565,248 | ---- | M] (Havas Interactive) -- E:\Program Files\Sierra On-Line\SIGSPat.exe:*:Enabled:SIGSPat
[2006/09/08 10:58:22 | 00,081,920 | ---- | M] (Valve) -- E:\Program Files\Valve\Steam\SteamApps\richclan\counter-strike\hl.exe:*:Enabled:Half-Life Launcher
[2006/03/20 12:06:28 | 00,032,768 | ---- | M] (Logitech) -- E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger
[2006/02/23 16:31:58 | 14,144,000 | ---- | M] (Apple Computer, Inc.) -- E:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
File not found -- E:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe:*:Enabled:IreIke
File not found -- E:\Program Files\WatchGuard\Mobile User VPN\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
File not found -- E:\Program Files\WatchGuard\Mobile User VPN\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
File not found -- E:\Program Files\WatchGuard\Mobile User VPN\Vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25EF00BE-F17B-11D6-88EA-000476CD2443}" = Verizon Online
"{25EF00D5-F17B-11D6-88EA-000476CD2443}" = Verizon Online Help & Support
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45401A03-BDF0-448F-9B0F-3882B96F6692}" = Belkin Wireless Utility
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{516F50FB-48CA-4D92-BA63-A98A7C0AF7E2}" = HT Fireman
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® 810/810E/815/815E/815EM Chipset Graphics Driver Software
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{A351224F-533A-4EED-89F4-0BF3417FD31D}" = WD Backup
"{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C51CD33D-D7A0-4328-A802-3CD9DA437208}" = Type to Learn 3 Home
"{C9618743-1A5C-461E-91C4-E013A3D70F3C}" = Adobe® Photoshop® Album Starter Edition 3.0.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEB17EA4-2BA8-4F3B-9B24-DD5E42E6F3A7}" = COD & UO Fixer
"{D89EF3B3-6F17-4665-B7A9-A4235A6DC787}" = Ghost Recon
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}" = WD Firewire HID Driver
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Ares" = Ares 2.0.9
"Call of Duty" = Call of Duty
"CleanUp!" = CleanUp!
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ewidoantispyware4" = ewido anti-spyware 4.0
"Half-Life: Counter-Strike" = Half-Life: Counter-Strike
"Half-Life: Opposing Force" = Half-Life: Opposing Force
"HijackThis" = HijackThis 1.99.1
"hp deskjet 940c series" = hp deskjet 940c series (Remove only)
"hp deskjet 940c series_Driver" = hp deskjet 940c series
"IGN Download Manager" = IGN Download Manager 2.1.2
"InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"mIRC" = mIRC
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"Panda ActiveScan" = Panda ActiveScan
"PCI Audio Driver" = PCI Audio Driver
"RAR Password Cracker" = RAR Password Cracker 4.12
"Sierra Utilities" = Sierra Utilities
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SpywareGuard_is1" = SpywareGuard v2.2
"Steam" = Steam
"Terminal Server Client" = Terminal Services Client
"VUInstRhine" = VIA Rhine Family Fast Ethernet Adapter
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/11/2009 11:30:51 PM | Computer Name = STORE | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.2416, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/13/2009 7:57:46 AM | Computer Name = STORE | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.2416, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/13/2009 7:58:26 AM | Computer Name = STORE | Source = Application Hang | ID = 1001
Description = Fault bucket 01889186.

Error - 5/13/2009 8:03:36 AM | Computer Name = STORE | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.2416, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/13/2009 8:31:09 AM | Computer Name = STORE | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.2416, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/13/2009 8:31:45 AM | Computer Name = STORE | Source = Application Hang | ID = 1001
Description = Fault bucket 01889186.

Error - 5/13/2009 10:03:51 AM | Computer Name = STORE | Source = Application Error | ID = 1000
Description = Faulting application install_2018-7(2).exe, version 0.0.0.0, faulting
module install_2018-7(2).exe, version 0.0.0.0, fault address 0x0000c8be.

Error - 5/13/2009 10:04:03 AM | Computer Name = STORE | Source = Application Error | ID = 1001
Description = Fault bucket 1273297534.

Error - 5/14/2009 2:12:55 PM | Computer Name = STORE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module urlmon.dll, version 6.0.2900.5764, fault address 0x0000e23f.

Error - 5/14/2009 8:19:09 PM | Computer Name = STORE | Source = WLTRYSVC | ID = 2
Description = SetServiceStatus() failed

[ System Events ]
Error - 1/17/2009 10:08:32 AM | Computer Name = STORE | Source = Print | ID = 54
Description = Document Test Page was corrupted and has been deleted. The associated
driver is: hp deskjet 940c.

Error - 1/17/2009 10:43:21 AM | Computer Name = STORE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 1/19/2009 10:12:14 AM | Computer Name = STORE | Source = PlugPlayManager | ID = 12
Description = The device 'hp deskjet 940c' (LPTENUM\HEWLETT-PACKARDDESKJET_940C\6&35fb2ad7&0&LPT1.4)
disappeared from the system without first being prepared for removal.

Error - 2/12/2009 11:23:56 AM | Computer Name = STORE | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 2/15/2009 2:36:12 PM | Computer Name = STORE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 4/8/2009 1:36:51 PM | Computer Name = STORE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 5/1/2009 8:18:36 PM | Computer Name = STORE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 5/7/2009 8:25:40 AM | Computer Name = STORE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 5/14/2009 2:37:12 PM | Computer Name = STORE | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 5/14/2009 2:37:54 PM | Computer Name = STORE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
viaagp ViaIde


< End of report >



next


Microsoft Windows XP Professional (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [Fixed] - FAT32 - (Total:50598 Mo/Free:167 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Thu 05/14/2009|20:13

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\E:\WINDOWS\system32\csrss.exe
---------- \??\E:\WINDOWS\system32\winlogon.exe
---------- E:\WINDOWS\system32\services.exe
---------- E:\WINDOWS\system32\lsass.exe
---------- E:\WINDOWS\system32\svchost.exe
---------- E:\WINDOWS\system32\svchost.exe
---------- E:\WINDOWS\System32\svchost.exe
---------- E:\WINDOWS\System32\svchost.exe
---------- E:\WINDOWS\System32\svchost.exe
---------- E:\WINDOWS\system32\brsvc01a.exe
---------- E:\WINDOWS\system32\spoolsv.exe
---------- E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
---------- E:\WINDOWS\System32\svchost.exe
---------- E:\WINDOWS\system32\brss01a.exe
---------- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
---------- E:\Program Files\ewido anti-spyware 4.0\guard.exe
---------- E:\WINDOWS\System32\svchost.exe
---------- E:\WINDOWS\System32\wltrysvc.exe
---------- E:\WINDOWS\Explorer.EXE
---------- E:\WINDOWS\System32\alg.exe
---------- E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
---------- E:\WINDOWS\system32\igfxtray.exe
---------- E:\WINDOWS\System32\bcmwltry.exe
---------- E:\WINDOWS\system32\hkcmd.exe
---------- E:\WINDOWS\system32\WDBtnMgr.exe
---------- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
---------- E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
---------- E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- E:\Program Files\My Book\WD Backup\uBBMonitor.exe
---------- E:\Program Files\Mozilla Firefox\firefox.exe
---------- E:\WINDOWS\system32\cmd.exe
---------- E:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "E:\Rooter$\Rooter_1.txt" - Thu 05/14/2009|20:14

----------------------\\ Scan completed at 20:14
  • 0

Advertisements

#2
richclan
Posted 14 May 2009 - 06:50 PM

richclan

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 187 posts
found the file :)

Malwarebytes' Anti-Malware 1.36
Database version: 2131
Windows 5.1.2600 Service Pack 3

5/14/2009 2:34:43 PM
mbam-log-2009-05-14 (14-34-43).txt

Scan type: Quick Scan
Objects scanned: 82785
Time elapsed: 6 minute(s), 38 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 147
Registry Values Infected: 9
Registry Data Items Infected: 0
Folders Infected: 16
Files Infected: 84

Memory Processes Infected:
E:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Unloaded process successfully.
E:\Program Files\PAV\pav.exe (Rogue.PersonalAntiVirus) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2e59498d-7e44-4452-9044-0973b080b9e8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2e59498d-7e44-4452-9044-0973b080b9e8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e59498d-7e44-4452-9044-0973b080b9e8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch plugin (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar (Adware.MyWeb) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pav (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
E:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
E:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
E:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
E:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
E:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWeb) -> Delete on reboot.
E:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\winexplorer.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWeb) -> Quarantined and deleted successfully.
E:\Documents and Settings\C. Rich\Desktop\CursorManiaSetup2.3.50.45.ZCfox000.exe (Adware.MyWeb) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Cache\018C1FB7 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Cache\018C245A (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Cache\018C4E48.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Cache\018C4F52.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Cache\018C50D9.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Cache\018C5D9A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Cache\01A8CE7D.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Cache\01A8E62B.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\PAV\pav.exe (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
E:\Documents and Settings\All Users\Start Menu\PAV\Personal Antivirus.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP