Jump to content

Pop ups


nydoc

Recommended Posts

Hello nydoc

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Please download Rootkit Unhooker and save it to your desktop.

  • Note since it is in rar format and if you do not have anyhting that will open it then you can download 7 zip and use it to extract the data it can be found
here:
Right click on the .rar file and choose extract files.
Double-click RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan
Check Drivers, Stealth Code, Files, and Code Hooks
Uncheck the rest, then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished then go File > Save Report
Save the report somewhere you can find it, typically your desktop. Click Close
Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

Hello nydoc

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Please download Rootkit Unhooker and save it to your desktop.

  • Note since it is in rar format and if you do not have anyhting that will open it then you can download 7 zip and use it to extract the data it can be found
here:
Right click on the .rar file and choose extract files.
Double-click RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan
Check Drivers, Stealth Code, Files, and Code Hooks
Uncheck the rest, then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished then go File > Save Report
Save the report somewhere you can find it, typically your desktop. Click Close
Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

OTL logfile created on: 11/22/2010 4:14:43 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Kenneth L Shapiro\Desktop

64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 87.89 Gb Total Space | 78.57 Gb Free Space | 89.39% Space Free | Partition Type: NTFS

Computer Name: KENNETH | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Kenneth L Shapiro\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temp\Ovs.exe ()

PRC - C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temp\Ovr.exe ()

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe (Apache Software Foundation)

PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Kenneth L Shapiro\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\SysWOW64\comres.dll (Microsoft Corporation)

MOD - C:\WINDOWS\SysWOW64\wbem\framedyn.dll (Microsoft Corporation)

MOD - C:\WINDOWS\SysWOW64\MSCTFIME.IME (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5FA17F4E\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (xmlprov) -- C:\WINDOWS\SysNative\xmlprov.dll File not found

SRV:64bit: - (WZCSVC) -- C:\WINDOWS\SysNative\wzcsvc.dll File not found

SRV:64bit: - (Wmi) -- C:\WINDOWS\SysNative\advapi32.dll File not found

SRV:64bit: - (UPS) -- C:\WINDOWS\SysNative\ups.exe File not found

SRV:64bit: - (UMWdf) -- C:\WINDOWS\SysNative\wdfmgr.exe File not found

SRV:64bit: - (TlntSvr) -- C:\WINDOWS\SysNative\tlntsvr.exe File not found

SRV:64bit: - (SysmonLog) -- C:\WINDOWS\SysNative\smlogsvc.exe File not found

SRV:64bit: - (srservice) -- C:\WINDOWS\SysNative\srsvc.dll File not found

SRV:64bit: - (SCardSvr) -- C:\WINDOWS\SysNative\SCardSvr.exe File not found

SRV:64bit: - (RDSessMgr) -- C:\WINDOWS\SysNative\sessmgr.exe File not found

SRV:64bit: - (PlugPlay) -- C:\WINDOWS\SysNative\services.exe File not found

SRV:64bit: - (NVSvc) -- C:\WINDOWS\SysNative\nvsvc64.exe File not found

SRV:64bit: - (NtmsSvc) -- C:\WINDOWS\SysNative\ntmssvc.dll File not found

SRV:64bit: - (NetDDEdsdm) -- C:\WINDOWS\SysNative\netdde.exe File not found

SRV:64bit: - (NetDDE) -- C:\WINDOWS\SysNative\netdde.exe File not found

SRV:64bit: - (mnmsrvc) -- C:\WINDOWS\SysNative\mnmsrvc.exe File not found

SRV:64bit: - (Messenger) -- C:\WINDOWS\SysNative\msgsvc.dll File not found

SRV:64bit: - (ImapiService) -- C:\WINDOWS\SysNative\imapi.exe File not found

SRV:64bit: - (HTTPFilter) -- C:\WINDOWS\SysNative\w3ssl.dll File not found

SRV:64bit: - (Eventlog) -- C:\WINDOWS\SysNative\services.exe File not found

SRV:64bit: - (ERSvc) -- C:\WINDOWS\SysNative\ersvc.dll File not found

SRV:64bit: - (dmserver) -- C:\WINDOWS\SysNative\dmserver.dll File not found

SRV:64bit: - (dmadmin) -- C:\WINDOWS\SysNative\dmadmin.exe File not found

SRV:64bit: - (ClipSrv) -- C:\WINDOWS\SysNative\clipsrv.exe File not found

SRV:64bit: - (CiSvc) -- C:\WINDOWS\SysNative\cisvc.exe File not found

SRV:64bit: - (AppMgmt) -- C:\WINDOWS\SysNative\appmgmts.dll File not found

SRV:64bit: - (Alerter) -- C:\WINDOWS\SysNative\alrsvc.dll File not found

SRV - (nSvcIp) -- C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)

SRV - (nSvcLog) -- C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation)

SRV - (ForcewareWebInterface) -- C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)

SRV - (helpsvc) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (UMWdf) -- C:\WINDOWS\SysWOW64\wdfmgr.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (wdmaud) -- C:\WINDOWS\SysNative\drivers\wdmaud.sys File not found

DRV:64bit: - (Update) -- C:\WINDOWS\SysNative\DRIVERS\update.sys File not found

DRV:64bit: - (sysaudio) -- C:\WINDOWS\SysNative\drivers\sysaudio.sys File not found

DRV:64bit: - (swmidi) -- C:\WINDOWS\SysNative\drivers\swmidi.sys File not found

DRV:64bit: - (sr) -- C:\WINDOWS\SysNative\DRIVERS\sr.sys File not found

DRV:64bit: - (splitter) -- C:\WINDOWS\SysNative\drivers\splitter.sys File not found

DRV:64bit: - (redbook) -- C:\WINDOWS\SysNative\DRIVERS\redbook.sys File not found

DRV:64bit: - (Raspti) -- C:\WINDOWS\SysNative\DRIVERS\raspti.sys File not found

DRV:64bit: - (Ptilink) -- C:\WINDOWS\SysNative\DRIVERS\ptilink.sys File not found

DRV:64bit: - (PSched) -- C:\WINDOWS\SysNative\DRIVERS\psched.sys File not found

DRV:64bit: - (nvnetbus) -- C:\WINDOWS\SysNative\DRIVERS\nvnetbus.sys File not found

DRV:64bit: - (NVENETFD) -- C:\WINDOWS\SysNative\DRIVERS\NVENETFD.sys File not found

DRV:64bit: - (nvata64) -- C:\WINDOWS\SysNative\DRIVERS\nvata64.sys File not found

DRV:64bit: - (nv) -- C:\WINDOWS\SysNative\DRIVERS\nv4_mini.sys File not found

DRV:64bit: - (MTsensor) -- C:\WINDOWS\SysNative\DRIVERS\ASACPI.sys File not found

DRV:64bit: - (kmixer) -- C:\WINDOWS\SysNative\drivers\kmixer.sys File not found

DRV:64bit: - (IPSec) -- C:\WINDOWS\SysNative\DRIVERS\ipsec.sys File not found

DRV:64bit: - (IpInIp) -- C:\WINDOWS\SysNative\DRIVERS\ipinip.sys File not found

DRV:64bit: - (Ip6Fw) -- C:\WINDOWS\SysNative\DRIVERS\Ip6Fw.sys File not found

DRV:64bit: - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\SysNative\drivers\RTKHDA64.SYS File not found

DRV:64bit: - (imapi) -- C:\WINDOWS\SysNative\DRIVERS\imapi.sys File not found

DRV:64bit: - (Gpc) -- C:\WINDOWS\SysNative\DRIVERS\msgpc.sys File not found

DRV:64bit: - (Ftdisk) -- C:\WINDOWS\SysNative\DRIVERS\ftdisk.sys File not found

DRV:64bit: - (dmload) -- C:\WINDOWS\SysNative\drivers\dmload.sys File not found

DRV:64bit: - (dmio) -- C:\WINDOWS\SysNative\drivers\dmio.sys File not found

DRV:64bit: - (dmboot) -- C:\WINDOWS\SysNative\drivers\dmboot.sys File not found

DRV:64bit: - (CdaD10BA) -- C:\WINDOWS\SysNative\DRIVERS\CdaD10BA.sys File not found

DRV:64bit: - (CdaC15BA) -- C:\WINDOWS\SysNative\DRIVERS\CdaC15BA.sys File not found

DRV:64bit: - (audstub) -- C:\WINDOWS\SysNative\DRIVERS\audstub.sys File not found

DRV:64bit: - (Atmarpc) -- C:\WINDOWS\SysNative\DRIVERS\atmarpc.sys File not found

DRV:64bit: - (aec) -- C:\WINDOWS\SysNative\drivers\aec.sys File not found

DRV - (mnmdd) -- C:\WINDOWS\SysWow64\mnmdd.dll (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ff [2010/06/25 09:48:01 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/15 11:58:08 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/19 14:08:07 | 000,000,000 | ---D | M]

[2010/11/15 11:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2010/11/15 11:58:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/11/15 11:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\akmev15y.default\extensions

[2010/11/22 10:04:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/10/28 15:19:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/06/25 09:48:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/09/02 08:21:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/10/28 15:19:16 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll

[2010/10/28 15:19:16 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll

[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/10/28 15:19:17 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll

[2010/11/06 11:37:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

[2010/10/06 16:03:29 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/10/06 16:03:29 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml

[2010/10/06 16:03:29 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/10/06 16:03:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml

[2010/10/06 16:03:29 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml

[2010/10/06 16:03:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/10/06 16:03:29 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

Hosts file not found

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SysNative\browseui.dll File not found

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SysNative\browseui.dll File not found

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SysNative\SHELL32.dll File not found

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\SysNative\NvCpl.DLL File not found

O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\SysNative\NvMcTray.DLL File not found

O4:64bit: - HKLM..\Run: [nwiz] File not found

O4:64bit: - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [skyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [soundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil10k_Plugin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SysNative\mswsock.dll File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SysNative\winrnr.dll File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SysNative\mswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SysNative\mswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SysNative\mswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SysNative\mswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SysNative\mswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SysNative\mswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SysWOW64\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} https://nrepf01.tenethealth.com/msrdp.cab (Microsoft RDP Client Control (redist))

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.253

O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found

O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SysNative\urlmon.dll File not found

O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SysNative\msvidctl.dll File not found

O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found

O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found

O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found

O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found

O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found

O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysNative\itss.dll File not found

O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found

O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found

O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found

O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SysNative\inetcomm.dll File not found

O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found

O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysNative\itss.dll File not found

O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found

O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SysNative\mshtml.dll File not found

O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SysNative\msvidctl.dll File not found

O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found

O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysNative\wiascr.dll File not found

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SysWOW64\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SysWOW64\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SysWOW64\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysWOW64\wiascr.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SysNative\urlmon.dll File not found

O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysNative\urlmon.dll File not found

O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysNative\urlmon.dll File not found

O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysNative\urlmon.dll File not found

O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SysNative\SHELL32.dll File not found

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe File not found

O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysNative\logonui.exe File not found

O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\SysWow64\shell32.dll (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: System - (lsass.exe) - File not found

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysWOW64\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\SysWow64\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\SysWow64\sysdm.cpl (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found

O20:64bit: - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found

O20:64bit: - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found

O20:64bit: - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found

O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found

O20:64bit: - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found

O20:64bit: - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found

O20:64bit: - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found

O20:64bit: - Winlogon\Notify\termsrv: DllName - Reg Error: Key error. - File not found

O20:64bit: - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\SysWow64\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\SysWow64\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\SysWow64\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - C:\WINDOWS\SysWow64\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\EFS: DllName - sclgntfy.dll - C:\WINDOWS\SysWow64\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\SysWow64\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found

O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SysNative\SHELL32.dll File not found

O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SysNative\SHELL32.dll File not found

O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysNative\stobject.dll File not found

O21:64bit: - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\SysNative\upnpui.dll File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SysNative\webcheck.dll File not found

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SysWOW64\webcheck.dll (Microsoft Corporation)

O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SysNative\browseui.dll File not found

O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SysNative\browseui.dll File not found

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Windows XP.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Windows XP.bmp

O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\SysWow64\shell32.dll (Microsoft Corporation)

O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\SysWow64\msapsspc.dll (Microsoft Corporation)

O29:64bit: - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)

O29:64bit: - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\SysWow64\digest.dll (Microsoft Corporation)

O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\SysWow64\msnsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\SysWow64\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\SysWow64\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\SysWow64\msnsspc.dll (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysWow64\kerberos.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (schannel) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysWow64\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysWow64\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysWow64\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/08/17 20:17:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/17 16:38:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2010/11/15 14:56:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010/11/15 12:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2010/11/15 12:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads

[2010/11/15 12:06:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys

[2010/11/15 12:06:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/11/15 12:06:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/11/15 11:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla

[2010/11/15 11:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/22 16:10:06 | 000,000,312 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

[2010/11/22 16:10:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\SysWow64\d3d9caps.dat

[2010/11/22 16:02:00 | 000,000,270 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job

[2010/11/22 15:36:07 | 000,000,312 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

[2010/11/22 09:53:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/19 14:08:07 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/11/15 17:31:01 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/15 15:59:33 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable

[2010/11/15 11:48:37 | 000,000,005 | ---- | M] () -- C:\WINDOWS\empz321

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/17 12:47:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\SysWow64\d3d9caps.dat

[2010/11/16 14:55:03 | 000,000,312 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

[2010/11/16 14:54:51 | 000,000,312 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

[2010/11/16 14:54:44 | 000,000,270 | -H-- | C] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job

[2010/11/15 15:59:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable

[2010/11/15 12:06:48 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/02/22 10:53:47 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini

[2010/01/11 16:12:50 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009/08/17 20:26:55 | 000,017,790 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2009/08/17 20:26:38 | 000,017,541 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009/08/17 20:26:33 | 000,012,536 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\ASUSHWIO.SYS

[2009/08/17 12:57:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2007/02/18 04:00:00 | 001,278,464 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll

[2007/02/18 04:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll

[2007/02/18 04:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll

[2007/02/18 04:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll

[2007/02/18 04:00:00 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll

[2007/02/18 04:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll

[2007/02/18 04:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll

[2007/02/18 04:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll

[2007/02/18 04:00:00 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll

[2007/02/18 04:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll

[2007/02/18 04:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll

[2007/02/18 04:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll

[2007/02/18 04:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll

[2007/02/18 04:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll

[2007/02/18 04:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll

[2007/02/18 04:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll

[2007/02/18 04:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll

[2007/02/18 04:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll

[2006/10/30 22:35:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\SysWow64\nview.dll

[2006/10/30 22:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\SysWow64\nvwimg.dll

[2006/10/30 22:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\SysWow64\nvapi.dll

========== LOP Check ==========

[2010/02/22 10:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICAClient

[2010/11/19 16:22:28 | 000,032,500 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt

[2010/11/22 16:10:06 | 000,000,312 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

[2010/11/22 16:02:00 | 000,000,270 | -H-- | M] () -- C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job

[2010/11/22 15:36:07 | 000,000,312 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========

OTL Extras logfile created on: 11/22/2010 4:14:43 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Kenneth L Shapiro\Desktop

64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 87.89 Gb Total Space | 78.57 Gb Free Space | 89.39% Space Free | Partition Type: NTFS

Computer Name: KENNETH | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found

exefile [open] -- "%1" %* File not found

htafile [open] -- "%1" %* File not found

htmlfile [edit] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 File not found

InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htafile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"24433:TCP" = 24433:TCP:*:Enabled:HTTPWeb

"20632:TCP" = 20632:TCP:*:Enabled:HTTPWeb

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found

"C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)

"C:\Program Files (x86)\Java\jre6\bin\javaw.exe" = C:\Program Files (x86)\Java\jre6\bin\javaw.exe:*:Enabled:javaw -- (Sun Microsystems, Inc.)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found

"C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)

"C:\Program Files (x86)\Java\jre6\bin\javaw.exe" = C:\Program Files (x86)\Java\jre6\bin\javaw.exe:*:Enabled:javaw -- (Sun Microsystems, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{3F873E63-1CA5-4bdb-A8C7-D97012496DE3}" = Canon MF6500 Series

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"ie8" = Windows Internet Explorer 8

"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 21

"{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}" = Citrix XenApp Plugin for Hosted Apps

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2

"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{9B4E6CB9-E54D-47F7-A414-E2D5740E1033}" = Nero 7 Essentials

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1

"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 11/15/2010 4:23:45 PM | Computer Name = KENNETH | Source = VSS | ID = 8211

Description =

Error - 11/15/2010 4:24:53 PM | Computer Name = KENNETH | Source = MsiInstaller | ID = 1008

Description = The installation of C:\Documents and Settings\Administrator\My Documents\Downloads\HiJackThis.msi

is not permitted due to an error in software restriction policy processing. The

object cannot be trusted.

Error - 11/15/2010 4:25:05 PM | Computer Name = KENNETH | Source = MsiInstaller | ID = 1008

Description = The installation of C:\Documents and Settings\Administrator\My Documents\Downloads\HiJackThis.msi

is not permitted due to an error in software restriction policy processing. The

object cannot be trusted.

Error - 11/15/2010 4:40:30 PM | Computer Name = KENNETH | Source = VSS | ID = 8211

Description =

Error - 11/15/2010 6:50:45 PM | Computer Name = KENNETH | Source = VSS | ID = 8211

Description =

Error - 11/15/2010 7:51:59 PM | Computer Name = KENNETH | Source = VSS | ID = 8211

Description =

Error - 11/15/2010 9:04:47 PM | Computer Name = KENNETH | Source = VSS | ID = 8211

Description =

Error - 11/19/2010 3:08:46 PM | Computer Name = KENNETH | Source = VSS | ID = 8211

Description =

Error - 11/19/2010 3:34:09 PM | Computer Name = KENNETH | Source = VSS | ID = 8211

Description =

Error - 11/19/2010 5:58:20 PM | Computer Name = KENNETH | Source = VSS | ID = 8211

Description =

[ System Events ]

Error - 11/19/2010 6:00:09 PM | Computer Name = KENNETH | Source = Service Control Manager | ID = 7001

Description = The DNS Client service depends on the TCP/IP Protocol Driver service

which failed to start because of the following error: %%31

Error - 11/19/2010 6:00:09 PM | Computer Name = KENNETH | Source = Service Control Manager | ID = 7001

Description = The TCP/IP NetBIOS Helper service depends on the AFD service which

failed to start because of the following error: %%31

Error - 11/19/2010 6:00:09 PM | Computer Name = KENNETH | Source = Service Control Manager | ID = 7001

Description = The Forceware Web Interface service depends on the AFD service which

failed to start because of the following error: %%31

Error - 11/19/2010 6:00:09 PM | Computer Name = KENNETH | Source = Service Control Manager | ID = 7001

Description = The IPSEC Services service depends on the IPSEC driver service which

failed to start because of the following error: %%31

Error - 11/19/2010 6:00:09 PM | Computer Name = KENNETH | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

AFD AmdK8 Fips i8042prt IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 11/19/2010 6:06:39 PM | Computer Name = KENNETH | Source = Service Control Manager | ID = 7000

Description = The VFXDSys Compatibility Synchronisation service failed to start

due to the following error: %%2

Error - 11/22/2010 1:54:50 PM | Computer Name = KENNETH | Source = Service Control Manager | ID = 7000

Description = The VFXDSys Compatibility Synchronisation service failed to start

due to the following error: %%2

Error - 11/22/2010 1:54:57 PM | Computer Name = KENNETH | Source = WMIxWDM | ID = 327800

Description =

Error - 11/22/2010 1:54:57 PM | Computer Name = KENNETH | Source = WMIxWDM | ID = 327803

Description =

Error - 11/22/2010 1:54:57 PM | Computer Name = KENNETH | Source = WMIxWDM | ID = 327800

Description =

< End of report >

< End of report >

Link to post
Share on other sites

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

It wont run. I use windows xp 64. Is that a problem?

nydoc

Link to post
Share on other sites

Never tried on x64 xp it runs on all other x64 os.

Please click here to download Kaspersky Virus Removal Tool.

  1. Double click on the file you just downloaded and let it install.
  2. It will install to your desktop.
  3. After that leave what is selected and put a check next to My Computer.
  4. Click on the option that says Threat Detection and change it to Disinfect.
  5. Then click on Start Scan.
  6. When the scan is done no log will be produced.
  7. Click on the bottom where it says Report to open the report.
  8. Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
  9. This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  10. You can save this on the desktop.
  11. Post the contents of the document in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Link to post
Share on other sites

Never tried on x64 xp it runs on all other x64 os.

Please click here to download Kaspersky Virus Removal Tool.

  1. Double click on the file you just downloaded and let it install.
  2. It will install to your desktop.
  3. After that leave what is selected and put a check next to My Computer.
  4. Click on the option that says Threat Detection and change it to Disinfect.
  5. Then click on Start Scan.
  6. When the scan is done no log will be produced.
  7. Click on the bottom where it says Report to open the report.
  8. Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
  9. This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  10. You can save this on the desktop.
  11. Post the contents of the document in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

11/30/2010 5:28:01 PM Will be deleted on system restart: Trojan-Dropper.Win32.VB.arqs C:\Documents and Settings\Kenneth L Shapiro\My Documents\Downloads\firefox-update(2).exe

11/30/2010 5:27:43 PM Will be deleted on system restart: Trojan-Downloader.Win32.CodecPack.sjt C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temp\ovs.exe

11/30/2010 5:27:33 PM Will be deleted on system restart: Trojan-Downloader.Win32.CodecPack.sjt C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temp\Ovr.exe

11/30/2010 5:26:16 PM Will be deleted on system restart: Trojan-Downloader.Win32.CodecPack.sjt C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temp\ovs.exe

11/30/2010 5:25:57 PM Will be deleted on system restart: Trojan-Downloader.Win32.CodecPack.sjt C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temp\Ovr.exe

11/30/2010 5:25:27 PM Will be deleted on system restart: Trojan-Downloader.Win32.CodecPack.sjt C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temp\Ovr.exe

11/30/2010 5:25:17 PM Task started

11/30/2010 5:28:37 PM Task completed

11/30/2010 5:27:53 PM Detected: Trojan-Dropper.Win32.VB.arqs C:\Documents and Settings\Kenneth L Shapiro\My Documents\Downloads\firefox-update(2).exe

11/30/2010 5:27:33 PM Detected: Trojan-Downloader.Win32.CodecPack.sjt C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temp\ovs.exe

11/30/2010 5:27:28 PM Detected: Trojan-Downloader.Win32.CodecPack.sjt C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temp\Ovr.exe

11/30/2010 5:25:57 PM Detected: Trojan-Downloader.Win32.CodecPack.sjt C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temp\ovs.exe

11/30/2010 5:25:46 PM Detected: Trojan-Downloader.Win32.CodecPack.sjt C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temp\Ovr.exe

11/30/2010 5:25:18 PM Detected: Trojan-Downloader.Win32.CodecPack.sjt C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temp\Ovr.exe

11/30/2010 5:28:01 PM Cannot be deleted: Trojan-Dropper.Win32.VB.arqs C:\Documents and Settings\Kenneth L Shapiro\My Documents\Downloads\firefox-update(2).exe Object is locked

Autoscan: stopped 6 minutes ago (events: 3, objects: 46, time: 00:01:30)

11/30/2010 5:25:17 PM Task stopped

11/30/2010 5:23:47 PM Task started

11/30/2010 5:23:53 PM Detected: Trojan-Downloader.Win32.CodecPack.sjt C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temp\Ovr.exe

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2010/11/22 16:10:06 | 000,000,312 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
    [2010/11/22 16:02:00 | 000,000,270 | -H-- | M] () -- C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
    [2010/11/22 15:36:07 | 000,000,312 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

    :Files
    C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temp\Ovs.exe ()
    C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temp\Ovr.exe ()
    C:\Documents and Settings\Kenneth L Shapiro\My Documents\Downloads\firefox-update(2).exe

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

================================Malwarebytes' Anti-Malware=================================

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2010/11/22 16:10:06 | 000,000,312 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
    [2010/11/22 16:02:00 | 000,000,270 | -H-- | M] () -- C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
    [2010/11/22 15:36:07 | 000,000,312 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

    :Files
    C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temp\Ovs.exe ()
    C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temp\Ovr.exe ()
    C:\Documents and Settings\Kenneth L Shapiro\My Documents\Downloads\firefox-update(2).exe

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

================================Malwarebytes' Anti-Malware=================================

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

->Temporary Internet Files folder emptied: 392389227 bytes

->Java cache emptied: 5781873 bytes

->FireFox cache emptied: 106595941 bytes

->Flash cache emptied: 174252 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 402 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2168024 bytes

%systemroot%\System32 .tmp files removed: 4265 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1727869 bytes

RecycleBin emptied: 1305351 bytes

Total Files Cleaned = 868.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 12012010_112651

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temp\~DFA464.tmp not found!

File\Folder C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temp\~DFA46E.tmp not found!

File\Folder C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temp\~DFA4C0.tmp not found!

File\Folder C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temp\~DFA4CA.tmp not found!

File\Folder C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temp\~DFA5AB.tmp not found!

File\Folder C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temp\~DFA5B5.tmp not found!

C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temporary Internet Files\Content.IE5\KBRTXCFE\iframe[2].htm moved successfully.

C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temporary Internet Files\Content.IE5\8Y3EHTPQ\index[2].htm moved successfully.

C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temporary Internet Files\Content.IE5\0RM4V0FY\index[3].htm moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

->Temporary Internet Files folder emptied: 392389227 bytes

->Java cache emptied: 5781873 bytes

->FireFox cache emptied: 106595941 bytes

->Flash cache emptied: 174252 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 402 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2168024 bytes

%systemroot%\System32 .tmp files removed: 4265 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1727869 bytes

RecycleBin emptied: 1305351 bytes

Total Files Cleaned = 868.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 12012010_112651

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temp\~DFA464.tmp not found!

File\Folder C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temp\~DFA46E.tmp not found!

File\Folder C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temp\~DFA4C0.tmp not found!

File\Folder C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temp\~DFA4CA.tmp not found!

File\Folder C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temp\~DFA5AB.tmp not found!

File\Folder C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temp\~DFA5B5.tmp not found!

C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temporary Internet Files\Content.IE5\KBRTXCFE\iframe[2].htm moved successfully.

C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temporary Internet Files\Content.IE5\8Y3EHTPQ\index[2].htm moved successfully.

C:\Documents and Settings\Kenneth L Shapiro\Local Settings\Temporary Internet Files\Content.IE5\0RM4V0FY\index[3].htm moved successfully.

Registry entries deleted on Reboot...

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5228

Windows 5.2.3790 Service Pack 2

Internet Explorer 8.0.6001.18702

12/1/2010 2:08:13 PM

mbam-log-2010-12-01 (14-08-13).txt

Scan type: Full scan (C:\|)

Objects scanned: 186768

Time elapsed: 6 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 5

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\6BTOP2GA8A (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\HJRUDZ5DT2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\kenneth l shapiro\local settings\application data\5377909.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.

Link to post
Share on other sites

How are things running?

Please open OTL once more and click on Run scan at the top and post the new log that opens.

Also let me know of any remaining issues.

OTL logfile created on: 12/1/2010 3:36:58 PM - Run 5

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Kenneth L Shapiro\My Documents\OTL

64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 87.89 Gb Total Space | 79.15 Gb Free Space | 90.06% Space Free | Partition Type: NTFS

Computer Name: KENNETH | User Name: Kenneth L Shapiro | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Documents and Settings\Kenneth L Shapiro\My Documents\OTL\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe (Apache Software Foundation)

PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Kenneth L Shapiro\My Documents\OTL\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\SysWOW64\comres.dll (Microsoft Corporation)

MOD - C:\WINDOWS\SysWOW64\wbem\framedyn.dll (Microsoft Corporation)

MOD - C:\WINDOWS\SysWOW64\MSCTFIME.IME (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5FA17F4E\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (xmlprov) -- C:\WINDOWS\SysNative\xmlprov.dll File not found

SRV:64bit: - (WZCSVC) -- C:\WINDOWS\SysNative\wzcsvc.dll File not found

SRV:64bit: - (Wmi) -- C:\WINDOWS\SysNative\advapi32.dll File not found

SRV:64bit: - (UPS) -- C:\WINDOWS\SysNative\ups.exe File not found

SRV:64bit: - (UMWdf) -- C:\WINDOWS\SysNative\wdfmgr.exe File not found

SRV:64bit: - (TlntSvr) -- C:\WINDOWS\SysNative\tlntsvr.exe File not found

Link to post
Share on other sites

Can you repost that it seems to have been cut off?

Thank you.

OTL logfile created on: 12/1/2010 3:36:58 PM - Run 5

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Kenneth L Shapiro\My Documents\OTL

64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 87.89 Gb Total Space | 79.15 Gb Free Space | 90.06% Space Free | Partition Type: NTFS

Computer Name: KENNETH | User Name: Kenneth L Shapiro | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Documents and Settings\Kenneth L Shapiro\My Documents\OTL\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe (Apache Software Foundation)

PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Kenneth L Shapiro\My Documents\OTL\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\SysWOW64\comres.dll (Microsoft Corporation)

MOD - C:\WINDOWS\SysWOW64\wbem\framedyn.dll (Microsoft Corporation)

MOD - C:\WINDOWS\SysWOW64\MSCTFIME.IME (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5FA17F4E\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (xmlprov) -- C:\WINDOWS\SysNative\xmlprov.dll File not found

SRV:64bit: - (WZCSVC) -- C:\WINDOWS\SysNative\wzcsvc.dll File not found

SRV:64bit: - (Wmi) -- C:\WINDOWS\SysNative\advapi32.dll File not found

SRV:64bit: - (UPS) -- C:\WINDOWS\SysNative\ups.exe File not found

SRV:64bit: - (UMWdf) -- C:\WINDOWS\SysNative\wdfmgr.exe File not found

SRV:64bit: - (TlntSvr) -- C:\WINDOWS\SysNative\tlntsvr.exe File not found

SRV:64bit: - (SysmonLog) -- C:\WINDOWS\SysNative\smlogsvc.exe File not found

SRV:64bit: - (srservice) -- C:\WINDOWS\SysNative\srsvc.dll File not found

SRV:64bit: - (SCardSvr) -- C:\WINDOWS\SysNative\SCardSvr.exe File not found

SRV:64bit: - (RDSessMgr) -- C:\WINDOWS\SysNative\sessmgr.exe File not found

SRV:64bit: - (PlugPlay) -- C:\WINDOWS\SysNative\services.exe File not found

SRV:64bit: - (NVSvc) -- C:\WINDOWS\SysNative\nvsvc64.exe File not found

SRV:64bit: - (NtmsSvc) -- C:\WINDOWS\SysNative\ntmssvc.dll File not found

SRV:64bit: - (NetDDEdsdm) -- C:\WINDOWS\SysNative\netdde.exe File not found

SRV:64bit: - (NetDDE) -- C:\WINDOWS\SysNative\netdde.exe File not found

SRV:64bit: - (mnmsrvc) -- C:\WINDOWS\SysNative\mnmsrvc.exe File not found

SRV:64bit: - (Messenger) -- C:\WINDOWS\SysNative\msgsvc.dll File not found

SRV:64bit: - (ImapiService) -- C:\WINDOWS\SysNative\imapi.exe File not found

SRV:64bit: - (HTTPFilter) -- C:\WINDOWS\SysNative\w3ssl.dll File not found

SRV:64bit: - (Eventlog) -- C:\WINDOWS\SysNative\services.exe File not found

SRV:64bit: - (ERSvc) -- C:\WINDOWS\SysNative\ersvc.dll File not found

SRV:64bit: - (dmserver) -- C:\WINDOWS\SysNative\dmserver.dll File not found

SRV:64bit: - (dmadmin) -- C:\WINDOWS\SysNative\dmadmin.exe File not found

SRV:64bit: - (ClipSrv) -- C:\WINDOWS\SysNative\clipsrv.exe File not found

SRV:64bit: - (CiSvc) -- C:\WINDOWS\SysNative\cisvc.exe File not found

SRV:64bit: - (AppMgmt) -- C:\WINDOWS\SysNative\appmgmts.dll File not found

SRV:64bit: - (Alerter) -- C:\WINDOWS\SysNative\alrsvc.dll File not found

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (nSvcIp) -- C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)

SRV - (nSvcLog) -- C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation)

SRV - (ForcewareWebInterface) -- C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)

SRV - (helpsvc) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (UMWdf) -- C:\WINDOWS\SysWOW64\wdfmgr.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (wdmaud) -- C:\WINDOWS\SysNative\drivers\wdmaud.sys File not found

DRV:64bit: - (Update) -- C:\WINDOWS\SysNative\DRIVERS\update.sys File not found

DRV:64bit: - (sysaudio) -- C:\WINDOWS\SysNative\drivers\sysaudio.sys File not found

DRV:64bit: - (swmidi) -- C:\WINDOWS\SysNative\drivers\swmidi.sys File not found

DRV:64bit: - (sr) -- C:\WINDOWS\SysNative\DRIVERS\sr.sys File not found

DRV:64bit: - (splitter) -- C:\WINDOWS\SysNative\drivers\splitter.sys File not found

DRV:64bit: - (setup_9.0.0.722_01.12.2010_02-17drv) -- C:\WINDOWS\SysNative\DRIVERS\0490416.sys File not found

DRV:64bit: - (redbook) -- C:\WINDOWS\SysNative\DRIVERS\redbook.sys File not found

DRV:64bit: - (Raspti) -- C:\WINDOWS\SysNative\DRIVERS\raspti.sys File not found

DRV:64bit: - (Ptilink) -- C:\WINDOWS\SysNative\DRIVERS\ptilink.sys File not found

DRV:64bit: - (PSched) -- C:\WINDOWS\SysNative\DRIVERS\psched.sys File not found

DRV:64bit: - (nvnetbus) -- C:\WINDOWS\SysNative\DRIVERS\nvnetbus.sys File not found

DRV:64bit: - (NVENETFD) -- C:\WINDOWS\SysNative\DRIVERS\NVENETFD.sys File not found

DRV:64bit: - (nvata64) -- C:\WINDOWS\SysNative\DRIVERS\nvata64.sys File not found

DRV:64bit: - (nv) -- C:\WINDOWS\SysNative\DRIVERS\nv4_mini.sys File not found

DRV:64bit: - (MTsensor) -- C:\WINDOWS\SysNative\DRIVERS\ASACPI.sys File not found

DRV:64bit: - (MBAMProtector) -- C:\WINDOWS\SysNative\drivers\mbam.sys File not found

DRV:64bit: - (kmixer) -- C:\WINDOWS\SysNative\drivers\kmixer.sys File not found

DRV:64bit: - (IPSec) -- C:\WINDOWS\SysNative\DRIVERS\ipsec.sys File not found

DRV:64bit: - (IpInIp) -- C:\WINDOWS\SysNative\DRIVERS\ipinip.sys File not found

DRV:64bit: - (Ip6Fw) -- C:\WINDOWS\SysNative\DRIVERS\Ip6Fw.sys File not found

DRV:64bit: - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\SysNative\drivers\RTKHDA64.SYS File not found

DRV:64bit: - (imapi) -- C:\WINDOWS\SysNative\DRIVERS\imapi.sys File not found

DRV:64bit: - (Gpc) -- C:\WINDOWS\SysNative\DRIVERS\msgpc.sys File not found

DRV:64bit: - (Ftdisk) -- C:\WINDOWS\SysNative\DRIVERS\ftdisk.sys File not found

DRV:64bit: - (dmload) -- C:\WINDOWS\SysNative\drivers\dmload.sys File not found

DRV:64bit: - (dmio) -- C:\WINDOWS\SysNative\drivers\dmio.sys File not found

DRV:64bit: - (dmboot) -- C:\WINDOWS\SysNative\drivers\dmboot.sys File not found

DRV:64bit: - (CdaD10BA) -- C:\WINDOWS\SysNative\DRIVERS\CdaD10BA.sys File not found

DRV:64bit: - (CdaC15BA) -- C:\WINDOWS\SysNative\DRIVERS\CdaC15BA.sys File not found

DRV:64bit: - (audstub) -- C:\WINDOWS\SysNative\DRIVERS\audstub.sys File not found

DRV:64bit: - (Atmarpc) -- C:\WINDOWS\SysNative\DRIVERS\atmarpc.sys File not found

DRV:64bit: - (aec) -- C:\WINDOWS\SysNative\drivers\aec.sys File not found

DRV:64bit: - (04904162) -- C:\WINDOWS\SysNative\DRIVERS\04904162.sys File not found

DRV:64bit: - (04904161) -- C:\WINDOWS\SysNative\DRIVERS\04904161.sys File not found

DRV - (rkhdrv40) -- C:\WINDOWS\SysWow64\drivers\rkhdrv40.sys ()

DRV - (mnmdd) -- C:\WINDOWS\SysWow64\mnmdd.dll (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 7F 5A D5 1B 90 CB 01 [binary data]

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: qtl.co.il@gmail.com:14.3

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ff [2010/06/25 09:48:01 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/15 11:58:08 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/19 14:08:07 | 000,000,000 | ---D | M]

[2010/06/24 12:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kenneth L Shapiro\Application Data\Mozilla\Extensions

[2010/06/24 12:16:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kenneth L Shapiro\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/12/01 14:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kenneth L Shapiro\Application Data\Mozilla\Firefox\Profiles\gqqxf61r.default\extensions

[2010/10/12 15:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kenneth L Shapiro\Application Data\Mozilla\Firefox\Profiles\gqqxf61r.default\extensions\qtl.co.il@gmail.com

[2010/10/12 15:46:27 | 000,002,109 | ---- | M] () -- C:\Documents and Settings\Kenneth L Shapiro\Application Data\Mozilla\Firefox\Profiles\gqqxf61r.default\searchplugins\qtl.xml

[2010/12/01 14:29:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/10/28 15:19:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/06/25 09:48:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/09/02 08:21:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/10/28 15:19:16 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll

[2010/10/28 15:19:16 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll

[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/10/28 15:19:17 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll

[2010/11/06 11:37:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

[2010/10/06 16:03:29 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/10/06 16:03:29 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml

[2010/10/06 16:03:29 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/10/06 16:03:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml

[2010/10/06 16:03:29 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml

[2010/10/06 16:03:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/10/06 16:03:29 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

Hosts file not found

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SysNative\browseui.dll File not found

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\SysNative\NvCpl.DLL File not found

O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\SysNative\NvMcTray.DLL File not found

O4:64bit: - HKLM..\Run: [nwiz] File not found

O4:64bit: - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [skyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [soundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\SysWOW64\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\Kenneth L Shapiro\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O4 - Startup: C:\Documents and Settings\Kenneth L Shapiro\Start Menu\Programs\Startup\setup_9.0.0.722_01.12.2010_02-17.lnk = C:\Documents and Settings\Kenneth L Shapiro\My Documents\Virus Removal Tool\setup_9.0.0.722_01.12.2010_02-17\startup.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SysNative\mswsock.dll File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SysNative\winrnr.dll File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SysNative\mswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SysNative\mswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SysNative\mswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SysNative\mswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SysNative\mswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SysNative\mswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SysWOW64\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} https://nrepf01.tenethealth.com/msrdp.cab (Microsoft RDP Client Control (redist))

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.253

O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found

O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SysNative\urlmon.dll File not found

O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SysNative\msvidctl.dll File not found

O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found

O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found

O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found

O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found

O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found

O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysNative\itss.dll File not found

O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found

O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found

O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found

O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SysNative\inetcomm.dll File not found

O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll File not found

O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysNative\itss.dll File not found

O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found

O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SysNative\mshtml.dll File not found

O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SysNative\msvidctl.dll File not found

O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found

O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysNative\wiascr.dll File not found

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SysWOW64\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SysWOW64\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SysWOW64\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysWOW64\wiascr.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SysNative\urlmon.dll File not found

O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysNative\urlmon.dll File not found

O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysNative\urlmon.dll File not found

O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysNative\urlmon.dll File not found

O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SysNative\SHELL32.dll File not found

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe File not found

O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysNative\logonui.exe File not found

O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\SysWow64\shell32.dll (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: System - (lsass.exe) - File not found

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysWOW64\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\SysWow64\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\SysWow64\sysdm.cpl (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found

O20:64bit: - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found

O20:64bit: - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found

O20:64bit: - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found

O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found

O20:64bit: - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found

O20:64bit: - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found

O20:64bit: - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found

O20:64bit: - Winlogon\Notify\termsrv: DllName - Reg Error: Key error. - File not found

O20:64bit: - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\SysWow64\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\SysWow64\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\SysWow64\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - C:\WINDOWS\SysWow64\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\EFS: DllName - sclgntfy.dll - C:\WINDOWS\SysWow64\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\SysWow64\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found

O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SysNative\SHELL32.dll File not found

O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SysNative\SHELL32.dll File not found

O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysNative\stobject.dll File not found

O21:64bit: - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\SysNative\upnpui.dll File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SysNative\webcheck.dll File not found

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SysWOW64\webcheck.dll (Microsoft Corporation)

O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SysNative\browseui.dll File not found

O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SysNative\browseui.dll File not found

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Windows XP.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Windows XP.bmp

O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\SysWow64\shell32.dll (Microsoft Corporation)

O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\SysWow64\msapsspc.dll (Microsoft Corporation)

O29:64bit: - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)

O29:64bit: - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\SysWow64\digest.dll (Microsoft Corporation)

O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\SysWow64\msnsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\SysWow64\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\SysWow64\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\SysWow64\msnsspc.dll (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysWow64\kerberos.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (schannel) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysWow64\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysWow64\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysWow64\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/08/17 20:17:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/01 11:26:51 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/11/30 17:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kenneth L Shapiro\My Documents\Virus Removal Tool

[2010/11/22 16:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Redirected

[2010/11/22 16:27:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip

[2010/11/22 16:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kenneth L Shapiro\My Documents\OTL

[2010/11/19 11:42:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Kenneth L Shapiro\IECompatCache

[2010/11/17 16:38:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2010/11/15 17:37:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kenneth L Shapiro\My Documents\Internet codes

[2010/11/15 14:56:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010/11/15 12:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kenneth L Shapiro\Application Data\Malwarebytes

[2010/11/15 12:06:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys

[2010/11/15 12:06:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/11/15 12:06:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

========== Files - Modified Within 30 Days ==========

[2010/12/01 14:10:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/30 17:25:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\SysWow64\d3d9caps.dat

[2010/11/30 17:20:45 | 000,002,373 | ---- | M] () -- C:\Documents and Settings\Kenneth L Shapiro\Start Menu\Programs\Startup\setup_9.0.0.722_01.12.2010_02-17.lnk

[2010/11/30 12:12:38 | 000,024,448 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\rkhdrv40.sys

[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys

[2010/11/29 16:22:50 | 000,002,507 | ---- | M] () -- C:\Documents and Settings\Kenneth L Shapiro\Desktop\HiJackThis.lnk

[2010/11/19 14:08:07 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/11/15 17:31:01 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/15 11:48:37 | 000,000,005 | ---- | M] () -- C:\WINDOWS\empz321

========== Files Created - No Company Name ==========

[2010/11/30 17:20:45 | 000,002,373 | ---- | C] () -- C:\Documents and Settings\Kenneth L Shapiro\Start Menu\Programs\Startup\setup_9.0.0.722_01.12.2010_02-17.lnk

[2010/11/22 16:37:18 | 000,024,448 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\rkhdrv40.sys

[2010/11/17 16:38:25 | 000,002,507 | ---- | C] () -- C:\Documents and Settings\Kenneth L Shapiro\Desktop\HiJackThis.lnk

[2010/11/17 12:47:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\SysWow64\d3d9caps.dat

[2010/11/15 12:06:48 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/02/22 10:53:47 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini

[2010/01/11 16:12:50 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009/08/17 20:26:55 | 000,017,790 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2009/08/17 20:26:38 | 000,017,541 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009/08/17 20:26:33 | 000,012,536 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\ASUSHWIO.SYS

[2009/08/17 12:57:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2007/02/18 04:00:00 | 001,278,464 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll

[2007/02/18 04:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll

[2007/02/18 04:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll

[2007/02/18 04:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll

[2007/02/18 04:00:00 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll

[2007/02/18 04:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll

[2007/02/18 04:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll

[2007/02/18 04:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll

[2007/02/18 04:00:00 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll

[2007/02/18 04:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll

[2007/02/18 04:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll

[2007/02/18 04:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll

[2007/02/18 04:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll

[2007/02/18 04:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll

[2007/02/18 04:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll

[2007/02/18 04:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll

[2007/02/18 04:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll

[2007/02/18 04:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll

[2006/10/30 22:35:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\SysWow64\nview.dll

[2006/10/30 22:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\SysWow64\nvwimg.dll

[2006/10/30 22:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\SysWow64\nvapi.dll

========== LOP Check ==========

[2010/11/22 16:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redirected

[2010/02/22 10:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kenneth L Shapiro\Application Data\ICAClient

[2010/06/25 09:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kenneth L Shapiro\Application Data\OpenOffice.org

[2009/11/12 17:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kenneth L Shapiro\Application Data\Raintree

[2010/12/01 14:09:23 | 000,032,288 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

I have not seen any so far. It seems like kind of a cat and mouse game. Do people place trojans for maliciousness or are there other motives? Is there a way to learn about the tools that spot the trojans for future use? What ways are best to prevent infection? I am new to the forum and I don't know what is customary. Is the donation to the forum or personal? Is there a usual amount? So far so good but I will watch for any irregularities.\

nydoc

Link to post
Share on other sites

Do people place trojans for maliciousness or are there other motives?
Both mainly it is for monetary purposes.
Is there a way to learn about the tools that spot the trojans for future use?
To learn how to use the tools we use you would have to go through training at an online training camp.

Here are a few: http://www.geekstogo.com/forum/topic/4817-...-fight-malware/

http://forums.whatthetech.com/index.php?showtopic=80368

http://www.bleepingcomputer.com/forums/topic86678.html

What ways are best to prevent infection?
I will give tips and preventions when we close this.
Is the donation to the forum or personal?
That goes directly to me personally. What ever amount you are fine with is fine with me :D

Let me know if appears to be normal now and we can wrap it up. :)

Link to post
Share on other sites

Both mainly it is for monetary purposes.

To learn how to use the tools we use you would have to go through training at an online training camp.

Here are a few: http://www.geekstogo.com/forum/topic/4817-...-fight-malware/

http://forums.whatthetech.com/index.php?showtopic=80368

http://www.bleepingcomputer.com/forums/topic86678.html

I will give tips and preventions when we close this.

That goes directly to me personally. What ever amount you are fine with is fine with me :(

Let me know if appears to be normal now and we can wrap it up. :)

It seems okay now. I haven't had a problem in a few days. I will check out those sites. I am more of a toms hardware person but all aspects of computers interest me. I will contact paypal and I appreciate the help.

Ken

Link to post
Share on other sites

You are welcome safe surfing.

======Next======

  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "(JRE) then click on it
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

After that your all set.

===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

How did I get infected in the first place? Also this one by Tony Klein.

If your computer is slow Things you can do if your computer is slow.

PC Safety and Security - What Do I Need? Security suggestions and general hints and tips for PC security.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...

===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware

superantispyware

===Free antivirus links===

This is antivirus and antispyware.

Microsoft Security Essentials

This is free antispyware protection and Antivirus protection.

AVG free

This is just antivirus protection.

Antivir

This is antivirus and antispyware protection.

Avast

Link to post
Share on other sites

  • 3 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.