Page 4 of 4 FirstFirst 1234
Results 31 to 37 of 37

Thread: Multiple problems - Opachki.ru & Realplayer

  1. 2011-02-13, 04:41 #31
    chayes001
    chayes001 is offline
    Member
    Join Date
    Dec 2008
    Location
    St.Joseph, Mo.
    Posts
    62

    Default

    Hey Ken,

    What I've done may be unorthodox but it seems to have worked so far. I restored to a point near the first of the year. This was before I updated Real Player (as recommended by WinPatrol) and began having problems. I went to Add/Delete Programs and uninstalled Real Player and followed up by deleting all of the associated folders in Documents & Settings and Program Files. I then rebooted and opened WinPatrol in the "Startup" tab and TkBell.exe was not present!! That doesn't mean that it's not still in registry but it's not active. I'm going to delete all the restore points up to today from this current restore. I realize that I may have restored whatever virus that I may have had and will scan heavily with MBAM, Avira & ESET very soon but a virus seems to be much easier to deal with than Real Player. If I have additional problems with a virus I'll log back on and wait my turn.

    I Thank You so very much for your patience and expertise.

    Chris
  2. 2011-02-13, 13:19 #32
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Chris,

    Not a problem, whatever works. Just make sure you have System Restore turned on and have created a new restore point because in case of disaster a bad restore point is better than no restore point.

    We can keep this thread open, do this

    1. Run ATF cleaner
    2. Update and run Malwarebytes and post the log
    3. Redownload OTL and run a new scan and post the log
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  3. 2011-02-13, 15:48 #33
    chayes001
    chayes001 is offline
    Member
    Join Date
    Dec 2008
    Location
    St.Joseph, Mo.
    Posts
    62

    Default

    Hey Ken,
    Everything seems to be going well. When I brought my laptop up this morning I rechecked WinPatrol Startup for TkBell.exe and it's not there. I did have a problem with Malwarebytes after the restore. When I changed tabs to select update or scan it wouldn't refresh so text and buttons were overlapping each other. I uninstalled MBAM, rebooted then redownloaded and reinstalled. It's operating correctly now and updated. ATF cleaned >12 Mb. Here are the logs:

    OTL logfile created on: 2/13/2011 8:36:59 AM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Owner.ChrisNotebook\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.11)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 142.20 Gb Total Space | 74.23 Gb Free Space | 52.20% Space Free | Partition Type: NTFS
    Drive D: | 6.83 Gb Total Space | 4.64 Gb Free Space | 68.02% Space Free | Partition Type: FAT32

    Computer Name: CHRISNOTEBOOK | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/02/11 11:41:34 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.ChrisNotebook\Desktop\OTL.exe
    PRC - [2010/12/09 20:39:26 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/08/02 16:10:02 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/08/02 16:09:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/05/28 05:04:52 | 000,911,920 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe
    PRC - [2010/01/14 22:11:02 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2010/01/13 16:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
    PRC - [2008/10/09 09:52:54 | 000,333,120 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    PRC - [2008/09/16 12:16:08 | 001,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/01/03 18:28:08 | 001,392,640 | R--- | M] (PalmSource, Inc) -- C:\Program Files\palmOne\Hotsync.exe
    PRC - [2007/11/01 13:00:50 | 000,794,624 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    PRC - [2007/11/01 12:51:34 | 000,995,328 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    PRC - [2007/11/01 12:47:08 | 001,101,824 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    PRC - [2007/11/01 12:42:52 | 000,659,456 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    PRC - [2007/11/01 12:40:04 | 001,183,744 | -H-- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    PRC - [2007/11/01 12:35:40 | 000,483,328 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    PRC - [2007/04/04 10:30:43 | 000,068,856 | -H-- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2007/03/15 17:16:42 | 000,454,784 | -H-- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
    PRC - [2006/11/16 16:04:58 | 002,348,584 | -H-- | M] (BigFix Inc.) -- C:\Program Files\BigFix\bigfix.exe
    PRC - [2006/11/03 18:19:58 | 000,013,592 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
    PRC - [2006/09/18 17:03:47 | 000,172,032 | -H-- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    PRC - [2006/05/23 20:22:36 | 000,573,440 | -H-- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    PRC - [2006/03/30 09:15:44 | 000,096,341 | -H-- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
    PRC - [2005/12/27 09:20:14 | 000,413,696 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
    PRC - [2005/10/12 13:30:42 | 000,139,264 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2005/10/12 13:30:24 | 000,086,140 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    PRC - [2004/11/26 06:42:10 | 000,812,032 | -H-- | M] (Ahead Software AG) -- C:\Program Files\ahead\InCD\InCDsrv.exe
    PRC - [2004/11/11 19:50:15 | 000,212,992 | -H-- | M] (Ahead Software) -- C:\Program Files\ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe
    PRC - [2004/11/05 08:47:00 | 000,098,394 | -H-- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/02/11 11:41:34 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.ChrisNotebook\Desktop\OTL.exe
    MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2008/10/09 09:53:03 | 000,062,776 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
    MOD - [2004/11/05 08:47:00 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/12/09 20:39:26 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/08/02 16:10:02 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2007/11/01 13:00:50 | 000,794,624 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV - [2007/11/01 12:40:04 | 001,183,744 | -H-- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
    SRV - [2007/11/01 12:35:40 | 000,483,328 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2006/11/03 18:19:58 | 000,013,592 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
    SRV - [2006/09/18 17:03:47 | 000,172,032 | -H-- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
    SRV - [2006/03/30 09:15:44 | 000,096,341 | -H-- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
    SRV - [2005/10/12 13:30:24 | 000,086,140 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R)
    SRV - [2004/11/26 06:42:10 | 000,812,032 | -H-- | M] (Ahead Software AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/12/21 14:45:51 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2010/11/22 13:55:30 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/06/17 15:27:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010/06/17 15:27:14 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2010/05/28 05:04:52 | 000,014,896 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
    DRV - [2010/03/10 18:53:33 | 000,033,848 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD) SoundTap Recorder (32 Bit)
    DRV - [2009/04/28 14:20:06 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2009/04/28 14:20:06 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/02/15 12:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2008/01/04 19:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
    DRV - [2007/12/06 08:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
    DRV - [2007/10/31 09:23:20 | 002,236,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
    DRV - [2007/08/27 10:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
    DRV - [2007/03/22 11:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
    DRV - [2007/03/22 11:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
    DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
    DRV - [2006/07/31 06:44:00 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov550i.sys -- (APL531)
    DRV - [2006/06/15 14:28:04 | 001,179,784 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2006/05/23 20:30:06 | 000,893,952 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
    DRV - [2005/12/05 01:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
    DRV - [2005/10/12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS -- (iaStor)
    DRV - [2005/09/21 01:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
    DRV - [2005/02/01 12:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV - [2004/11/26 13:36:24 | 000,098,176 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
    DRV - [2004/11/26 13:36:06 | 000,028,928 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
    DRV - [2004/11/26 06:36:02 | 000,027,648 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
    DRV - [2004/11/05 08:47:00 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2004/04/13 17:03:46 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
    DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
    DRV - [2003/07/16 00:27:40 | 000,043,264 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
    DRV - [2003/05/14 12:42:56 | 000,021,216 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
    DRV - [2003/05/14 12:42:50 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
    DRV - [2003/05/14 12:42:48 | 000,005,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
    DRV - [2003/05/14 12:42:44 | 000,044,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
    DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2001/08/17 22:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 22:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 22:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 22:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 22:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 21:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 21:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 21:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 21:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 21:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 21:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 21:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 21:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 21:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 21:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login...sbc.yahoo.com/
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "https://login.yahoo.com/config/login_verify2?&.src=ym"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/08 07:29:48 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/12 20:46:49 | 000,000,000 | ---D | M]

    [2008/12/16 13:01:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.ChrisNotebook\Application Data\Mozilla\Extensions
    [2011/02/12 20:39:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.ChrisNotebook\Application Data\Mozilla\Firefox\Profiles\l1888blv.default\extensions
    [2010/12/29 09:27:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner.ChrisNotebook\Application Data\Mozilla\Firefox\Profiles\l1888blv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2011/02/12 20:39:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/12/20 15:00:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2010/12/20 15:00:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2009/09/01 06:50:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2010/12/20 15:00:33 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/01/13 16:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

    O1 HOSTS File: ([2009/01/09 13:27:58 | 000,000,141 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
    O4 - HKLM..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe (Fellowes, Inc.)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
    O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
    O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
    O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
    O4 - HKCU..\Run: [NBJ] C:\Program Files\ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
    O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe (Ahead Software)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk = C:\Program Files\BigFix\bigfix.exe (BigFix Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
    O4 - Startup: C:\Documents and Settings\Owner.ChrisNotebook\Start Menu\Programs\Startup\IMVU.lnk = File not found
    O4 - Startup: C:\Documents and Settings\Owner.ChrisNotebook\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
    O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - File not found
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O15 - HKCU\..Trusted Domains: chase.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: city-cu.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: excelsior.edu ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: gotomycard.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: mycreditkeeper.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: spybot.info ([forums] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: spywarewarrior.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: sri.com ([mtc] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: yahoo.com ([login] https in Trusted sites)
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab (VerifyGMN Class)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/res...scbase5036.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gateway.com/support/s...vest/gwCID.CAB (compid Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get...sh/swflash.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.104 192.168.0.100 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Owner.ChrisNotebook\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.ChrisNotebook\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (indows.common-controls_6595b641) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/09/12 14:02:32 | 000,040,149 | ---- | M] () - C:\AutoEnginuity.log -- [ NTFS ]
    O32 - AutoRun File - [2006/12/03 10:14:04 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{18f976aa-bd60-11dd-acaf-0018de038e3f}\Shell - "" = AutoRun
    O33 - MountPoints2\{18f976aa-bd60-11dd-acaf-0018de038e3f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{18f976aa-bd60-11dd-acaf-0018de038e3f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\{7fcfe394-6a6a-11df-aed5-0018de038e3f}\Shell - "" = AutoRun
    O33 - MountPoints2\{7fcfe394-6a6a-11df-aed5-0018de038e3f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{7fcfe394-6a6a-11df-aed5-0018de038e3f}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe /z detect
    O33 - MountPoints2\{7fcfe398-6a6a-11df-aed5-0018de038e3f}\Shell - "" = AutoRun
    O33 - MountPoints2\{7fcfe398-6a6a-11df-aed5-0018de038e3f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{7fcfe398-6a6a-11df-aed5-0018de038e3f}\Shell\AutoRun\command - "" = G:\VZAccess_Manager.exe /z detect
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/02/13 08:29:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/02/13 08:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/02/13 08:29:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/02/13 08:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/02/12 20:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
    [2011/02/12 20:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2011/02/12 20:37:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WALKMAN Guide
    [2011/02/12 20:37:50 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Real
    [2011/02/12 20:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AvantGo Client
    [2011/02/12 20:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
    [2011/02/12 12:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\BPMDesktop
    [2011/02/11 20:48:25 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/02/11 13:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET(2)
    [2011/02/11 11:41:32 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.ChrisNotebook\Desktop\OTL.exe
    [2011/02/09 11:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2011/02/08 07:05:24 | 000,000,000 | ---D | C] -- C:\SwSetup
    [2011/02/08 06:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia(2)
    [2011/01/26 08:08:59 | 000,000,000 | ---D | C] -- C:\lurking
    [2011/01/26 07:55:16 | 000,000,000 | ---D | C] -- C:\zork3
    [2011/01/26 07:55:01 | 000,000,000 | ---D | C] -- C:\zork2
    [2011/01/25 13:08:11 | 000,000,000 | ---D | C] -- C:\zork1
    [2011/01/24 16:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
    [2011/01/21 08:44:37 | 000,439,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
    [6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/02/13 08:29:05 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/02/13 08:27:51 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011/02/13 08:24:45 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/02/13 08:24:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/02/13 08:24:00 | 2137,182,208 | -HS- | M] () -- C:\hiberfil.sys
    [2011/02/13 08:13:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/02/13 08:11:30 | 000,158,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/02/12 22:01:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/02/12 21:05:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/02/12 18:04:39 | 000,025,698 | ---- | M] () -- C:\Documents and Settings\Owner.ChrisNotebook\Desktop\SystemLook.zip
    [2011/02/11 11:41:34 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.ChrisNotebook\Desktop\OTL.exe
    [2011/02/09 11:44:57 | 000,005,000 | ---- | M] () -- C:\Documents and Settings\Owner.ChrisNotebook\Desktop\Attach.zip
    [2011/02/07 14:06:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/02/02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
    [2011/01/21 08:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
    [2011/01/21 08:44:37 | 000,439,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll

    ========== Files Created - No Company Name ==========

    [2011/02/13 08:29:05 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/02/12 20:30:34 | 2137,182,208 | -HS- | C] () -- C:\hiberfil.sys
    [2011/02/12 18:04:39 | 000,025,698 | ---- | C] () -- C:\Documents and Settings\Owner.ChrisNotebook\Desktop\SystemLook.zip
    [2011/02/09 11:44:57 | 000,005,000 | ---- | C] () -- C:\Documents and Settings\Owner.ChrisNotebook\Desktop\Attach.zip
    [2010/03/11 07:05:29 | 000,008,780 | ---- | C] () -- C:\Documents and Settings\Owner.ChrisNotebook\Application Data\ReplayMusicLog.log
    [2009/09/22 11:28:14 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2009/01/09 14:36:12 | 000,000,094 | ---- | C] () -- C:\WINDOWS\family.ini
    [2008/09/05 14:25:02 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
    [2008/06/05 15:18:55 | 000,000,263 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2008/04/19 20:08:55 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2008/04/15 15:46:53 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
    [2006/12/05 14:12:37 | 000,000,039 | ---- | C] () -- C:\WINDOWS\EXNUM.INI
    [2006/12/03 10:54:52 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\Owner.ChrisNotebook\Application Data\ViewerApp.dat
    [2006/11/22 12:17:00 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
    [2006/11/08 16:15:00 | 000,001,410 | ---- | C] () -- C:\Documents and Settings\Owner.ChrisNotebook\Application Data\wklnhst.dat
    [2006/11/02 12:50:56 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
    [2006/11/02 12:50:56 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
    [2006/10/31 21:32:55 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner.ChrisNotebook\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/10/31 17:19:18 | 000,000,813 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
    [2006/10/31 17:19:18 | 000,000,029 | ---- | C] () -- C:\WINDOWS\videoimp.ini
    [2006/10/31 17:19:10 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
    [2006/10/31 16:11:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
    [2006/10/28 08:45:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
    [2006/10/22 19:50:51 | 000,000,167 | ---- | C] () -- C:\WINDOWS\game.ini
    [2006/10/20 19:58:07 | 000,111,376 | ---- | C] () -- C:\WINDOWS\System32\expat.dll
    [2006/10/20 19:58:07 | 000,040,352 | ---- | C] () -- C:\WINDOWS\System32\agcrypto.dll
    [2006/10/20 19:10:53 | 000,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
    [2006/10/17 15:46:27 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
    [2006/10/17 15:42:44 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2006/10/16 13:01:19 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Owner.ChrisNotebook\Local Settings\Application Data\fusioncache.dat
    [2006/10/15 18:27:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
    [2006/10/15 15:38:12 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2006/09/18 17:09:10 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
    [2006/09/18 16:56:42 | 000,000,494 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/06/21 03:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/06/17 03:24:58 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2006/06/17 03:24:57 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
    [2006/06/16 20:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/08/05 22:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2004/01/14 10:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
    [2002/11/26 21:12:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
    [2002/11/26 21:12:00 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
    [2002/11/26 21:11:42 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
    [2002/11/26 21:11:38 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
    [2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

    < End of report >

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5753

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.11

    2/13/2011 8:35:19 AM
    mbam-log-2011-02-13 (08-35-19).txt

    Scan type: Quick scan
    Objects scanned: 175853
    Time elapsed: 5 minute(s), 1 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    I think I'll keep ATF and use it every couple of months to keep things cleaned out.
  4. 2011-02-13, 16:59 #34
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Your log looks fine . Did you have your flash drive plugged in when you ran the scan ?

    ATF Cleaner is a great freebee, I run it on my systems about once a week. If you depend on cookies to access certain sites that data will be lost if you check cookies so what I do is check the box for Select All and then uncheck cookies
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  5. 2011-02-13, 17:26 #35
    chayes001
    chayes001 is offline
    Member
    Join Date
    Dec 2008
    Location
    St.Joseph, Mo.
    Posts
    62

    Default

    I do have a flashdrive but just to be safe I formatted it yesterday. I've downloaded Comodo's firewall. The firewall tests (provided by a link on this site) looked very impressive. I've used it in the past but I don't remember why I stopped, perhaps I didn't understand the settings well enough that it may have been keeping me from some of my important sites. Anyway, I'm going to install it and spend some time in the Help files and instructions to get better acquainted with it.

    I'll remember the cookies when using ATF, it'd probably be good to keep those for my banking and billpay sites.
  6. 2011-02-13, 20:21 #36
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Great, glad things are well, any problems in the future please post back.




    Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups






    Safe Surfn
    Ken
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  7. 2011-02-17, 10:20 #37
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules