Having a few Issues

Leo Ali · July 2, 2010

Hello, I am having some trouble and some strange symptoms with my laptop. I fell behind with updating spywareblaster/spybot/malwarebytes and believe my firefox browser got hijacked as it seemed to get redirected to 'marthastewart.com' from certain google links. After an Avast! scan, and scans/updates w/ all of the mentioned programs (and finding lots of malware) windows seems to get stuck upon startup. It loads normally after initial BIOS screens, and after I enter my password I get a completely black screen but with a working mouse (I can freely move around the arrow...); this lasts for about 2-3 mins. before windows resumes normally. My CPU usage stays in the 50% range also for a couple of minutes after, and then descends to normal range (staying below 5% now). HJT log posted below, any help would be great, thank you in advance.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:53:45 PM, on 7/1/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe

C:\Program Files (x86)\RocketDock\RocketDock.exe

C:\Program Files\Avast4\ashDisp.exe

C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe

C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Lenny\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [avast!] "C:\Program Files\Avast4\ashDisp.exe"

O4 - HKLM\..\Run: [blackArmorBackupMonitor.exe] C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Acronis System Backup (acrosysbackup_ex4bEOVSq1JI) - Unknown owner - C:\windows\system32\wirepots.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe

O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: Windows System Backup Dumper (winbackupdumper-id194bEOVSq1JI) - Unknown owner - C:\windows\system32\mousenh32.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

--

End of file - 8797 bytes

GT500 · July 2, 2010

Please run OTL by following the instructions below:

Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run').
Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes.
- When the scan completes, it will open two Notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL (which should be on your desktop).
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in. Note that you can also attach the OTListIt and Extras files to your reply.

Leo Ali · July 2, 2010

OTL logfile created on: 7/2/2010 7:51:59 PM - Run 1

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Lenny\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 71.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 287.57 Gb Total Space | 121.08 Gb Free Space | 42.10% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive Z: | 914.26 Gb Total Space | 612.44 Gb Free Space | 66.99% Space Free | Partition Type: NTFS

Computer Name: LENNY-TOSHIBA

Current User Name: Lenny

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/02 19:51:05 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Lenny\Desktop\OTL.exe

PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2009/11/24 19:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashDisp.exe

PRC - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashServ.exe

PRC - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashMaiSv.exe

PRC - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashWebSv.exe

PRC - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\aswUpdSv.exe

PRC - [2009/07/23 16:36:58 | 000,963,784 | ---- | M] (Seagate) -- C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe

PRC - [2009/07/23 16:32:00 | 000,376,272 | ---- | M] (Seagate) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe

PRC - [2009/07/23 16:18:04 | 004,352,960 | ---- | M] (Seagate) -- C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe

PRC - [2009/07/14 22:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe

PRC - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe

PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe

========== Modules (SafeList) ==========

MOD - [2010/07/02 19:51:05 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Lenny\Desktop\OTL.exe

MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

MOD - [2007/09/02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Avast4\ashServ.exe -- (avast! Antivirus)

SRV:64bit: - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)

SRV:64bit: - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Avast4\ashWebSv.exe -- (avast! Web Scanner)

SRV:64bit: - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Avast4\aswUpdSv.exe -- (aswUpdSv)

SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV:64bit: - [2009/08/11 19:10:48 | 000,252,272 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

SRV:64bit: - [2009/08/05 17:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2009/08/04 14:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)

SRV:64bit: - [2009/08/03 21:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/05/28 18:08:12 | 000,008,704 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\wirepots.exe -- (acrosysbackup_ex4bEOVSq1JI)

SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/10/27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2009/08/17 13:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2009/08/10 22:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)

SRV - [2009/07/23 16:33:16 | 000,826,352 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)

SRV - [2009/07/14 22:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)

SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)

SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)

SRV - [2009/07/13 16:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)

SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/26 17:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)

DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010/03/04 13:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/12/20 10:22:42 | 001,581,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)

DRV:64bit: - [2009/12/20 10:22:40 | 000,926,752 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)

DRV:64bit: - [2009/12/20 10:22:32 | 000,237,600 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)

DRV:64bit: - [2009/12/08 19:49:28 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)

DRV:64bit: - [2009/12/08 18:42:10 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2009/11/24 19:50:25 | 000,089,680 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2009/11/24 19:50:05 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2009/11/24 19:49:56 | 000,065,616 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2009/11/24 19:49:10 | 000,053,840 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2009/11/24 19:49:00 | 000,027,216 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)

DRV:64bit: - [2009/08/27 11:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/08/07 08:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/08/05 22:04:06 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009/07/24 18:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)

DRV:64bit: - [2009/07/20 20:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 17:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)

DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)

DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009/06/10 16:35:46 | 000,427,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187Se.sys -- (RTL8187Se)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)

DRV:64bit: - [2008/07/10 19:20:16 | 000,021,504 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)

DRV - [2009/06/10 17:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)

DRV - [2009/06/10 17:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.54

FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2

FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949

FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.97

FF - prefs.js..extensions.enabledItems: optout@dubfire.net:3.02

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/01/04 22:37:51 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/01 19:12:49 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/01 19:12:49 | 000,000,000 | ---D | M]

[2010/01/12 23:27:46 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Mozilla\Extensions

[2010/01/12 23:27:46 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Mozilla\Extensions\MediaCoder

[2010/07/01 20:26:40 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions

[2010/06/24 20:02:07 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2009/12/19 12:10:03 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}

[2010/06/26 14:26:25 | 000,000,000 | ---D | M] (Hyperwords) -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\{9A752782-D706-479b-98F8-3F66BF921692}

[2010/02/22 18:19:33 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}

[2010/02/11 18:41:37 | 000,000,000 | ---D | M] (Answers) -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}

[2010/05/01 10:38:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/02/22 18:19:34 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\noia2_option@kk.noia

[2010/06/19 20:41:26 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\optout@dubfire.net

[2010/06/19 20:41:08 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\piclens@cooliris.com

[2010/06/19 20:41:08 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\extensions\piclens@cooliris.com-trash

[2010/03/13 09:18:48 | 000,004,440 | ---- | M] () -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\searchplugins\hyperwords.xml

[2009/11/27 18:54:02 | 000,004,153 | ---- | M] () -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\tbjxnrj0.default\searchplugins\youtube.xml

[2010/07/01 20:26:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/06/13 00:43:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/06/13 00:43:48 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/03/18 17:07:41 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2010/06/29 20:26:29 | 001,005,927 | R--- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 fr.a2dfp.net

O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net

O1 - Hosts: 127.0.0.1 ad.a8.net

O1 - Hosts: 127.0.0.1 asy.a8ww.net

O1 - Hosts: 127.0.0.1 adserver.abv.bg

O1 - Hosts: 127.0.0.1 adv.abv.bg

O1 - Hosts: 127.0.0.1 bimg.abv.bg

O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua

O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com

O1 - Hosts: 127.0.0.1 accuserveadsystem.com

O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com

O1 - Hosts: 127.0.0.1 achmedia.com

O1 - Hosts: 127.0.0.1 aconti.net

O1 - Hosts: 127.0.0.1 secure.aconti.net

O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]

O1 - Hosts: 127.0.0.1 ads.active.com

O1 - Hosts: 127.0.0.1 am1.activemeter.com

O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]

O1 - Hosts: 127.0.0.1 ads.activepower.net

O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]

O1 - Hosts: 127.0.0.1 ad2games.com

O1 - Hosts: 127.0.0.1 cms.ad2click.nl

O1 - Hosts: 127.0.0.1 ads.ad2games.com

O1 - Hosts: 127.0.0.1 content.ad20.net

O1 - Hosts: 29900 more lines...

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [] File not found

O4:64bit: - HKLM..\Run: [seagate Scheduler2 Service] C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe (Seagate)

O4 - HKLM..\Run: [avast!] C:\Program Files\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [blackArmorBackupMonitor.exe] C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe (Seagate)

O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O30:64bit: - LSA: Security Packages - (livessp) - C:\windows\SysNative\livessp.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\windows\SysWow64\livessp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/02 19:51:02 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Lenny\Desktop\OTL.exe

[2010/06/29 20:27:04 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\WinPatrol

[2010/06/29 20:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios

[2010/06/28 20:31:33 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\GEARAspi64.dll

[2010/06/28 20:31:33 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysWow64\GEARAspi.dll

[2010/06/28 20:31:33 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys

[2010/06/28 20:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/06/28 20:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/06/28 20:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2010/06/28 20:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

[2010/06/28 20:30:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2010/06/28 20:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2010/06/28 20:29:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2010/06/28 20:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010/06/28 20:29:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2010/06/25 16:38:48 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dfshim.dll

[2010/06/25 16:38:48 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dfshim.dll

[2010/06/25 16:38:48 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationHost.exe

[2010/06/25 16:38:48 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationHost.exe

[2010/06/25 16:38:48 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationHostProxy.dll

[2010/06/25 16:38:48 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationHostProxy.dll

[2010/06/25 16:38:48 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netfxperf.dll

[2010/06/25 16:38:48 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netfxperf.dll

[2010/06/24 19:51:11 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll

[2010/06/24 19:51:03 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\CPFilters.dll

[2010/06/24 19:51:03 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\CPFilters.dll

[2010/06/24 19:51:02 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mpg2splt.ax

[2010/06/24 19:51:00 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msdri.dll

[2010/06/24 19:51:00 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MSNP.ax

[2010/06/24 19:51:00 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSNP.ax

[2010/06/24 19:51:00 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mpg2splt.ax

[2010/06/22 23:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro

[2010/06/22 23:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro

[2010/06/22 23:59:14 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\DAEMON Tools Pro

[2010/06/17 02:16:05 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\Abine

[2010/06/15 21:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco

[2010/06/15 21:05:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco

[2010/06/13 00:43:54 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll

[2010/06/13 00:43:54 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe

[2010/06/13 00:43:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe

[2010/06/13 00:43:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe

[2010/06/11 21:20:45 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll

[2010/06/11 21:20:45 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll

[2010/06/11 21:20:45 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll

[2010/06/11 21:20:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll

[2010/06/03 18:23:52 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Local\Microsoft Games

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/02 19:53:59 | 009,175,040 | -HS- | M] () -- C:\Users\Lenny\ntuser.dat

[2010/07/02 19:51:05 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Lenny\Desktop\OTL.exe

[2010/07/02 19:46:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2010/07/02 18:00:38 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/07/02 18:00:38 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/07/02 17:53:23 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT

[2010/07/02 17:53:10 | 3117,404,160 | -HS- | M] () -- C:\hiberfil.sys

[2010/07/02 17:52:27 | 001,434,854 | -H-- | M] () -- C:\Users\Lenny\AppData\Local\IconCache.db

[2010/07/01 19:24:57 | 000,007,606 | ---- | M] () -- C:\Users\Lenny\AppData\Local\Resmon.ResmonCfg

[2010/06/29 22:17:30 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2010/06/29 22:17:30 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2010/06/29 20:26:29 | 001,005,927 | R--- | M] () -- C:\windows\SysNative\drivers\etc\HOSTS

[2010/06/29 20:26:10 | 001,005,927 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20100629-202629.backup

[2010/06/26 18:55:04 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2010/06/17 02:20:08 | 000,000,120 | ---- | M] () -- C:\Users\Lenny\webct_upload_applet.properties

[2010/06/16 00:41:50 | 000,524,288 | -HS- | M] () -- C:\Users\Lenny\ntuser.dat{1f4a1b88-78ff-11df-a110-001e33fdc1e8}.TMContainer00000000000000000002.regtrans-ms

[2010/06/16 00:41:50 | 000,524,288 | -HS- | M] () -- C:\Users\Lenny\ntuser.dat{1f4a1b88-78ff-11df-a110-001e33fdc1e8}.TMContainer00000000000000000001.regtrans-ms

[2010/06/16 00:41:50 | 000,065,536 | -HS- | M] () -- C:\Users\Lenny\ntuser.dat{1f4a1b88-78ff-11df-a110-001e33fdc1e8}.TM.blf

[2010/06/13 00:43:48 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll

[2010/06/13 00:43:48 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe

[2010/06/13 00:43:48 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe

[2010/06/13 00:43:48 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe

[2010/06/11 21:41:50 | 000,343,832 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2010/06/07 21:43:31 | 3884,712,092 | ---- | M] () -- C:\Users\Lenny\Documents\TempImage.nrg

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/01 19:24:57 | 000,007,606 | ---- | C] () -- C:\Users\Lenny\AppData\Local\Resmon.ResmonCfg

[2010/06/17 21:18:14 | 971,911,168 | ---- | C] () -- C:\Users\Lenny\Desktop\ADOBE_ACROBAT_9_PRO_EXTENDED.iso

[2010/06/17 21:18:06 | 334,888,960 | ---- | C] () -- C:\Users\Lenny\Desktop\ACTIVATION & UPDATES.iso

[2010/06/16 00:37:03 | 000,524,288 | -HS- | C] () -- C:\Users\Lenny\ntuser.dat{1f4a1b88-78ff-11df-a110-001e33fdc1e8}.TMContainer00000000000000000002.regtrans-ms

[2010/06/16 00:37:03 | 000,524,288 | -HS- | C] () -- C:\Users\Lenny\ntuser.dat{1f4a1b88-78ff-11df-a110-001e33fdc1e8}.TMContainer00000000000000000001.regtrans-ms

[2010/06/16 00:37:02 | 000,065,536 | -HS- | C] () -- C:\Users\Lenny\ntuser.dat{1f4a1b88-78ff-11df-a110-001e33fdc1e8}.TM.blf

[2010/06/07 21:35:01 | 3884,712,092 | ---- | C] () -- C:\Users\Lenny\Documents\TempImage.nrg

[2010/05/28 18:08:12 | 000,038,912 | ---- | C] () -- C:\windows\SysWow64\wirepots.dll

[2010/05/12 19:49:43 | 000,165,376 | ---- | C] () -- C:\windows\SysWow64\unrar.dll

[2010/05/12 19:49:43 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini

[2010/05/12 19:49:42 | 000,881,664 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll

[2010/05/12 19:49:42 | 000,205,824 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll

[2010/05/12 19:49:40 | 000,085,504 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll

[2010/05/12 19:49:40 | 000,000,547 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll.manifest

[2009/12/08 18:54:29 | 000,000,039 | ---- | C] () -- C:\windows\Irremote.ini

[2009/12/08 18:03:21 | 000,000,000 | ---- | C] () -- C:\windows\ToDisc.INI

[2009/11/27 17:27:36 | 000,000,013 | RHS- | C] () -- C:\windows\SysWow64\drivers\fbd.sys

[2009/10/21 01:48:38 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI

[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll

[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

OTL Extras logfile created on: 7/2/2010 7:52:00 PM - Run 1

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Lenny\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 71.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 287.57 Gb Total Space | 121.08 Gb Free Space | 42.10% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive Z: | 914.26 Gb Total Space | 612.44 Gb Free Space | 66.99% Space Free | Partition Type: NTFS

Computer Name: LENNY-TOSHIBA

Current User Name: Lenny

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support

"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2

"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel

OTL.Txt

Extras.Txt

GT500 · July 3, 2010

Looks like it might just be a HOSTS file hijack.

Please download HostsExpert from the link below:

http://www.funkytoad.com/download/HostsXpert.zip

Install it, run it, and click the button that says "Restore MS Hosts File". Refer to the following screenshot to see what it looks like:

Leo Ali · July 3, 2010

Extracted the contents to my desktop, and ran the application. I got an error when I clicked to restore hosts file though (screenshot attached).

Leo Ali · July 3, 2010

I went to the filepath, and uncheck 'read-only' in the HOSTS file properties. The button to replace it worked fine this time.

Leo Ali · July 5, 2010

It seems as though the symptoms are gone, thank you very much for your help. Do you see anything else I should fix, are all of those unknown errors in the HJT log safe to leave that way?

GT500 · July 6, 2010

There is only one questionable thing that I see in your HijackThis log, but it is not malicious, and probably won't cause you any problems. It is the line below in bold:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

Other than that, the logs look pretty good. However, you may want to verify that everything is OK by running an online virus scan through ESET. Here are the steps:

Turn off your anti-virus software.
Click on this link.
Click on the "ESET Online Scanner" button.
Put a check in the box that says "YES, I accept the Terms of Use."
Click the 'Start' button just to the right of the checkbox.
Uncheck the box that says "Remove found threats" (this is very important).
Click on "Advanced settings".
Put a check in the box that says "Scan for potentially unsafe applications".
Verify that "Scan for potentially unwanted applications" is also checked.
Verify that "Enable Anti-Stealth technology" is also checked.
Click the 'Start' button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning.
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop, and then copy and paste it into a reply for me.
Close the ESET online scan.

I will take a look at the log, and let you know if anything needs removed.

Leo Ali · July 11, 2010

Sorry for the delayed response. Here are the list of threats found:

C:\Users\Lenny\pod332.exe a variant of Win32/Kryptik.FCW trojan

C:\Users\Lenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\42YNO55S\pod332[1].exe a variant of Win32/Kryptik.FCW trojan

C:\Windows\System32\wirepots.dll Win32/Agent.RID trojan

C:\Windows\System32\wirepots.exe Win32/Agent.RID trojan

C:\Windows\SysWOW64\wirepots.dll Win32/Agent.RID trojan

C:\Windows\SysWOW64\wirepots.exe Win32/Agent.RID trojan

GT500 · July 16, 2010

My apologies for the slow response.

Could you please upload the following two files to VirusTotal, and then copy and paste the address of the analysis of each file into a reply?

C:\Windows\System32\wirepots.dll
C:\Windows\System32\wirepots.exe

GT500 · July 22, 2010

I just realized that I forgot to give you a link to VirusTotal.

Click this link to go to VirusTotal, and upload those two files for analysis.

Leo Ali · July 24, 2010

I appreciate your continued help, no problem about the delayed response.

Here are the links-

wirepots.dll:

http://www.virustotal.com/analisis/22a61f3...c4d0-1279935030

wirepots.exe:

http://www.virustotal.com/analisis/8f78687...a201-1279935238

GT500 · July 27, 2010

1. Please download The Avenger (by Doug Swanson) from this link, and make sure to save it on your Desktop.

Right click on the Avenger.zip folder and select "Extract All..."
Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the CODE box below, and it will be pasted into The Avenger in a later step (if you do not know how to copy and paste, then there are instructions at this link):

Files to delete:
C:\Windows\System32\wirepots.dll
C:\Windows\System32\wirepots.exe

Note: the above code was created specifically for the person requesting assistance in this forum topic, and it is based entirely on the logs they supplied from their computer. No one else should attempt to run The Avenger with this script, as it may damage their computer!

3. Now, open the avenger folder on your desktop and start The Avenger program by double-clicking on its icon.

Please paste the contents of the CODE box above (which you should have already copied) into the white box in The Avenger (see example picture below).
Click on the Execute button in the low-right corner (see example picture below).
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

[*] It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)

[*] On reboot, it will briefly open a black command window on your desktop, this is normal.

[*] After the restart, it creates a log file that should open with the results of Avenger

Leo Ali · July 30, 2010

I completed the steps given, upon hitting 'execute' the program gives me the two prompts before restarting, but I get no black pop-up window after the restart and see no avenger.txt logfile in C:/. I ran it twice, the second time as admin.

GT500 · August 2, 2010

My apologies, I just remembered that you have a 64-bit edition of Windows, and The Avenger doesn't work on 64-bit editions of Windows.

I have written a cleanup script for OTL (if you need to, you may download OTL from this link).

Please copy the contents of the following CODE box, and in OTL under the Custom Scans/Fixes box at the bottom, paste in what you just copied from the following CODE box:

:OTL
SRV - [2010/05/28 18:08:12 | 000,008,704 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\wirepots.exe -- (acrosysbackup_ex4bEOVSq1JI)
[2010/05/28 18:08:12 | 000,038,912 | ---- | C] () -- C:\windows\SysWow64\wirepots.dll

:Services
acrosysbackup_ex4bEOVSq1JI

:Files
C:\Windows\SysWOW64\wirepots.exe

Then click the Run Fix button at the top.
Let the program run unhindered, restart your computer when it is done.
After your computer has restarted, please open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Leo Ali · August 3, 2010

After I did the custom scan Avast AV came up with two 'Virus Found' alerts, I deleted them through that application.

OTL logfile created on: 8/2/2010 9:01:17 PM - Run 2

OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Lenny\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 68.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 287.57 Gb Total Space | 131.67 Gb Free Space | 45.79% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive Z: | 914.26 Gb Total Space | 603.76 Gb Free Space | 66.04% Space Free | Partition Type: NTFS

Computer Name: LENNY-TOSHIBA

Current User Name: Lenny

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/02 20:45:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Lenny\Desktop\OTL.exe

PRC - [2010/07/23 22:14:48 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2010/07/23 22:14:48 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe