Multiple problems - Opachki.ru & Realplayer

Status
Not open for further replies.
Wow, I didn't realize the real player was so embedded in your system, this can be a very difficult fix. You did say you uninstalled Real Player through Add Remove Programs in the Control Panel ???? If you did, the uninstall left all this garbage behind.

Download CKScanner
  • Important - Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
 
Sorry for the double post, the forum is giving me fits. I had to remove what you posted so I could reply

Run this scan please

Download CKScanner
  • Important - Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
 
Hey Ken,
The Forum shows that you made a reply several minutes ago but I'm not seeing it. I don't know what's up. I logged out of the Forum, shut down Firefox and then logged back in but I'm still not seeing your reply.
 
Disregard the last post about not seeing your reply. I must have been trying to access it while you were responding. I'll download CKScanner and be right back.
 
OK,

This was a pretty short list:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\owner.chrisnotebook\my documents\my music\hootie & the blowfish\cracked rear view\desktop.ini
c:\documents and settings\owner.chrisnotebook\my documents\my music\lisa loeb\firecracker\desktop.ini
scanner sequence 3.LB.11
----- EOF -----
 
You did say you uninstalled Real Player through Add Remove Programs in the Control Panel ????

I think what I would do is to post in the Real Player forum since we just do malware removal on this one, RP is embedded in your system so much it can be a difficult task to remove it all.

http://www.forumjar.com/forums/RealPlayer

Post back and let me know if they helped you, there are other forums if you need one
 
OK Ken,

Thanks so much. I did remove Real Player last week. I can't honestly say where I got it from, it may have been bundled in with my MP3 Player but, needless to say, I'll never go close to Real Player again. Thanks again and I'll get back to you with the results.

Will the Real Player Forum need any of these logs or will they request their own?
 
Ken,
I'd like to ask one last question. One of the scans showed the location of TkBell.exe in the Registry. I've used regedit VERY occasionally but am not entirely competent in it's use. What would be the probability of harming my system if I opened regedit and deleted those two keys? Or would you advise against it?
 
Well, when you post at the Real Player forum its won't be malware related so no need for the logs.

As as far as editing the registry, if you make a mistake you can make your system unbootable. Leave those two entries be for the time being

You can give this a try

Backup Your Registry with ERUNT:
  • Download erunt.zip to your Desktop from here:
    http://aumha.org/downloads/erunt.zip
  • Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
  • Inside the new folder, double-click ERUNT.exe to start the program
  • OK all the prompts to back up your registry to the default location.
Note: to restore your registry, go to the backup folder and start ERDNT.exe



Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)



:Services

:Reg

:Files
C:\Program Files\Common Files\Real\Update_OB\realsched.exe



:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces.
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
 
Hey Ken,

What I've done may be unorthodox but it seems to have worked so far. I restored to a point near the first of the year. This was before I updated Real Player (as recommended by WinPatrol) and began having problems. I went to Add/Delete Programs and uninstalled Real Player and followed up by deleting all of the associated folders in Documents & Settings and Program Files. I then rebooted and opened WinPatrol in the "Startup" tab and TkBell.exe was not present!! That doesn't mean that it's not still in registry but it's not active. I'm going to delete all the restore points up to today from this current restore. I realize that I may have restored whatever virus that I may have had and will scan heavily with MBAM, Avira & ESET very soon but a virus seems to be much easier to deal with than Real Player. If I have additional problems with a virus I'll log back on and wait my turn.

I Thank You so very much for your patience and expertise.

Chris
 
Chris,

Not a problem, whatever works. Just make sure you have System Restore turned on and have created a new restore point because in case of disaster a bad restore point is better than no restore point.

We can keep this thread open, do this

1. Run ATF cleaner
2. Update and run Malwarebytes and post the log
3. Redownload OTL and run a new scan and post the log
 
Hey Ken,
Everything seems to be going well. When I brought my laptop up this morning I rechecked WinPatrol Startup for TkBell.exe and it's not there. I did have a problem with Malwarebytes after the restore. When I changed tabs to select update or scan it wouldn't refresh so text and buttons were overlapping each other. I uninstalled MBAM, rebooted then redownloaded and reinstalled. It's operating correctly now and updated. ATF cleaned >12 Mb. Here are the logs:

OTL logfile created on: 2/13/2011 8:36:59 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Owner.ChrisNotebook\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.20 Gb Total Space | 74.23 Gb Free Space | 52.20% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.64 Gb Free Space | 68.02% Space Free | Partition Type: FAT32

Computer Name: CHRISNOTEBOOK | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/11 11:41:34 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.ChrisNotebook\Desktop\OTL.exe
PRC - [2010/12/09 20:39:26 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/08/02 16:10:02 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/02 16:09:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/05/28 05:04:52 | 000,911,920 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe
PRC - [2010/01/14 22:11:02 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/01/13 16:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/10/09 09:52:54 | 000,333,120 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2008/09/16 12:16:08 | 001,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/03 18:28:08 | 001,392,640 | R--- | M] (PalmSource, Inc) -- C:\Program Files\palmOne\Hotsync.exe
PRC - [2007/11/01 13:00:50 | 000,794,624 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/11/01 12:51:34 | 000,995,328 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/11/01 12:47:08 | 001,101,824 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/11/01 12:42:52 | 000,659,456 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/11/01 12:40:04 | 001,183,744 | -H-- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/11/01 12:35:40 | 000,483,328 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/04/04 10:30:43 | 000,068,856 | -H-- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/03/15 17:16:42 | 000,454,784 | -H-- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2006/11/16 16:04:58 | 002,348,584 | -H-- | M] (BigFix Inc.) -- C:\Program Files\BigFix\bigfix.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/09/18 17:03:47 | 000,172,032 | -H-- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/05/23 20:22:36 | 000,573,440 | -H-- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | -H-- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/12/27 09:20:14 | 000,413,696 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/12 13:30:42 | 000,139,264 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/10/12 13:30:24 | 000,086,140 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2004/11/26 06:42:10 | 000,812,032 | -H-- | M] (Ahead Software AG) -- C:\Program Files\ahead\InCD\InCDsrv.exe
PRC - [2004/11/11 19:50:15 | 000,212,992 | -H-- | M] (Ahead Software) -- C:\Program Files\ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe
PRC - [2004/11/05 08:47:00 | 000,098,394 | -H-- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (SafeList) ==========

MOD - [2011/02/11 11:41:34 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.ChrisNotebook\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/10/09 09:53:03 | 000,062,776 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2004/11/05 08:47:00 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/09 20:39:26 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/02 16:10:02 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/11/01 13:00:50 | 000,794,624 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007/11/01 12:40:04 | 001,183,744 | -H-- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2007/11/01 12:35:40 | 000,483,328 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/03 18:19:58 | 000,013,592 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/09/18 17:03:47 | 000,172,032 | -H-- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2006/03/30 09:15:44 | 000,096,341 | -H-- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/10/12 13:30:24 | 000,086,140 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R)
SRV - [2004/11/26 06:42:10 | 000,812,032 | -H-- | M] (Ahead Software AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)


========== Driver Services (SafeList) ==========

DRV - [2010/12/21 14:45:51 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/22 13:55:30 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:14 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/28 05:04:52 | 000,014,896 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/03/10 18:53:33 | 000,033,848 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD) SoundTap Recorder (32 Bit)
DRV - [2009/04/28 14:20:06 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2009/04/28 14:20:06 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/15 12:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/01/04 19:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/12/06 08:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/10/31 09:23:20 | 002,236,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/08/27 10:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/03/22 11:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 11:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/07/31 06:44:00 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov550i.sys -- (APL531)
DRV - [2006/06/15 14:28:04 | 001,179,784 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/23 20:30:06 | 000,893,952 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005/12/05 01:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/10/12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS -- (iaStor)
DRV - [2005/09/21 01:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/02/01 12:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/11/26 13:36:24 | 000,098,176 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2004/11/26 13:36:06 | 000,028,928 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2004/11/26 06:36:02 | 000,027,648 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2004/11/05 08:47:00 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/04/13 17:03:46 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/07/16 00:27:40 | 000,043,264 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/05/14 12:42:56 | 000,021,216 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2003/05/14 12:42:50 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2003/05/14 12:42:48 | 000,005,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2003/05/14 12:42:44 | 000,044,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 22:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 22:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 22:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 22:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 22:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 21:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 21:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 21:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 21:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 21:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 21:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 21:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 21:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 21:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 21:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?.partner=sbc&.done=http://sbc.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://login.yahoo.com/config/login_verify2?&.src=ym"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/08 07:29:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/12 20:46:49 | 000,000,000 | ---D | M]

[2008/12/16 13:01:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.ChrisNotebook\Application Data\Mozilla\Extensions
[2011/02/12 20:39:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.ChrisNotebook\Application Data\Mozilla\Firefox\Profiles\l1888blv.default\extensions
[2010/12/29 09:27:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner.ChrisNotebook\Application Data\Mozilla\Firefox\Profiles\l1888blv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/02/12 20:39:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/20 15:00:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/20 15:00:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/01 06:50:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/12/20 15:00:33 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/13 16:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2009/01/09 13:27:58 | 000,000,141 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe (Fellowes, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [NBJ] C:\Program Files\ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe (Ahead Software)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk = C:\Program Files\BigFix\bigfix.exe (BigFix Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\Owner.ChrisNotebook\Start Menu\Programs\Startup\IMVU.lnk = File not found
O4 - Startup: C:\Documents and Settings\Owner.ChrisNotebook\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: chase.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: city-cu.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: excelsior.edu ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: gotomycard.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mycreditkeeper.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: spybot.info ([forums] https in Trusted sites)
O15 - HKCU\..Trusted Domains: spywarewarrior.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sri.com ([mtc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([login] https in Trusted sites)
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab (VerifyGMN Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gateway.com/support/serialharvest/gwCID.CAB (compid Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.104 192.168.0.100 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.ChrisNotebook\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.ChrisNotebook\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (indows.common-controls_6595b641) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/12 14:02:32 | 000,040,149 | ---- | M] () - C:\AutoEnginuity.log -- [ NTFS ]
O32 - AutoRun File - [2006/12/03 10:14:04 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{18f976aa-bd60-11dd-acaf-0018de038e3f}\Shell - "" = AutoRun
O33 - MountPoints2\{18f976aa-bd60-11dd-acaf-0018de038e3f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{18f976aa-bd60-11dd-acaf-0018de038e3f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{7fcfe394-6a6a-11df-aed5-0018de038e3f}\Shell - "" = AutoRun
O33 - MountPoints2\{7fcfe394-6a6a-11df-aed5-0018de038e3f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7fcfe394-6a6a-11df-aed5-0018de038e3f}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{7fcfe398-6a6a-11df-aed5-0018de038e3f}\Shell - "" = AutoRun
O33 - MountPoints2\{7fcfe398-6a6a-11df-aed5-0018de038e3f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7fcfe398-6a6a-11df-aed5-0018de038e3f}\Shell\AutoRun\command - "" = G:\VZAccess_Manager.exe /z detect
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/13 08:29:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/13 08:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/13 08:29:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/13 08:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/12 20:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/02/12 20:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/02/12 20:37:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WALKMAN Guide
[2011/02/12 20:37:50 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Real
[2011/02/12 20:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AvantGo Client
[2011/02/12 20:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2011/02/12 12:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\BPMDesktop
[2011/02/11 20:48:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/11 13:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET(2)
[2011/02/11 11:41:32 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.ChrisNotebook\Desktop\OTL.exe
[2011/02/09 11:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/02/08 07:05:24 | 000,000,000 | ---D | C] -- C:\SwSetup
[2011/02/08 06:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia(2)
[2011/01/26 08:08:59 | 000,000,000 | ---D | C] -- C:\lurking
[2011/01/26 07:55:16 | 000,000,000 | ---D | C] -- C:\zork3
[2011/01/26 07:55:01 | 000,000,000 | ---D | C] -- C:\zork2
[2011/01/25 13:08:11 | 000,000,000 | ---D | C] -- C:\zork1
[2011/01/24 16:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2011/01/21 08:44:37 | 000,439,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/13 08:29:05 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/13 08:27:51 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/02/13 08:24:45 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/13 08:24:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/13 08:24:00 | 2137,182,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/13 08:13:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/13 08:11:30 | 000,158,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/12 22:01:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/12 21:05:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/12 18:04:39 | 000,025,698 | ---- | M] () -- C:\Documents and Settings\Owner.ChrisNotebook\Desktop\SystemLook.zip
[2011/02/11 11:41:34 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.ChrisNotebook\Desktop\OTL.exe
[2011/02/09 11:44:57 | 000,005,000 | ---- | M] () -- C:\Documents and Settings\Owner.ChrisNotebook\Desktop\Attach.zip
[2011/02/07 14:06:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/01/21 08:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2011/01/21 08:44:37 | 000,439,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll

========== Files Created - No Company Name ==========

[2011/02/13 08:29:05 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/12 20:30:34 | 2137,182,208 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/12 18:04:39 | 000,025,698 | ---- | C] () -- C:\Documents and Settings\Owner.ChrisNotebook\Desktop\SystemLook.zip
[2011/02/09 11:44:57 | 000,005,000 | ---- | C] () -- C:\Documents and Settings\Owner.ChrisNotebook\Desktop\Attach.zip
[2010/03/11 07:05:29 | 000,008,780 | ---- | C] () -- C:\Documents and Settings\Owner.ChrisNotebook\Application Data\ReplayMusicLog.log
[2009/09/22 11:28:14 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/01/09 14:36:12 | 000,000,094 | ---- | C] () -- C:\WINDOWS\family.ini
[2008/09/05 14:25:02 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/06/05 15:18:55 | 000,000,263 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/19 20:08:55 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/15 15:46:53 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2006/12/05 14:12:37 | 000,000,039 | ---- | C] () -- C:\WINDOWS\EXNUM.INI
[2006/12/03 10:54:52 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\Owner.ChrisNotebook\Application Data\ViewerApp.dat
[2006/11/22 12:17:00 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/11/08 16:15:00 | 000,001,410 | ---- | C] () -- C:\Documents and Settings\Owner.ChrisNotebook\Application Data\wklnhst.dat
[2006/11/02 12:50:56 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/02 12:50:56 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/10/31 21:32:55 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner.ChrisNotebook\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/31 17:19:18 | 000,000,813 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2006/10/31 17:19:18 | 000,000,029 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2006/10/31 17:19:10 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/10/31 16:11:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2006/10/28 08:45:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/10/22 19:50:51 | 000,000,167 | ---- | C] () -- C:\WINDOWS\game.ini
[2006/10/20 19:58:07 | 000,111,376 | ---- | C] () -- C:\WINDOWS\System32\expat.dll
[2006/10/20 19:58:07 | 000,040,352 | ---- | C] () -- C:\WINDOWS\System32\agcrypto.dll
[2006/10/20 19:10:53 | 000,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2006/10/17 15:46:27 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/10/17 15:42:44 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/10/16 13:01:19 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Owner.ChrisNotebook\Local Settings\Application Data\fusioncache.dat
[2006/10/15 18:27:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/10/15 15:38:12 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/18 17:09:10 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2006/09/18 16:56:42 | 000,000,494 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/21 03:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/17 03:24:58 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 03:24:57 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/16 20:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 22:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/14 10:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2002/11/26 21:12:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2002/11/26 21:12:00 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2002/11/26 21:11:42 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2002/11/26 21:11:38 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5753

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

2/13/2011 8:35:19 AM
mbam-log-2011-02-13 (08-35-19).txt

Scan type: Quick scan
Objects scanned: 175853
Time elapsed: 5 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I think I'll keep ATF and use it every couple of months to keep things cleaned out.
 
Your log looks fine . Did you have your flash drive plugged in when you ran the scan ?

ATF Cleaner is a great freebee, I run it on my systems about once a week. If you depend on cookies to access certain sites that data will be lost if you check cookies so what I do is check the box for Select All and then uncheck cookies
 
I do have a flashdrive but just to be safe I formatted it yesterday. I've downloaded Comodo's firewall. The firewall tests (provided by a link on this site) looked very impressive. I've used it in the past but I don't remember why I stopped, perhaps I didn't understand the settings well enough that it may have been keeping me from some of my important sites. Anyway, I'm going to install it and spend some time in the Help files and instructions to get better acquainted with it.

I'll remember the cookies when using ATF, it'd probably be good to keep those for my banking and billpay sites.
 
Great, glad things are well, any problems in the future please post back.




Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups





Safe Surfn
Ken
 
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
 
Status
Not open for further replies.
Back
Top