Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Antivirus is having issues, and new search feature?

Started by PC-Tech , Jul 31 2009 12:11 AM

  • Please log in to reply

#1
PC-Tech
Posted 31 July 2009 - 12:11 AM

PC-Tech

    Member

  • Member
  • PipPip
  • 90 posts
i recently had to do a system restore because i was uninstalling some unused software, and saw one called "Seek Search", i have not been able to find this anywhere on google, and it was a firefox addon, and a program in the programs menu, while i was installing it it had a whole bunch of messages pop up saying it was having trouble deleting FILE.EXE and most of them were OTHER programs, so most of my other programs have disappeared, and i have had to reinstall them, i also cant get Avira to reinstall, and when i open up the one i already have it comes up with an error (image below)
i just want to make sure that i am clean now, thanks (logs below)

Posted Image

Extras
OTL Extras logfile created on: 7/30/2009 11:15:08 PM - Run 1OTL by OldTimer - Version 3.0.10.3     Folder = C:\Users\PC-Tech\DownloadsWindows Vista Ultimate Edition  (Version = 6.0.6000) - Type = NTWorkstationInternet Explorer (Version = 7.0.6000.16386)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.25 Gb Total Physical Memory | 0.62 Gb Available Physical Memory | 49.78% Memory free2.74 Gb Paging File | 2.01 Gb Available in Paging File | 73.52% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 16.49 Gb Total Space | 4.59 Gb Free Space | 27.83% Space Free | Partition Type: NTFSDrive D: | 9.55 Gb Total Space | 3.70 Gb Free Space | 38.75% Space Free | Partition Type: NTFSDrive E: | 28.73 Gb Total Space | 18.89 Gb Free Space | 65.76% Space Free | Partition Type: NTFSF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: ADMINISTRATORCurrent User Name: PC-TechLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard ========== Extra Registry (SafeList) ==========  ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation).hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation).html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1 ========== Authorized Applications List ==========  ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0385355A-D624-48C6-9E76-87732E4C3B7E}" = rport=139 | protocol=6 | dir=out | app=system | "{2AE5FD43-ABAE-41F0-8CDD-1645393A3E45}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{42E01F4B-59C0-420A-BEE8-8053D613BDBF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{59E8DC1E-B6BA-40B7-8642-1E22E625B1E4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{7132D4C6-E5FD-4A9F-A9BE-EE591A327FDF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{729AE6E8-19A7-42A7-9286-2C62B30BB778}" = lport=138 | protocol=17 | dir=in | app=system | "{74A6BE1A-82EA-4FCB-BF29-134646ED1AFE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8EF51023-C965-4640-B317-4DBDA8717D91}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{99F511D8-472D-4DAE-8B09-BC92B545B562}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9CBBDE15-1D2A-4913-B567-DD08FC6F6B21}" = lport=445 | protocol=6 | dir=in | app=system | "{A0BCDC7E-5F88-4D1F-AC47-30E0B468777C}" = rport=138 | protocol=17 | dir=out | app=system | "{A6E4F9A7-1218-4845-9FC0-3F737AD91039}" = rport=445 | protocol=6 | dir=out | app=system | "{BC3B4101-7069-4121-A8A3-72D2293FA3F2}" = lport=139 | protocol=6 | dir=in | app=system | "{BCCC9D55-43CC-42FD-B1E9-B82BE904D985}" = lport=2869 | protocol=6 | dir=in | app=system | "{C654128A-9CD3-456C-95DA-8832AD0FC5C8}" = rport=137 | protocol=17 | dir=out | app=system | "{F59BF22A-8D2E-4E86-8524-BDB665B6BD70}" = lport=137 | protocol=17 | dir=in | app=system |  ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{155134E6-A86A-44B4-B630-1E7DB82E1990}" = protocol=58 | dir=out | app=system | "{17CE9530-6B73-488C-87DD-A81CFCDB5EC7}" = protocol=17 | dir=in | app=e:\program files\teamviewer\version4\teamviewer.exe | "{180F0032-C3B7-4735-AF07-E8E15DB29621}" = protocol=6 | dir=in | app=e:\program files\ventrilo\ventrilo.exe | "{1FB2442A-E996-4916-B05A-44F9F55AAE4D}" = protocol=58 | dir=in | [email protected],-28545 | "{27CF7695-2A43-4636-B090-D39184AD9F0F}" = protocol=1 | dir=in | [email protected],-28543 | "{3D616FA2-413A-4BDA-81FD-72CEAA3181BE}" = protocol=1 | dir=out | [email protected],-28544 | "{40CC798F-21FE-40AF-8F37-066C9F94F925}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{41717BBD-5BF2-4D8A-B8CE-88B4D8EF85AE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4C5072AD-6DC7-46DD-B17B-65EBCF4DDFB1}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{4D473862-468E-41CA-9B34-6EEBEDD393B3}" = protocol=58 | dir=in | [email protected],-28545 | "{4E38567F-9556-4A7D-9949-29164944A775}" = protocol=58 | dir=out | app=system | "{4EB994E6-1FFF-44A4-B320-2F8DD6943AD1}" = protocol=1 | dir=out | [email protected],-28544 | "{5440F81D-2148-49A9-820C-B14BE99D5C2D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{922CB806-00C7-4E74-A89B-FC9DCA40BD2B}" = protocol=17 | dir=in | app=e:\program files\ventrilo\ventrilo.exe | "{A10BD001-932D-44BE-A466-66282D383E76}" = protocol=58 | dir=out | [email protected],-28546 | "{A31973B2-9664-4F00-BE15-08B8D96B2737}" = protocol=1 | dir=in | [email protected],-28543 | "{A867806F-28CF-4BB5-9EAA-97EABED2CA98}" = protocol=6 | dir=in | app=e:\program files\teamviewer\version4\teamviewer.exe | "{AF3E3838-B473-4F1D-940F-AF88E3FBCF19}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{BC9962CA-768B-4AD0-8B18-A0BB319AA507}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{C6813006-0558-488D-9F68-6F30D99EE637}" = protocol=58 | dir=out | app=system | "{DE5EB625-EBEE-421B-A9F6-D7D61D84D970}" = protocol=58 | dir=out | [email protected],-28546 | "{E28A401B-51D2-4338-9031-76A3B13594FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{27A0716E-23DE-4524-96C9-151050346348}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{94506518-50C5-4B0F-8137-2D1B501AD5C4}E:\program files\pidgin\pidgin.exe" = protocol=6 | dir=in | app=e:\program files\pidgin\pidgin.exe | "TCP Query User{9658AD2D-2921-40D6-A443-8A18168E21DC}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | "TCP Query User{B6A3847A-775E-4458-9F43-F9360AA523F2}C:\sandbox\pc-tech\defaultbox\drive\e\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\sandbox\pc-tech\defaultbox\drive\e\program files\frostwire\frostwire.exe | "TCP Query User{ECCA093A-1179-4FBC-82EF-C9EA4E973DA8}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | "UDP Query User{194F2A5A-ECE6-418F-871E-BDB64B4900F5}C:\sandbox\pc-tech\defaultbox\drive\e\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\sandbox\pc-tech\defaultbox\drive\e\program files\frostwire\frostwire.exe | "UDP Query User{5DD58EC6-A016-4BA5-8C75-A8ED96A81243}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{6D9EF938-36B1-4612-889D-C36A79D0507D}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | "UDP Query User{89C80EA4-EA44-4159-A143-12B3D616F3E3}E:\program files\pidgin\pidgin.exe" = protocol=17 | dir=in | app=e:\program files\pidgin\pidgin.exe | "UDP Query User{A2E5C5BC-96BF-486E-9FF3-30A36F2142A1}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |  ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(tm) 6 Update 13"{31220F55-4AA9-4386-83BA-F2CF5E91BB3C}" = PC CIF [email protected] "{362F8AC6-4EA5-C5AC-ED7E-1F49F0EE20D5}" = TweetDeck"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter Driver - WMP54Gv4.1"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)"{8D79CEF0-E934-7796-8D01-CEEFBB5CE697}" = Seesmic Desktop"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CC15A5FC-B6D3-4A2D-8A26-D8F2702A3C00}" = UltraMon"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio"7-Zip" = 7-Zip 4.65"Adobe AIR" = Adobe AIR"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"Adobe Shockwave Player" = Adobe Shockwave Player 11.5"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus"ERUNT_is1" = ERUNT 1.1j"Everything" = Everything 1.2.0.323"Foxit Reader" = Foxit Reader"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)"HyperCam 2" = HyperCam 2"InstallShield_{31220F55-4AA9-4386-83BA-F2CF5E91BB3C}" = PC CIF [email protected] "KatMouse" = KatMouse (remove only)"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware"ManyCam" = ManyCam 2.4 (remove only)"mIRC" = mIRC"Mozilla Firefox (3.0.12)" = Mozilla Firefox (3.0.12)"Mumble" = Mumble and Murmur"Pidgin" = Pidgin"PowerChute plus" = PowerChute plus 5.2.1"Sandboxie" = Sandboxie 3.38"TeamViewer 4" = TeamViewer 4"Thoosje Vista Tweaker" = Thoosje Vista Tweaker"Time Stopper1.00" = Time Stopper"WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Move Media Player" = Move Media Player"uTorrent" = µTorrent ========== Last 10 Event Log Errors ========== [ Application Events ]Error - 7/30/2009 9:53:56 PM | Computer Name = ADMINISTRATOR | Source = VSS | ID = 8193Description =  Error - 7/30/2009 9:54:56 PM | Computer Name = ADMINISTRATOR | Source = EventSystem | ID = 4609Description =  Error - 7/30/2009 9:54:56 PM | Computer Name = ADMINISTRATOR | Source = SecurityCenter | ID = 3Description = The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall. Error - 7/30/2009 9:55:56 PM | Computer Name = ADMINISTRATOR | Source = Microsoft-Windows-SpoolerSpoolss | ID = 1033Description =  Error - 7/30/2009 10:06:54 PM | Computer Name = ADMINISTRATOR | Source = MsiInstaller | ID = 11706Description =  Error - 7/30/2009 10:38:31 PM | Computer Name = ADMINISTRATOR | Source = Avira AntiVir | ID = 4122Description = Unable to load file AVPREF.DLL.   Returned error code: 1114 Error - 7/30/2009 10:48:56 PM | Computer Name = ADMINISTRATOR | Source = Application Error | ID = 1000Description = Faulting application _is83C5.exe, version 12.0.0.49974, time stamp 0x4474907b, faulting module _is83C5.exe, version 12.0.0.49974, time stamp 0x4474907b, exception code 0xc0000005, fault offset 0x0001e48b,  process id 0x8d0, application start time 0x01ca1189722d409f. Error - 7/30/2009 10:51:27 PM | Computer Name = ADMINISTRATOR | Source = Avira AntiVir | ID = 4122Description = Unable to load file AVPREF.DLL.   Returned error code: 1114 Error - 7/30/2009 10:54:33 PM | Computer Name = ADMINISTRATOR | Source = Avira AntiVir | ID = 4122Description = Unable to load file AVPREF.DLL.   Returned error code: 1114 Error - 7/30/2009 11:02:55 PM | Computer Name = ADMINISTRATOR | Source = Avira AntiVir | ID = 4122Description = Unable to load file AVPREF.DLL.   Returned error code: 1114 [ System Events ]Error - 7/30/2009 9:46:18 PM | Computer Name = ADMINISTRATOR | Source = cdrom | ID = 262151Description = The device, \Device\CdRom0, has a bad block. Error - 7/30/2009 9:46:22 PM | Computer Name = ADMINISTRATOR | Source = cdrom | ID = 262151Description = The device, \Device\CdRom0, has a bad block. Error - 7/30/2009 9:46:26 PM | Computer Name = ADMINISTRATOR | Source = cdrom | ID = 262151Description = The device, \Device\CdRom0, has a bad block. Error - 7/30/2009 9:52:42 PM | Computer Name = ADMINISTRATOR | Source = EventLog | ID = 6008Description = The previous system shutdown at 9:48:37 PM on 7/30/2009 was unexpected. Error - 7/30/2009 9:52:44 PM | Computer Name = ADMINISTRATOR | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 4002Description =  Error - 7/30/2009 10:05:22 PM | Computer Name = ADMINISTRATOR | Source = SbieSvc | ID = 16851905Description = SBIE9153 Cannot start driver (SbieDrv) Error - 7/30/2009 10:05:59 PM | Computer Name = ADMINISTRATOR | Source = SbieSvc | ID = 16851905Description = SBIE9153 Cannot start driver (SbieDrv) Error - 7/30/2009 10:06:46 PM | Computer Name = ADMINISTRATOR | Source = Service Control Manager | ID = 7000Description =  Error - 7/30/2009 10:49:29 PM | Computer Name = ADMINISTRATOR | Source = Service Control Manager | ID = 7030Description =  Error - 7/30/2009 10:52:50 PM | Computer Name = ADMINISTRATOR | Source = Service Control Manager | ID = 7030Description =   < End of report >]


OLT

ftOTL logfile created on: 7/30/2009 11:15:08 PM - Run 1OTL by OldTimer - Version 3.0.10.3     Folder = C:\Users\PC-Tech\DownloadsWindows Vista Ultimate Edition  (Version = 6.0.6000) - Type = NTWorkstationInternet Explorer (Version = 7.0.6000.16386)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.25 Gb Total Physical Memory | 0.62 Gb Available Physical Memory | 49.78% Memory free2.74 Gb Paging File | 2.01 Gb Available in Paging File | 73.52% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 16.49 Gb Total Space | 4.59 Gb Free Space | 27.83% Space Free | Partition Type: NTFSDrive D: | 9.55 Gb Total Space | 3.70 Gb Free Space | 38.75% Space Free | Partition Type: NTFSDrive E: | 28.73 Gb Total Space | 18.89 Gb Free Space | 65.76% Space Free | Partition Type: NTFSF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: ADMINISTRATORCurrent User Name: PC-TechLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard ========== Processes (SafeList) ========== PRC - [2009/05/28 09:32:26 | 00,053,760 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exePRC - [2009/01/14 17:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exePRC - [2009/07/27 03:37:30 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- E:\Program Files\TeamViewer\Version4\TeamViewer_Service.exePRC - [2009/07/27 03:50:06 | 03,874,088 | ---- | M] (TeamViewer GmbH) -- E:\Program Files\TeamViewer\Version4\TeamViewer.exePRC - [2006/11/02 08:33:45 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exePRC - [2006/11/02 05:46:00 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exePRC - [2006/11/02 05:45:07 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exePRC - [2006/11/02 08:33:45 | 00,201,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exePRC - [2009/07/22 23:03:25 | 00,307,704 | ---- | M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exePRC - [2009/07/13 13:36:16 | 01,287,440 | ---- | M] (Malwarebytes Corporation) -- E:\Program Files\Malwarebytes' Anti-Malware\mbam.exePRC - [2009/07/30 23:14:08 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\PC-Tech\Downloads\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Stopped])SRV - [2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Stopped])SRV - [2006/11/02 02:34:11 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])SRV - [2006/11/02 08:34:13 | 00,291,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])SRV - [2006/11/02 08:34:14 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])SRV - [2006/11/02 08:34:14 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])SRV - [2006/11/02 05:46:13 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])SRV - [2006/11/02 08:33:41 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])SRV - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped])SRV - [2006/11/02 08:33:43 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])SRV - [2006/11/02 08:33:43 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])SRV - [2009/05/28 09:32:26 | 00,053,760 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc [Auto | Running])SRV - [2009/01/14 17:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])SRV - [2009/07/27 03:37:30 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- E:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4 [Auto | Running])SRV - [2000/12/13 15:27:58 | 00,491,561 | ---- | M] (APC) -- c:\program files\ups.exe -- (UPS [Disabled | Stopped])SRV - [2006/11/02 08:32:25 | 00,263,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])SRV - [2006/11/02 08:33:45 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running]) ========== Driver Services (SafeList) ========== DRV - [2006/11/02 05:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])DRV - [2006/11/02 05:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])DRV - [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])DRV - [2006/11/02 05:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])DRV - [2006/11/02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])DRV - [2008/09/16 08:43:10 | 04,127,648 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM [On_Demand | Running])DRV - [2006/11/02 05:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])DRV - [2006/11/02 05:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])DRV - [2006/11/02 05:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])DRV - [2009/06/11 20:14:28 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])DRV - [2009/06/11 20:14:34 | 00,052,056 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Stopped])DRV - [2009/06/11 20:15:22 | 00,075,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\DRIVERS\avipbb.sys -- (avipbb [System | Running])DRV - [2006/11/02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])DRV - [2006/11/02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])DRV - [2006/11/02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])DRV - [2006/11/02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])DRV - [2006/11/02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])DRV - [2006/11/02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])DRV - [2006/11/02 05:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])DRV - [2006/11/02 03:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])DRV - [2006/11/02 05:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])DRV - [2007/11/21 21:15:44 | 00,037,376 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\es1371mp.sys -- (es1371 [On_Demand | Running])DRV - [2009/02/06 18:08:52 | 00,055,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\fssfltr.sys -- (fssfltr [On_Demand | Stopped])DRV - [2006/11/02 05:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])DRV - [2006/11/02 05:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])DRV - [2006/11/02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])DRV - [2006/11/02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])DRV - [2006/11/02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])DRV - [2006/11/02 05:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])DRV - [2006/11/02 05:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])DRV - [2006/11/02 05:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])DRV - [2008/01/14 06:06:32 | 00,021,632 | ---- | M] (ManyCam LLC.) -- C:\Windows\System32\DRIVERS\ManyCam.sys -- (ManyCam [On_Demand | Running])DRV - [2006/11/02 05:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])DRV - [2006/11/02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])DRV - [2006/11/02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])DRV - [2006/11/02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])DRV - [2006/10/13 23:04:33 | 04,422,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])DRV - [2006/11/02 05:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])DRV - [2006/11/02 05:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])DRV - [2007/05/14 10:26:10 | 00,508,288 | ---- | M] (PixArt Imaging Inc.) -- C:\Windows\System32\DRIVERS\PFC027.SYS -- (PAC207 [On_Demand | Stopped])DRV - [2006/11/02 05:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])DRV - [2006/11/02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])DRV - [2007/06/26 09:45:12 | 00,286,208 | ---- | M] (Ralink Technology Inc.) -- C:\Windows\System32\DRIVERS\WMP54Gv41x86.sys -- (rt61x86 [On_Demand | Stopped])DRV - [2006/11/02 03:30:56 | 00,047,104 | ---- | M] (Realtek Semiconductor Corporation                           ) -- C:\Windows\System32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])DRV - [2009/05/28 09:32:24 | 00,108,032 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv [On_Demand | Running])DRV - [2006/11/02 02:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])DRV - [2006/11/02 05:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Boot | Running])DRV - [2006/11/02 05:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])DRV - [2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\Windows\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])DRV - [2006/11/02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])DRV - [2006/11/02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])DRV - [2006/11/02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])DRV - [2007/02/05 05:51:38 | 00,003,584 | R--- | M] () -- C:\Windows\System32\TimerStop.sys -- (TimerStop [Auto | Stopped])DRV - [2006/11/02 05:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])DRV - [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])DRV - [2006/11/02 05:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])DRV - [2008/09/14 17:32:58 | 00,010,496 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility [Auto | Running])DRV - [2006/11/02 05:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])DRV - [2006/11/02 05:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])DRV - [2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Running]) ========== Standard Registry (SafeList) ==========  ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: [email protected]:7FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.38FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.12FF - prefs.js..extensions.enabledItems: {a81bafeb-b6ed-4501-aa17-15a2b3857e56}:3.5 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2009/07/23 13:32:44 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2009/07/22 23:03:27 | 00,000,000 | ---D | M] [2009/06/11 20:49:06 | 00,000,000 | ---D | M] -- C:\Users\PC-Tech\AppData\Roaming\mozilla\Extensions[2009/06/11 20:49:06 | 00,000,000 | ---D | M] -- C:\Users\PC-Tech\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}[2009/07/30 22:56:54 | 00,000,000 | ---D | M] -- C:\Users\PC-Tech\AppData\Roaming\mozilla\Firefox\Profiles\m6k8danc.default\extensions[2009/07/18 22:28:08 | 00,000,000 | ---D | M] -- C:\Users\PC-Tech\AppData\Roaming\mozilla\Firefox\Profiles\m6k8danc.default\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56}[2009/07/24 01:47:24 | 00,000,000 | ---D | M] -- C:\Users\PC-Tech\AppData\Roaming\mozilla\Firefox\Profiles\m6k8danc.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}[2009/07/30 22:34:09 | 00,000,000 | ---D | M] -- C:\Users\PC-Tech\AppData\Roaming\mozilla\Firefox\Profiles\m6k8danc.default\extensions\[email protected] O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\HostsO1 - Hosts: 127.0.0.1       localhostO1 - Hosts: ::1             localhostO2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)O4 - Startup: C:\Users\PC-Tech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KatMouse.lnk = D:\Program Files\KatMouse\KatMouse.exe ()O4 - Startup: C:\Users\PC-Tech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk = C:\Users\PC-Tech\AppData\Roaming\Microsoft\Installer\{CC15A5FC-B6D3-4A2D-8A26-D8F2702A3C00}\IcoUltraMon.ico ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoThumbnail = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)O13 - gopher Prefix: missingO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_13)O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_13)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_13)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O33 - MountPoints2\{0bf724f8-56f4-11de-a971-806e6f6e6963}\Shell - "" = AutoRunO33 - MountPoints2\{0bf724f8-56f4-11de-a971-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe -- File not foundO33 - MountPoints2\{f50c8c04-6049-11de-96b8-0001804f27e2}\Shell - "" = AutorunO33 - MountPoints2\{f50c8c04-6049-11de-96b8-0001804f27e2}\Shell\Open\command - "" = RECYCLER\S-0-2-67-100011636-100007295-100020788-1985.com l:\O34 - HKLM BootExecute: (autocheck) -  File not foundO34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)O34 - HKLM BootExecute: (*) -  File not found NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not foundNetSvcs: Ias - Service key not found. File not foundNetSvcs: Irmon - Service key not found. File not foundNetSvcs: Nla - Service key not found. File not foundNetSvcs: Ntmssvc - Service key not found. File not foundNetSvcs: NWCWorkstation - Service key not found. File not foundNetSvcs: Nwsapagent - Service key not found. File not foundNetSvcs: SRService - Service key not found. File not foundNetSvcs: Wmi - Service key not found. File not foundNetSvcs: WmdmPmSp - Service key not found. File not foundNetSvcs: LogonHours - Service key not found. File not foundNetSvcs: PCAudit - Service key not found. File not foundNetSvcs: helpsvc - Service key not found. File not foundNetSvcs: uploadmgr - Service key not found. File not found ========== Files/Folders - Created Within 30 Days ========== [2009/07/30 23:13:34 | 00,000,000 | ---- | C] () -- C:\Users\PC-Tech\Desktop\settings.dat[2009/07/30 23:13:13 | 00,470,528 | ---- | C] ( ) -- C:\Users\PC-Tech\Desktop\RootRepeal.exe[2009/07/30 23:12:18 | 00,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat[2009/07/30 23:10:36 | 00,000,000 | ---D | C] -- C:\Users\PC-Tech\AppData\Roaming\Malwarebytes[2009/07/30 23:10:33 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys[2009/07/30 23:10:31 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys[2009/07/30 23:10:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2009/07/30 23:09:46 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT[2009/07/30 23:01:11 | 01,342,637 | -H-- | C] () -- C:\Users\PC-Tech\AppData\Local\IconCache.db[2009/07/30 22:15:10 | 00,000,000 | ---D | C] -- C:\Program Files\Time Stopper(5)[2009/07/30 22:11:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR(1)[2009/07/30 21:39:48 | 13,417,10336 | -HS- | C] () -- C:\hiberfil.sys[2009/07/30 18:14:54 | 00,000,000 | ---D | C] -- C:\Program Files\QS[2009/07/30 17:34:34 | 00,000,000 | ---D | C] -- C:\Users\PC-Tech\AppData\Roaming\Real Desktop[2009/07/30 17:09:24 | 00,000,000 | ---D | C] -- C:\Users\PC-Tech\AppData\Roaming\SecondLife[2009/07/30 17:09:24 | 00,000,000 | ---D | C] -- C:\Users\PC-Tech\AppData\Local\SecondLife[2009/07/29 21:31:50 | 00,056,580 | ---- | C] () -- C:\Users\PC-Tech\Desktop\ATT00007.jpg[2009/07/29 15:06:43 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira(6)[2009/07/29 15:06:43 | 00,000,000 | ---D | C] -- C:\Program Files\Avira(0)[2009/07/28 23:20:20 | 00,084,068 | ---- | C] () -- C:\Users\PC-Tech\Desktop\cableinternetkit.jpg[2009/07/28 16:10:55 | 00,000,000 | ---D | C] -- C:\Users\PC-Tech\Desktop\Wiring[2009/07/28 15:44:26 | 00,000,000 | ---D | C] -- C:\Users\PC-Tech\AppData\Roaming\TeamViewer[2009/07/28 15:43:53 | 00,000,000 | ---D | C] -- C:\Program Files\TeamViewer[2009/07/28 14:38:47 | 00,000,000 | ---D | C] -- C:\Users\PC-Tech\AppData\Roaming\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1[2009/07/28 14:38:28 | 00,000,621 | ---- | C] () -- C:\Users\Public\Desktop\Seesmic Desktop.lnk[2009/07/24 01:51:31 | 00,000,000 | ---D | C] -- C:\Program Files\HyCam2[2009/07/24 01:16:46 | 00,048,128 | ---- | C] (PixArt Imaging Incorporation) -- C:\Windows\System32\Remove.exe[2009/07/24 01:16:46 | 00,000,408 | ---- | C] () -- C:\Windows\System32\Remover.ini[2009/07/24 01:16:36 | 00,000,000 | ---D | C] -- C:\Windows\PixArt[2009/07/24 01:16:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PAC207[2009/07/24 01:16:35 | 00,000,000 | ---D | C] -- C:\Program Files\PC CIF [email protected][2009/07/24 01:11:59 | 00,000,000 | ---D | C] -- C:\Windows\Downloaded Installations[2009/07/24 01:11:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield[2009/07/24 01:00:16 | 00,827,393 | ---- | C] (BLACK) -- C:\Windows\System32\HWMBlackBox.dll[2009/07/24 01:00:14 | 00,000,000 | ---D | C] -- C:\Users\PC-Tech\AppData\Roaming\HWM BlackBox[2009/07/24 01:00:06 | 00,000,113 | ---- | C] () -- C:\Users\PC-Tech\AppData\Roaming\BlackBoxconfig.xml[2009/07/24 01:00:06 | 00,000,000 | ---D | C] -- C:\Users\PC-Tech\AppData\Roaming\BlackBox[2009/07/24 00:57:48 | 00,001,690 | ---- | C] () -- C:\Users\PC-Tech\Desktop\ManyCam 2.4.lnk[2009/07/24 00:55:34 | 00,000,000 | ---D | C] -- C:\Users\PC-Tech\AppData\Roaming\ManyCam[2009/07/24 00:55:34 | 00,000,000 | ---D | C] -- C:\Program Files\ManyCam 2.4[2009/07/22 18:34:13 | 00,000,000 | ---D | C] -- C:\Windows\System32\Adobe[2009/07/21 23:04:43 | 00,373,760 | ---- | C] () -- C:\Windows\System32\xnmba450.dll[2009/07/21 23:04:43 | 00,086,528 | ---- | C] () -- C:\Windows\System32\xnmhb450.dll[2009/07/21 23:04:43 | 00,066,048 | ---- | C] () -- C:\Windows\System32\xnmte450.dll[2009/07/21 23:04:43 | 00,025,088 | ---- | C] () -- C:\Windows\System32\xnmhn450.dll[2009/07/21 23:04:36 | 00,491,561 | ---- | C] (APC) -- C:\Program Files\ups.exe[2009/07/21 23:04:36 | 00,036,864 | ---- | C] (American Power Conversion) -- C:\Windows\System32\apcctrs.dll[2009/07/21 23:04:36 | 00,024,576 | ---- | C] () -- C:\Program Files\upsmsgs.dll[2009/07/21 23:04:36 | 00,004,036 | ---- | C] () -- C:\Windows\System32\apcctr.ini[2009/07/21 23:04:36 | 00,001,016 | ---- | C] () -- C:\Windows\System32\apcctrnm.h[2009/07/21 23:04:35 | 00,679,982 | ---- | C] (APC) -- C:\Program Files\pwrchute.exe[2009/07/21 23:04:34 | 00,217,088 | ---- | C] () -- C:\Program Files\rengs.dll[2009/07/21 23:04:34 | 00,069,632 | ---- | C] () -- C:\Program Files\uninst.dll[2009/07/21 23:04:34 | 00,020,298 | ---- | C] () -- C:\Program Files\DeIsL1.isu[2009/07/21 23:04:34 | 00,009,259 | ---- | C] () -- C:\Program Files\pwrchute.ini[2009/07/21 23:04:34 | 00,000,000 | ---D | C] -- C:\Program Files\Registration Agent[2009/07/21 23:04:05 | 00,283,648 | ---- | C] (Stirling Technologies, Inc.) -- C:\Windows\uninst.exe[2009/07/21 23:01:14 | 00,002,348 | ---- | C] () -- C:\Windows\PowerChute.MIF[2009/07/21 23:00:54 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS[2009/07/21 23:00:54 | 00,000,000 | RHS- | C] () -- C:\IO.SYS[2009/07/19 03:17:56 | 00,000,000 | ---D | C] -- C:\Users\PC-Tech\Desktop\Temp[2009/07/19 03:17:44 | 00,000,000 | ---D | C] -- C:\Users\PC-Tech\Desktop\Upload[2009/07/18 23:16:49 | 00,000,000 | ---D | C] -- C:\Users\PC-Tech\Desktop\Logos[2009/07/18 23:16:22 | 00,000,000 | ---D | C] -- C:\Users\PC-Tech\Desktop\Avatar options[2009/07/13 23:47:18 | 00,001,804 | ---- | C] () -- C:\Users\PC-Tech\Desktop\mIRC.lnk[2009/07/13 22:36:11 | 00,000,000 | ---D | C] -- C:\Users\PC-Tech\AppData\Local\Microsoft Games[2009/07/04 23:46:42 | 00,000,000 | ---D | C] -- C:\Windows\Minidump[2009/07/04 23:46:12 | 11,478,2973 | ---- | C] () -- C:\Windows\MEMORY.DMP[2009/07/02 23:59:25 | 00,000,000 | ---D | C] -- C:\Windows\Sun[2009/06/21 16:30:53 | 00,003,584 | R--- | C] () -- C:\Windows\System32\TimerStop.sys[2009/06/11 21:38:47 | 00,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini[2009/06/11 21:02:59 | 00,001,912 | ---- | C] () -- C:\Windows\Sandboxie.ini[2009/06/11 19:11:33 | 00,000,920 | ---- | C] () -- C:\Windows\System32\WLAN.INI[2008/09/10 13:13:50 | 00,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll[2006/11/02 09:27:46 | 00,000,518 | ---- | C] () -- C:\Windows\System32\SP207.ini[2006/11/02 08:34:23 | 00,080,010 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en[2006/11/02 08:34:20 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll[2006/11/02 06:23:31 | 00,000,478 | ---- | C] () -- C:\Windows\win.ini[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== Files - Modified Within 30 Days ========== [2009/07/30 23:13:34 | 00,000,000 | ---- | M] () -- C:\Users\PC-Tech\Desktop\settings.dat[2009/07/30 23:12:18 | 00,000,000 | ---- | M] () -- C:\Windows\System32\settings.dat[2009/07/30 23:10:05 | 00,629,606 | ---- | M] () -- C:\Windows\System32\perfh009.dat[2009/07/30 23:10:05 | 00,107,904 | ---- | M] () -- C:\Windows\System32\perfc009.dat[2009/07/30 23:10:03 | 00,732,714 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI[2009/07/30 23:03:07 | 00,002,481 | ---- | M] () -- C:\Users\PC-Tech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk[2009/07/30 23:02:52 | 00,002,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0[2009/07/30 23:02:52 | 00,002,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0[2009/07/30 23:02:45 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT[2009/07/30 23:02:41 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2009/07/30 23:02:37 | 13,417,10336 | -HS- | M] () -- C:\hiberfil.sys[2009/07/30 23:01:22 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat[2009/07/30 23:01:12 | 01,342,637 | -H-- | M] () -- C:\Users\PC-Tech\AppData\Local\IconCache.db[2009/07/30 22:52:43 | 00,002,369 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk[2009/07/30 17:18:45 | 00,000,680 | ---- | M] () -- C:\Users\PC-Tech\AppData\Local\d3d9caps.dat[2009/07/30 15:45:38 | 00,470,528 | ---- | M] ( ) -- C:\Users\PC-Tech\Desktop\RootRepeal.exe[2009/07/29 21:31:53 | 00,056,580 | ---- | M] () -- C:\Users\PC-Tech\Desktop\ATT00007.jpg[2009/07/28 23:20:21 | 00,084,068 | ---- | M] () -- C:\Users\PC-Tech\Desktop\cableinternetkit.jpg[2009/07/28 14:38:28 | 00,000,621 | ---- | M] () -- C:\Users\Public\Desktop\Seesmic Desktop.lnk[2009/07/28 11:50:23 | 00,000,585 | ---- | M] () -- C:\Users\Public\Desktop\TweetDeck.lnk[2009/07/26 23:28:58 | 00,000,478 | ---- | M] () -- C:\Windows\win.ini[2009/07/26 17:48:27 | 11,478,2973 | ---- | M] () -- C:\Windows\MEMORY.DMP[2009/07/24 01:00:16 | 00,827,393 | ---- | M] (BLACK) -- C:\Windows\System32\HWMBlackBox.dll[2009/07/24 01:00:06 | 00,000,113 | ---- | M] () -- C:\Users\PC-Tech\AppData\Roaming\BlackBoxconfig.xml[2009/07/24 00:57:48 | 00,001,690 | ---- | M] () -- C:\Users\PC-Tech\Desktop\ManyCam 2.4.lnk[2009/07/21 23:05:16 | 00,020,298 | ---- | M] () -- C:\Program Files\DeIsL1.isu[2009/07/21 23:05:16 | 00,002,348 | ---- | M] () -- C:\Windows\PowerChute.MIF[2009/07/21 23:05:02 | 00,009,259 | ---- | M] () -- C:\Program Files\pwrchute.ini[2009/07/21 23:00:54 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS[2009/07/21 23:00:54 | 00,000,000 | RHS- | M] () -- C:\IO.SYS[2009/07/13 23:47:18 | 00,001,804 | ---- | M] () -- C:\Users\PC-Tech\Desktop\mIRC.lnk[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Custom Scans ==========  < %SYSTEMDRIVE%\*.exe >< End of report >


MBAM

Database version _linenums:2534'>Malwarebytes' Anti-Malware 1.39Database version: 2534Windows 6.0.6000 7/31/2009 1:56:05 AMmbam-log-2009-07-31 (01-56-05).txtScan type: Full Scan (C:\|D:\|E:\|F:\|)Objects scanned: 151467Time elapsed: 2 hour(s), 44 minute(s), 36 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:c:\program files\rengs.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.c:\program files\uninst.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.c:\program files\upsmsgs.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP