Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Obviously in need of help - major redirect issues

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Obviously in need of help - major redirect issues

Unread postby runrunlisa » January 2nd, 2010, 12:52 am

Please help. Here is the log file. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:11 PM, on 1/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RayV\RayV\RayV.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [\\REICHMANN-COMP\EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P47 "\\REICHMANN-COMP\EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {3B1E1AB9-98C2-4B7E-AE01-59C84302BBDB} (RayVActiveXCtrl Object) - http://update.rayv.com/viewer/webinstal ... ctivex.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://webmail.gsa.gov/scoggemscm402/iNotes6W.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8942.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c15/v ... boax10.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.winkflash.com/photo/loaders/ ... oader3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Fac ... der4_5.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://webmail.gsa.gov/scoggemscm402/dwa7W.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11610 bytes
runrunlisa
Active Member
 
Posts: 11
Joined: January 2nd, 2010, 12:47 am
Advertisement
Register to Remove

Re: Obviously in need of help - major redirect issues

Unread postby MWR 3 day Mod » January 7th, 2010, 1:43 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Obviously in need of help - major redirect issues

Unread postby shinybeast » January 9th, 2010, 9:30 pm

Hello and welcome to Malware Removal Forums

My handle is shinybeast and I will be assisting you in the removal of malware your computer may have.

Please follow these guidelines as we work to clean your computer.
  • Read through the instructions before you perform them and if you have questions please ask before you perform them. Please do not guess. I will be happy to clarify or explain.
  • Perform all instructions in the order given.
  • Stick with the process until I give you an "all clean." If the symptoms are gone, it does not necessarily mean your computer is safe and secure.
  • The instructions assume you are using an account with administrator privileges.
  • Do not run any other tools to remove malware while we are working.
  • Post all responses in a reply to this topic - Please do not start a new topic.
  • If your security software throws up warnings about some of these tools, please allow these tools to run, they are safe.
  • If you have not done so, please take time to read the Malware Removal Forum Guidelines and Rules and How to get help at this forum where the conditions for receiving help at this forum are explained.
NOTE: I am in training here at Malware Removal University.
I must get my replies to you approved by a malware expert which means it could take slightly longer to get back to you.
Your patience is appreciated. :)


Installed Program List

It would be helpful to see a list of programs installed on your computer.

  • Please start Hijackthis
  • Click the Open the Misc Tools section button
  • Click the Open Uninstall Manager... under System Tools

You will see a list of programs installed on your computer.
Please click the Save List... button and specify where you would like to save the list.
Once you click Save, the list will open in Notepad. Simply copy and paste the entire contents of Notepad in your next post.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Obviously in need of help - major redirect issues

Unread postby runrunlisa » January 10th, 2010, 7:22 pm

Thanks for your help-- here is the list:

ACDSee 8
Adobe Acrobat 5.0
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 2.0
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.7
Adobe Shockwave Player 11
Adobe® Photoshop® Album Starter Edition 3.0
Agere Systems AC'97 Modem
ALPS Touch Pad Driver
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Any Audio Converter 1.1.0
AVG 8.5
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Critical Update for Windows Media Player 11 (KB959772)
Crown of the North
Easy Internet Sign-up
EPSON Printer Software
EU2 - Asian Chapter
Hearts of Iron
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Help and Support
HP Pavillion dv4000 User Guides
HP PrecisionScan LTX
HP ScanJet Scan-to-Web Wizard
HP Update
HP Wireless Assistant 1.01 A3
Imaging for Windows® 2.8
Intel(R) Graphics Media Accelerator Driver for Mobile
InterActual Player
InterVideo WinDVD
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Office Standard Edition 2003
Microsoft Rise Of Nations
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
muvee autoProducer 4.0 - SE
MyCM-POS 1.8.b3
OpenOffice.org Installer 1.0
Picasa 2
Quick Launch Buttons 5.10 A2
QuickTime
RayV
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sid Meier's SimGolf
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SoundMAX
Texas Instruments PCIxx21/x515 drivers.
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wmdiper
TurboTax 2008 wrapper
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006
Two Thrones
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
UserGuides
VC 9.0 Runtime
VC 9.0 Runtime
Victoria
WexTech AnswerWorks
Windows Genuine Advantage v1.3.0254.0
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
World Series of Poker Deluxe Casion Pak
Yahoo! Photos Easy Upload Tool 1v7
Yahoo! Toolbar for Internet Explorer
Zone Deluxe Games
ZoneAlarm
ZoneAlarm Spy Blocker
runrunlisa
Active Member
 
Posts: 11
Joined: January 2nd, 2010, 12:47 am

Re: Obviously in need of help - major redirect issues

Unread postby shinybeast » January 11th, 2010, 12:35 pm

Hi runrunlisa,

Let's get a deeper look.


Scan with OTL

Click here to download OTL by OldTimer and save it to your Desktop
  • Close all other open windows, then double-click OTL.exe to start OTL
  • Under Output, ensure that Minimal Output is selected
  • Under the Standard Registry box change it to All
  • Copy the text in the code box below and paste it into the Custom Scans/Fixes box (under the cyan line at the bottom of the window)
    Code: Select all
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  • Click Run Scan in upper left of window.
  • When the scan is finished, two logs will open:
    OTL.Txt <-- Will be opened
    Extras.Txt <-- Will be minimized
  • Please post the contents of these two logs in your next reply.


Scan with GMER

Click here to download GMER Rootkit Scanner and save it to your desktop.
  • Temporarily disable your security programs and disconnect from the internet.
    A guide to disabling security programs can be found here.
  • Close all open windows.
  • Double click the randomly named GMER file. If asked to allow gmer driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked.
  • Uncheck the following boxes:
    • Sections
    • IAT/EAT
    • Files
    • Show All
  • Then click the Scan button and wait for it to finish
  • Once done click on the Save.. button at lower right, and in the File name area, type in "ark.txt" (include the quotes) or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.


Please include GMER log (ark.txt) and both OTL logs (otl.txt and extras.txt) in your next reply along with more information about the redirects and issues you are experiencing.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Obviously in need of help - major redirect issues

Unread postby runrunlisa » January 12th, 2010, 4:23 pm

Thanks- I will take the steps you outlined as soon as I can get back onto that computer- it's been freezing up and shutting down with more frequency since it was infected. In the meantime, more about the redirects and issues:
The redirects started about a month ago now and only (to my knowledge) in Yahoo when I search from the main page and attempt to click on any link in the search results. Instead it takes me to a paid advertising search page. In addition, I often get a pop-up screen with the same advertising message (something to the extent of "make money from working at home"). As time has gone by, I have been experiencing increasing automatic shutdowns of Internet Explorer and computer freeze-ups that require me to restart the whole computer (which is what is going on now with that computer).
I will run the scans you requested as soon as I get back on the infected computer. Thanks again for your help.
runrunlisa
Active Member
 
Posts: 11
Joined: January 2nd, 2010, 12:47 am

Re: Obviously in need of help - major redirect issues

Unread postby shinybeast » January 12th, 2010, 5:36 pm

OK, thanks for the info. :)
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Obviously in need of help - major redirect issues

Unread postby runrunlisa » January 12th, 2010, 6:59 pm

Working on getting you the logs but FYI, this is the popup that comes up repeatedly (not sure if you want to click on the link or not...but in case it is helpful):
yourinputsurvey.com
runrunlisa
Active Member
 
Posts: 11
Joined: January 2nd, 2010, 12:47 am

Re: Obviously in need of help - major redirect issues

Unread postby runrunlisa » January 12th, 2010, 7:34 pm

OK- here are the OTL logs:
OTL.Txt:
OTL logfile created on: 1/12/2010 3:28:11 PM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\Dan & Lisa Reichmann\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 699.00 Mb Available Physical Memory | 69.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.33 Gb Total Space | 26.78 Gb Free Space | 36.02% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: REICHMANNHP
Current User Name: Dan & Lisa Reichmann
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Dan & Lisa Reichmann\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\RayV\RayV\RayV.exe (RayV)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
PRC - C:\Program Files\HPQ\Shared\hpqwmi.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe ()
PRC - C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe (Hewlett-Packard )
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
PRC - C:\Program Files\Apoint2K\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Dan & Lisa Reichmann\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (hpqwmi) -- C:\Program Files\HPQ\Shared\hpqwmi.exe (Hewlett-Packard Development Company, L.P.)
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe ()
SRV - (iPodService) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Driver Services (SafeList) ==========

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (aeaudio) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (smwdm) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Company)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Company)
DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices Inc)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/02 18:55:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/03 04:06:23 | 00,000,000 | ---D | M]


O1 HOSTS File: (727 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [\\REICHMANN-COMP\EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3B1E1AB9-98C2-4B7E-AE01-59C84302BBDB} http://update.rayv.com/viewer/webinstal ... ctivex.cab (RayVActiveXCtrl Object)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://webmail.gsa.gov/scoggemscm402/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://coupons.smartsource.com/download/cscmv5X.cab (CMV5 Class)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Fac ... oader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resour ... se8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.quickbooks.com/c15/v ... boax10.cab (QuickBooks Online Edition Utilities Class v10)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://www.winkflash.com/photo/loaders/ ... oader3.cab (Aurigma Image Uploader 3.0 Control)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/Fac ... der4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://webmail.gsa.gov/scoggemscm402/dwa7W.cab (Domino Web Access 7 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Dan & Lisa Reichmann\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dan & Lisa Reichmann\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1b4778ee-9f25-11de-a257-0012f0a817b9}\Shell - "" = AutoRun
O33 - MountPoints2\{1b4778ee-9f25-11de-a257-0012f0a817b9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1b4778ee-9f25-11de-a257-0012f0a817b9}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{6905eae6-0bed-11de-a1c7-0012f0a817b9}\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
O33 - MountPoints2\{77126b87-a359-11dd-a138-0012f0a817b9}\Shell\AutoRun\command - "" = E:\wdsync.exe -- File not found
O33 - MountPoints2\{cefca114-765e-11dc-aadd-0012f0a817b9}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{cefca114-765e-11dc-aadd-0012f0a817b9}\Shell\Shell00\Command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{cefca114-765e-11dc-aadd-0012f0a817b9}\Shell\Shell01\Command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{cefca114-765e-11dc-aadd-0012f0a817b9}\Shell\Shell02\Command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/05/22 00:07:23 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (50950475477942272)

========== Files/Folders - Created Within 30 Days ==========

[2010/01/12 15:25:28 | 00,544,256 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan & Lisa Reichmann\Desktop\OTL.exe
[2010/01/01 23:42:02 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/19 22:59:26 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/12/19 19:55:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan & Lisa Reichmann\Application Data\Malwarebytes
[2009/12/19 19:54:57 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/19 19:54:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/19 19:54:53 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/19 19:54:53 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/19 19:19:22 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2009/06/29 07:40:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
[2009/02/16 12:50:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2009/02/16 12:50:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2008/09/13 23:49:46 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/09/13 08:55:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/05/03 07:25:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/05/03 07:25:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/12 15:26:20 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Dan & Lisa Reichmann\Desktop\8cq82bjl.exe
[2010/01/12 15:25:38 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan & Lisa Reichmann\Desktop\OTL.exe
[2010/01/12 08:35:46 | 47,727,135 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/12 08:35:46 | 00,138,891 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/09 14:14:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekend Scanner.job
[2010/01/08 22:04:45 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Dan & Lisa Reichmann\My Documents\Pre-Program Basebuilding.doc
[2010/01/08 20:39:38 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/08 20:38:01 | 00,350,196 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/01/08 20:36:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/08 20:36:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/08 20:36:40 | 10,637,68064 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/08 20:35:17 | 06,815,744 | -H-- | M] () -- C:\Documents and Settings\Dan & Lisa Reichmann\NTUSER.DAT
[2010/01/08 20:35:17 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Dan & Lisa Reichmann\ntuser.ini
[2010/01/03 17:09:49 | 00,124,928 | ---- | M] () -- C:\Documents and Settings\Dan & Lisa Reichmann\My Documents\Credit2009.xls
[2010/01/01 23:42:05 | 00,001,780 | ---- | M] () -- C:\Documents and Settings\Dan & Lisa Reichmann\Desktop\HijackThis.lnk
[2009/12/30 20:44:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup WeekDay Scanner.job
[2009/12/27 14:17:32 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Dan & Lisa Reichmann\My Documents\Jumping off the track.doc
[2009/12/26 21:38:41 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Dan & Lisa Reichmann\My Documents\Hollee- post.doc
[2009/12/19 19:55:00 | 00,000,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/19 19:32:06 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Dan & Lisa Reichmann\Local Settings\Application Data\housecall.guid.cache
[2009/12/17 21:12:13 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Dan & Lisa Reichmann\My Documents\Shaare Torah Nursery Variance Request.doc
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/12 15:26:12 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Dan & Lisa Reichmann\Desktop\8cq82bjl.exe
[2010/01/07 20:29:06 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Dan & Lisa Reichmann\My Documents\Pre-Program Basebuilding.doc
[2010/01/01 23:42:05 | 00,001,780 | ---- | C] () -- C:\Documents and Settings\Dan & Lisa Reichmann\Desktop\HijackThis.lnk
[2009/12/29 06:58:08 | 00,124,928 | ---- | C] () -- C:\Documents and Settings\Dan & Lisa Reichmann\My Documents\Credit2009.xls
[2009/12/26 21:39:04 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Dan & Lisa Reichmann\My Documents\Jumping off the track.doc
[2009/12/25 21:11:44 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Dan & Lisa Reichmann\My Documents\Hollee- post.doc
[2009/12/19 19:55:00 | 00,000,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/19 19:32:06 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Dan & Lisa Reichmann\Local Settings\Application Data\housecall.guid.cache
[2009/12/16 20:12:20 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Dan & Lisa Reichmann\My Documents\Shaare Torah Nursery Variance Request.doc
[2009/01/25 19:23:21 | 00,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2009/01/25 19:23:21 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2008/03/28 14:40:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QTW.ini
[2007/10/23 12:17:07 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2007/04/26 13:46:41 | 00,000,066 | ---- | C] () -- C:\WINDOWS\ESPR200.ini
[2007/04/26 13:46:00 | 00,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2006/10/25 07:08:10 | 00,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/10/15 13:26:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/08/28 16:41:06 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2006/08/28 16:40:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2005/11/13 16:03:50 | 00,000,036 | ---- | C] () -- C:\WINDOWS\Webica.ini
[2005/10/26 19:42:46 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Dan & Lisa Reichmann\Application Data\dm.ini
[2005/10/26 19:42:45 | 00,000,885 | ---- | C] () -- C:\Documents and Settings\Dan & Lisa Reichmann\Application Data\AdobeDLM.log
[2005/10/13 15:51:26 | 00,000,259 | ---- | C] () -- C:\WINDOWS\WSOPDELX.INI
[2005/09/03 16:20:18 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/14 06:40:14 | 00,013,312 | ---- | C] () -- C:\Documents and Settings\Dan & Lisa Reichmann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/14 06:20:02 | 00,000,458 | ---- | C] () -- C:\Documents and Settings\Dan & Lisa Reichmann\Application Data\wklnhst.dat
[2005/05/22 01:48:34 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/22 01:48:34 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/22 01:48:34 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/22 01:48:34 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/22 01:48:34 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/22 01:48:34 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/22 01:31:44 | 00,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/02/12 03:33:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 08:16:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 08:10:08 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/13 13:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[1999/01/22 13:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 03:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/13 08:17:04 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/13 08:17:04 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 03:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/13 08:17:04 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/13 08:17:04 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 19:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

Extras.Txt:
OTL Extras logfile created on: 1/12/2010 3:28:11 PM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\Dan & Lisa Reichmann\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 699.00 Mb Available Physical Memory | 69.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.33 Gb Total Space | 26.78 Gb Free Space | 36.02% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: REICHMANNHP
Current User Name: Dan & Lisa Reichmann
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\8.0\ACDSee8.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access 0
"1701:TCP" = 1701:TCP:*:Enabled:MioNet Remote Drive Access 1
"1702:TCP" = 1702:TCP:*:Enabled:MioNet Remote Drive Access 2
"1703:TCP" = 1703:TCP:*:Enabled:MioNet Remote Drive Access 3
"1704:TCP" = 1704:TCP:*:Enabled:MioNet Remote Drive Access 4
"1705:TCP" = 1705:TCP:*:Enabled:MioNet Remote Drive Access 5
"1706:TCP" = 1706:TCP:*:Enabled:MioNet Remote Drive Access 6
"1707:TCP" = 1707:TCP:*:Enabled:MioNet Remote Drive Access 7
"1708:TCP" = 1708:TCP:*:Enabled:MioNet Remote Drive Access 8
"1709:TCP" = 1709:TCP:*:Enabled:MioNet Remote Drive Access 9
"1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification
"1647:TCP" = 1647:TCP:*:Enabled:MioNet Storage Device Configuration
"5432:UDP" = 5432:UDP:*:Enabled:MioNet Storage Device Discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\Microsoft Games\Rise of Nations\rise.exe" = C:\Program Files\Microsoft Games\Rise of Nations\rise.exe:*:Disabled:Rise of Nations -- (Big Huge Games, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- File not found
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\MioNet\MioNetManager.exe" = C:\Program Files\MioNet\MioNetManager.exe:*:Enabled:MioNetManager -- File not found
"C:\Program Files\MioNet\jvm\bin\MioNet.exe" = C:\Program Files\MioNet\jvm\bin\MioNet.exe:*:Enabled:MioNet -- File not found
"C:\Program Files\RayV\RayV\RayV.dll" = C:\Program Files\RayV\RayV\RayV.dll:*:Enabled:RayV -- (RayV)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02E22217-0E96-4C3F-B831-83AA942B7715}" = UserGuides
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0C7880D0-B759-43A2-BFA9-64E208B9535B}" = Hearts of Iron
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{15D91706-6ADF-44CF-9D7D-FF2D8ACD2C6F}" = LS_HSI
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2C5E4E9E-A2BD-4303-A66D-860B913615B2}" = Two Thrones
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 A3
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{534AA552-E1F1-4965-B2AA-FBDEB0730D60}" = muvee autoProducer 4.0 - SE
"{595ED82D-446E-4C0B-B327-216AE31E9471}" = TurboTax 2008 wmdiper
"{612DC38A-B36A-4699-88EB-12C7394DE2FC}" = TIxx21
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}" = Zone Deluxe Games
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8C4504A1-9280-11D5-9F7E-00902712427E}" = Sid Meier's SimGolf
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.7
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{AE7CB755-7C0B-4D11-8E5D-D6B6C1090A7B}" = Victoria
"{AE80641A-0C8D-4670-A518-B4EC154B1027}" = ACDSee 8
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{BE20E2F5-1903-4AAE-B1AF-2046E586C925}" = iTunes
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CA5DD6E1-B508-4922-815D-479E3228B17A}" = EU2 - Asian Chapter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 A2
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E378DDF0-1BD6-435B-817B-6F8E3FF437F1}" = Crown of the North
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Any Audio Converter_is1" = Any Audio Converter 1.1.0
"AVG8Uninstall" = AVG 8.5
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CSCLIB" = Canon Camera Support Core Library
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON Printer Software
"HijackThis" = HijackThis 2.0.2
"HP Pavillion dv4000 User Guides" = HP Pavillion dv4000 User Guides
"HP PrecisionScan LTX" = HP PrecisionScan LTX
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{612DC38A-B36A-4699-88EB-12C7394DE2FC}" = Texas Instruments PCIxx21/x515 drivers.
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{BE20E2F5-1903-4AAE-B1AF-2046E586C925}" = iTunes
"InterActual Player" = InterActual Player
"KodakImgV1" = Imaging for Windows® 2.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money 2005
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"MyCM_Deploy_0" = MyCM-POS 1.8.b3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa2" = Picasa 2
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RayV" = RayV
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"Scan-To-Web" = HP ScanJet Scan-to-Web Wizard
"TurboTax 2008" = TurboTax 2008
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World Series of Poker Deluxe Casion Pak" = World Series of Poker Deluxe Casion Pak
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Photos Drag-Drop Uploader 1v7" = Yahoo! Photos Easy Upload Tool 1v7
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZoneAlarm" = ZoneAlarm
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/8/2010 1:57:31 PM | Computer Name = REICHMANNHP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16945, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00010cd0.

Error - 1/8/2010 1:58:04 PM | Computer Name = REICHMANNHP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16945, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00010a19.

Error - 1/8/2010 2:51:50 PM | Computer Name = REICHMANNHP | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x65705133.

Error - 1/8/2010 9:33:57 PM | Computer Name = REICHMANNHP | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x75515143.

Error - 1/9/2010 9:29:41 AM | Computer Name = REICHMANNHP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 1/9/2010 9:29:45 AM | Computer Name = REICHMANNHP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 1/9/2010 9:29:48 AM | Computer Name = REICHMANNHP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 1/10/2010 7:16:45 PM | Computer Name = REICHMANNHP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16945, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00010a19.

Error - 1/11/2010 8:59:19 PM | Computer Name = REICHMANNHP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16945, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00010f20.

Error - 1/11/2010 9:00:36 PM | Computer Name = REICHMANNHP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16945, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00010a19.

[ System Events ]
Error - 1/8/2010 2:55:30 PM | Computer Name = REICHMANNHP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Intuit Update Service
service to connect.

Error - 1/8/2010 2:55:30 PM | Computer Name = REICHMANNHP | Source = Service Control Manager | ID = 7000
Description = The Intuit Update Service service failed to start due to the following
error: %%1053

Error - 1/8/2010 9:34:01 PM | Computer Name = REICHMANNHP | Source = Service Control Manager | ID = 7031
Description = The DCOM Server Process Launcher service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 1/8/2010 9:34:01 PM | Computer Name = REICHMANNHP | Source = Service Control Manager | ID = 7034
Description = The Terminal Services service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/8/2010 9:36:52 PM | Computer Name = REICHMANNHP | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0012F0A817B9. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 1/8/2010 9:37:08 PM | Computer Name = REICHMANNHP | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 1/8/2010 9:37:08 PM | Computer Name = REICHMANNHP | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 1/8/2010 9:37:40 PM | Computer Name = REICHMANNHP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Intuit Update Service
service to connect.

Error - 1/8/2010 9:37:40 PM | Computer Name = REICHMANNHP | Source = Service Control Manager | ID = 7000
Description = The Intuit Update Service service failed to start due to the following
error: %%1053

Error - 1/10/2010 8:26:22 PM | Computer Name = REICHMANNHP | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{E18321B7-1A95-47E8-93AE-D4F52B45E1BE}
because another computer on the network has the same name. The server could not
start.


< End of report >

Others coming shortly...
runrunlisa
Active Member
 
Posts: 11
Joined: January 2nd, 2010, 12:47 am

Re: Obviously in need of help - major redirect issues

Unread postby runrunlisa » January 12th, 2010, 7:51 pm

And here is the GMER file. Let me know if you need additional info. Thanks again!

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-12 18:46:35
Windows 5.1.2600 Service Pack 3
Running: 8cq82bjl.exe; Driver: C:\DOCUME~1\DAN&LI~1\LOCALS~1\Temp\fgrcykog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xA6652FC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xA664FC80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xA666A170]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xA6653580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xA6667900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xA6667B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xA666BB10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xA6653670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xA6650210]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xA666A9F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xA666A7A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xA6667280]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xA666AF10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xA666AF90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xA6650070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xA6669180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xA6668F40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xA666B6F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xA666B150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xA6652BE0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xA666B540]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xA6653190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xA6650440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xA666A4E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xA6668200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xA6668080]

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device -> \Driver\atapi \Device\Harddisk0\DR0 86CE7618

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----
runrunlisa
Active Member
 
Posts: 11
Joined: January 2nd, 2010, 12:47 am

Re: Obviously in need of help - major redirect issues

Unread postby shinybeast » January 13th, 2010, 11:29 pm

Hi runrunlisa,

Your computer has a deep-rooted infection. I suggest you back up important data before proceeding. There is a small chance things could go awry.


TDSSKiller

  • Click here to download TDSSKiller to your desktop.
  • Extract TDSSKiller.zip to your desktop so that TDSSKiller.exe is on your desktop (not in a folder).
    NOTE: Close all running programs as a reboot may be necessary.
  • Copy all the text in code box below.
    Code: Select all
    "%userprofile%\Desktop\TDSSKiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"
  • Click Start, click Run... and paste the above command in the Open: box and click OK.
  • Once the tool is finished, press any key to continue and allow the computer to reboot if necessary.
  • Locate the log, TDSSKiller.txt, on your desktop and post the contents of that log in your next reply.


OTL Quick Scan

  • Double-click OTL.exe to start the program
  • Click Quick Scan to start the scan
  • Once it is finished, a log will open (OTL.txt)
  • Please copy and paste the contents of OTL.txt in your next reply.


Test for redirects and include info on that, the TDSSKiller log and the OTL log in your next reply.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Obviously in need of help - major redirect issues

Unread postby runrunlisa » January 14th, 2010, 9:35 am

Thanks so much-- here is the text from TDSSKiller (others to follow):

08:33:16:437 1540 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
08:33:16:437 1540 ================================================================================
08:33:16:437 1540 SystemInfo:

08:33:16:437 1540 OS Version: 5.1.2600 ServicePack: 3.0
08:33:16:437 1540 Product type: Workstation
08:33:16:437 1540 ComputerName: REICHMANNHP
08:33:16:437 1540 UserName: Dan & Lisa Reichmann
08:33:16:437 1540 Windows directory: C:\WINDOWS
08:33:16:437 1540 Processor architecture: Intel x86
08:33:16:437 1540 Number of processors: 1
08:33:16:437 1540 Page size: 0x1000
08:33:16:453 1540 Boot type: Normal boot
08:33:16:453 1540 ================================================================================
08:33:16:468 1540 UnloadDriverW: NtUnloadDriver error 2
08:33:16:468 1540 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
08:33:16:468 1540 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
08:33:16:546 1540 UtilityInit: KLMD drop and load success
08:33:16:546 1540 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
08:33:16:546 1540 UtilityInit: KLMD open success
08:33:16:546 1540 UtilityInit: Initialize success
08:33:16:546 1540
08:33:16:546 1540 Scanning Services ...
08:33:16:546 1540 CreateRegParser: Registry parser init started
08:33:16:546 1540 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
08:33:16:546 1540 CreateRegParser: DisableWow64Redirection error
08:33:16:546 1540 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
08:33:16:546 1540 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
08:33:16:546 1540 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
08:33:16:546 1540 wfopen_ex: Trying to KLMD file open
08:33:16:546 1540 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
08:33:16:546 1540 wfopen_ex: File opened ok (Flags 2)
08:33:16:546 1540 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 274A10
08:33:16:546 1540 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
08:33:16:562 1540 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
08:33:16:562 1540 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
08:33:16:562 1540 wfopen_ex: Trying to KLMD file open
08:33:16:562 1540 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
08:33:16:562 1540 wfopen_ex: File opened ok (Flags 2)
08:33:16:562 1540 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 274AB8
08:33:16:562 1540 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
08:33:16:562 1540 CreateRegParser: EnableWow64Redirection error
08:33:16:562 1540 CreateRegParser: RegParser init completed
08:33:17:375 1540 GetAdvancedServicesInfo: Raw services enum returned 337 services
08:33:17:375 1540 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
08:33:17:375 1540 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
08:33:17:375 1540
08:33:17:375 1540 Scanning Kernel memory ...
08:33:17:375 1540 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
08:33:17:375 1540 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 86D60A08
08:33:17:375 1540 DetectCureTDL3: KLMD_GetDeviceObjectList returned 3 DevObjects
08:33:17:375 1540
08:33:17:375 1540 DetectCureTDL3: DEVICE_OBJECT: 86D33C68
08:33:17:375 1540 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86D33C68
08:33:17:375 1540 KLMD_ReadMem: Trying to ReadMemory 0x86D33C68[0x38]
08:33:17:375 1540 DetectCureTDL3: DRIVER_OBJECT: 86D60A08
08:33:17:375 1540 KLMD_ReadMem: Trying to ReadMemory 0x86D60A08[0xA8]
08:33:17:375 1540 KLMD_ReadMem: Trying to ReadMemory 0xE16E0550[0x18]
08:33:17:375 1540 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
08:33:17:375 1540 DetectCureTDL3: IrpHandler (0) addr: F7562BB0
08:33:17:375 1540 DetectCureTDL3: IrpHandler (1) addr: 804F355A
08:33:17:375 1540 DetectCureTDL3: IrpHandler (2) addr: F7562BB0
08:33:17:375 1540 DetectCureTDL3: IrpHandler (3) addr: F755CD1F
08:33:17:375 1540 DetectCureTDL3: IrpHandler (4) addr: F755CD1F
08:33:17:375 1540 DetectCureTDL3: IrpHandler (5) addr: 804F355A
08:33:17:375 1540 DetectCureTDL3: IrpHandler (6) addr: 804F355A
08:33:17:375 1540 DetectCureTDL3: IrpHandler (7) addr: 804F355A
08:33:17:375 1540 DetectCureTDL3: IrpHandler (8) addr: 804F355A
08:33:17:375 1540 DetectCureTDL3: IrpHandler (9) addr: F755D2E2
08:33:17:375 1540 DetectCureTDL3: IrpHandler (10) addr: 804F355A
08:33:17:375 1540 DetectCureTDL3: IrpHandler (11) addr: 804F355A
08:33:17:375 1540 DetectCureTDL3: IrpHandler (12) addr: 804F355A
08:33:17:375 1540 DetectCureTDL3: IrpHandler (13) addr: 804F355A
08:33:17:375 1540 DetectCureTDL3: IrpHandler (14) addr: F755D3BB
08:33:17:375 1540 DetectCureTDL3: IrpHandler (15) addr: F7560F28
08:33:17:375 1540 DetectCureTDL3: IrpHandler (16) addr: F755D2E2
08:33:17:375 1540 DetectCureTDL3: IrpHandler (17) addr: 804F355A
08:33:17:375 1540 DetectCureTDL3: IrpHandler (18) addr: 804F355A
08:33:17:375 1540 DetectCureTDL3: IrpHandler (19) addr: 804F355A
08:33:17:375 1540 DetectCureTDL3: IrpHandler (20) addr: 804F355A
08:33:17:375 1540 DetectCureTDL3: IrpHandler (21) addr: 804F355A
08:33:17:375 1540 DetectCureTDL3: IrpHandler (22) addr: F755EC82
08:33:17:375 1540 DetectCureTDL3: IrpHandler (23) addr: F756399E
08:33:17:375 1540 DetectCureTDL3: IrpHandler (24) addr: 804F355A
08:33:17:390 1540 DetectCureTDL3: IrpHandler (25) addr: 804F355A
08:33:17:390 1540 DetectCureTDL3: IrpHandler (26) addr: 804F355A
08:33:17:390 1540 TDL3_FileDetect: Processing driver: Disk
08:33:17:390 1540 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
08:33:17:390 1540 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
08:33:17:453 1540 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
08:33:17:453 1540
08:33:17:453 1540 DetectCureTDL3: DEVICE_OBJECT: 86D4CC68
08:33:17:453 1540 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86D4CC68
08:33:17:453 1540 KLMD_ReadMem: Trying to ReadMemory 0x86D4CC68[0x38]
08:33:17:453 1540 DetectCureTDL3: DRIVER_OBJECT: 86D60A08
08:33:17:453 1540 KLMD_ReadMem: Trying to ReadMemory 0x86D60A08[0xA8]
08:33:17:453 1540 KLMD_ReadMem: Trying to ReadMemory 0xE16E0550[0x18]
08:33:17:453 1540 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
08:33:17:453 1540 DetectCureTDL3: IrpHandler (0) addr: F7562BB0
08:33:17:453 1540 DetectCureTDL3: IrpHandler (1) addr: 804F355A
08:33:17:453 1540 DetectCureTDL3: IrpHandler (2) addr: F7562BB0
08:33:17:453 1540 DetectCureTDL3: IrpHandler (3) addr: F755CD1F
08:33:17:453 1540 DetectCureTDL3: IrpHandler (4) addr: F755CD1F
08:33:17:453 1540 DetectCureTDL3: IrpHandler (5) addr: 804F355A
08:33:17:453 1540 DetectCureTDL3: IrpHandler (6) addr: 804F355A
08:33:17:453 1540 DetectCureTDL3: IrpHandler (7) addr: 804F355A
08:33:17:453 1540 DetectCureTDL3: IrpHandler (8) addr: 804F355A
08:33:17:453 1540 DetectCureTDL3: IrpHandler (9) addr: F755D2E2
08:33:17:453 1540 DetectCureTDL3: IrpHandler (10) addr: 804F355A
08:33:17:453 1540 DetectCureTDL3: IrpHandler (11) addr: 804F355A
08:33:17:453 1540 DetectCureTDL3: IrpHandler (12) addr: 804F355A
08:33:17:453 1540 DetectCureTDL3: IrpHandler (13) addr: 804F355A
08:33:17:453 1540 DetectCureTDL3: IrpHandler (14) addr: F755D3BB
08:33:17:453 1540 DetectCureTDL3: IrpHandler (15) addr: F7560F28
08:33:17:453 1540 DetectCureTDL3: IrpHandler (16) addr: F755D2E2
08:33:17:453 1540 DetectCureTDL3: IrpHandler (17) addr: 804F355A
08:33:17:453 1540 DetectCureTDL3: IrpHandler (18) addr: 804F355A
08:33:17:453 1540 DetectCureTDL3: IrpHandler (19) addr: 804F355A
08:33:17:453 1540 DetectCureTDL3: IrpHandler (20) addr: 804F355A
08:33:17:453 1540 DetectCureTDL3: IrpHandler (21) addr: 804F355A
08:33:17:453 1540 DetectCureTDL3: IrpHandler (22) addr: F755EC82
08:33:17:453 1540 DetectCureTDL3: IrpHandler (23) addr: F756399E
08:33:17:453 1540 DetectCureTDL3: IrpHandler (24) addr: 804F355A
08:33:17:453 1540 DetectCureTDL3: IrpHandler (25) addr: 804F355A
08:33:17:453 1540 DetectCureTDL3: IrpHandler (26) addr: 804F355A
08:33:17:453 1540 TDL3_FileDetect: Processing driver: Disk
08:33:17:453 1540 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
08:33:17:453 1540 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
08:33:17:468 1540 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
08:33:17:468 1540
08:33:17:468 1540 DetectCureTDL3: DEVICE_OBJECT: 86D34AB8
08:33:17:468 1540 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86D34AB8
08:33:17:468 1540 DetectCureTDL3: DEVICE_OBJECT: 86D7C9E8
08:33:17:468 1540 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86D7C9E8
08:33:17:468 1540 DetectCureTDL3: DEVICE_OBJECT: 86D7CD98
08:33:17:468 1540 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86D7CD98
08:33:17:468 1540 KLMD_ReadMem: Trying to ReadMemory 0x86D7CD98[0x38]
08:33:17:468 1540 DetectCureTDL3: DRIVER_OBJECT: 86D5A938
08:33:17:468 1540 KLMD_ReadMem: Trying to ReadMemory 0x86D5A938[0xA8]
08:33:17:468 1540 KLMD_ReadMem: Trying to ReadMemory 0x86DC9030[0x38]
08:33:17:468 1540 KLMD_ReadMem: Trying to ReadMemory 0x86D377B8[0xA8]
08:33:17:468 1540 KLMD_ReadMem: Trying to ReadMemory 0xE16F03D8[0x1A]
08:33:17:468 1540 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
08:33:17:468 1540 DetectCureTDL3: IrpHandler (0) addr: 86CE7618
08:33:17:468 1540 DetectCureTDL3: IrpHandler (1) addr: 86CE7618
08:33:17:468 1540 DetectCureTDL3: IrpHandler (2) addr: 86CE7618
08:33:17:468 1540 DetectCureTDL3: IrpHandler (3) addr: 86CE7618
08:33:17:468 1540 DetectCureTDL3: IrpHandler (4) addr: 86CE7618
08:33:17:468 1540 DetectCureTDL3: IrpHandler (5) addr: 86CE7618
08:33:17:468 1540 DetectCureTDL3: IrpHandler (6) addr: 86CE7618
08:33:17:468 1540 DetectCureTDL3: IrpHandler (7) addr: 86CE7618
08:33:17:468 1540 DetectCureTDL3: IrpHandler (8) addr: 86CE7618
08:33:17:468 1540 DetectCureTDL3: IrpHandler (9) addr: 86CE7618
08:33:17:468 1540 DetectCureTDL3: IrpHandler (10) addr: 86CE7618
08:33:17:468 1540 DetectCureTDL3: IrpHandler (11) addr: 86CE7618
08:33:17:468 1540 DetectCureTDL3: IrpHandler (12) addr: 86CE7618
08:33:17:468 1540 DetectCureTDL3: IrpHandler (13) addr: 86CE7618
08:33:17:468 1540 DetectCureTDL3: IrpHandler (14) addr: 86CE7618
08:33:17:468 1540 DetectCureTDL3: IrpHandler (15) addr: 86CE7618
08:33:17:468 1540 DetectCureTDL3: IrpHandler (16) addr: 86CE7618
08:33:17:468 1540 DetectCureTDL3: IrpHandler (17) addr: 86CE7618
08:33:17:468 1540 DetectCureTDL3: IrpHandler (18) addr: 86CE7618
08:33:17:468 1540 DetectCureTDL3: IrpHandler (19) addr: 86CE7618
08:33:17:468 1540 DetectCureTDL3: IrpHandler (20) addr: 86CE7618
08:33:17:468 1540 DetectCureTDL3: IrpHandler (21) addr: 86CE7618
08:33:17:468 1540 DetectCureTDL3: IrpHandler (22) addr: 86CE7618
08:33:17:468 1540 DetectCureTDL3: IrpHandler (23) addr: 86CE7618
08:33:17:468 1540 DetectCureTDL3: IrpHandler (24) addr: 86CE7618
08:33:17:468 1540 DetectCureTDL3: IrpHandler (25) addr: 86CE7618
08:33:17:468 1540 DetectCureTDL3: IrpHandler (26) addr: 86CE7618
08:33:17:468 1540 DetectCureTDL3: All IRP handlers pointed to one addr: 86CE7618
08:33:17:468 1540 KLMD_ReadMem: Trying to ReadMemory 0x86CE7618[0x400]
08:33:17:468 1540 TDL3_IrpHookDetect: CheckParameters: 4, FFDF0308, 313, 101, 3, 89
08:33:17:468 1540 Driver "atapi" Irp handler infected by TDSS rootkit ... 08:33:17:468 1540 KLMD_WriteMem: Trying to WriteMemory 0x86CE767D[0xD]
08:33:17:468 1540 cured
08:33:17:468 1540 KLMD_ReadMem: Trying to ReadMemory 0x86CE74BF[0x400]
08:33:17:468 1540 TDL3_StartIoHookDetect: CheckParameters: 9, FFDF0308, 1
08:33:17:468 1540 Driver "atapi" StartIo handler infected by TDSS rootkit ... 08:33:17:468 1540 TDL3_StartIoHookCure: Number of patches 1
08:33:17:468 1540 KLMD_WriteMem: Trying to WriteMemory 0x86CE75B6[0x6]
08:33:17:468 1540 cured
08:33:17:468 1540 TDL3_FileDetect: Processing driver: atapi
08:33:17:468 1540 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
08:33:17:468 1540 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
08:33:17:484 1540 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Infected
08:33:17:484 1540 File C:\WINDOWS\system32\DRIVERS\atapi.sys infected by TDSS rootkit ... 08:33:17:484 1540 TDL3_FileCure: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
08:33:17:484 1540 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
08:33:17:515 1540 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\i386\driver.cab
08:33:17:640 1540 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\i386\sp2.cab
08:33:17:687 1540 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\i386\sp3.cab
08:33:17:734 1540 CabinetCallback: Backup candidate found: atapi.sys:96512, extracting..
08:33:17:890 1540 CabinetCallback: File extracted successfully: C:\DOCUME~1\DAN&LI~1\LOCALS~1\Temp\bck20.tmp
08:33:17:890 1540 ValidateDriverFile: Stage 1 passed
08:33:17:890 1540 ValidateDriverFile: Stage 2 passed
08:33:18:218 1540 DigitalSignVerifyByHandle: Embedded DS result: 800B0100
08:33:22:078 1540 DigitalSignVerifyByHandle: Cat DS result: 00000000
08:33:22:093 1540 ValidateDriverFile: Stage 3 passed
08:33:22:093 1540 CabinetCallback: File validated successfully, restore information prepared
08:33:22:093 1540 FindDriverFileBackup: Backup copy found in cab-file
08:33:22:093 1540 TDL3_FileCure: Backup copy found, using it..
08:33:22:093 1540 TDL3_FileCure: Dumping cured buffer to file C:\WINDOWS\system32\drivers\tsk21.tmp
08:33:22:171 1540 TDL3_FileCure: New / Old Image paths: (system32\drivers\tsk21.tmp, system32\drivers\atapi.sys)
08:33:22:171 1540 TDL3_FileCure: KLMD jobs schedule success
08:33:22:171 1540 will be cured on next reboot
08:33:22:171 1540 UtilityBootReinit: Reboot required for cure complete..
08:33:22:171 1540 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmdb.sys) returned status 00000000
08:33:22:171 1540 UtilityBootReinit: KLMD drop success
08:33:22:171 1540 KLMD_ApplyPendList: Pending buffer(1F99_58EB, 608) dropped successfully
08:33:22:171 1540 UtilityBootReinit: Cure on reboot scheduled successfully
08:33:22:171 1540
08:33:22:171 1540 Completed
08:33:22:171 1540
08:33:22:171 1540 Results:
08:33:22:171 1540 Memory objects infected / cured / cured on reboot: 2 / 2 / 0
08:33:22:171 1540 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
08:33:22:171 1540 File objects infected / cured / cured on reboot: 1 / 0 / 1
08:33:22:171 1540
08:33:22:171 1540 UnloadDriverW: NtUnloadDriver error 1
08:33:22:171 1540 KLMD_Unload: UnloadDriverW(klmd21) error 1
08:33:22:187 1540 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
08:33:22:187 1540 UtilityDeinit: KLMD(ARK) unloaded successfully
runrunlisa
Active Member
 
Posts: 11
Joined: January 2nd, 2010, 12:47 am

Re: Obviously in need of help - major redirect issues

Unread postby runrunlisa » January 14th, 2010, 9:55 am

OK, you officially rock! No more redirects. Here is the OTL log. Let me know if there is anything else I need to do. THANK YOU, THANK YOU, THANK YOU!

OTL logfile created on: 1/14/2010 8:48:06 AM - Run 3
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\Dan & Lisa Reichmann\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 473.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.33 Gb Total Space | 26.71 Gb Free Space | 35.94% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: REICHMANNHP
Current User Name: Dan & Lisa Reichmann
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Dan & Lisa Reichmann\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\RayV\RayV\RayV.exe (RayV)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
PRC - C:\Program Files\HPQ\Shared\hpqwmi.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe ()
PRC - C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe (Hewlett-Packard )
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
PRC - C:\Program Files\Apoint2K\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Dan & Lisa Reichmann\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (hpqwmi) -- C:\Program Files\HPQ\Shared\hpqwmi.exe (Hewlett-Packard Development Company, L.P.)
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe ()
SRV - (iPodService) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (727 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [\\REICHMANN-COMP\EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3B1E1AB9-98C2-4B7E-AE01-59C84302BBDB} http://update.rayv.com/viewer/webinstal ... ctivex.cab (RayVActiveXCtrl Object)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://webmail.gsa.gov/scoggemscm402/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://coupons.smartsource.com/download/cscmv5X.cab (CMV5 Class)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Fac ... oader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resour ... se8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.quickbooks.com/c15/v ... boax10.cab (QuickBooks Online Edition Utilities Class v10)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://www.winkflash.com/photo/loaders/ ... oader3.cab (Aurigma Image Uploader 3.0 Control)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/Fac ... der4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://webmail.gsa.gov/scoggemscm402/dwa7W.cab (Domino Web Access 7 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dan & Lisa Reichmann\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dan & Lisa Reichmann\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1b4778ee-9f25-11de-a257-0012f0a817b9}\Shell - "" = AutoRun
O33 - MountPoints2\{1b4778ee-9f25-11de-a257-0012f0a817b9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1b4778ee-9f25-11de-a257-0012f0a817b9}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{6905eae6-0bed-11de-a1c7-0012f0a817b9}\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
O33 - MountPoints2\{77126b87-a359-11dd-a138-0012f0a817b9}\Shell\AutoRun\command - "" = E:\wdsync.exe -- File not found
O33 - MountPoints2\{cefca114-765e-11dc-aadd-0012f0a817b9}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{cefca114-765e-11dc-aadd-0012f0a817b9}\Shell\Shell00\Command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{cefca114-765e-11dc-aadd-0012f0a817b9}\Shell\Shell01\Command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{cefca114-765e-11dc-aadd-0012f0a817b9}\Shell\Shell02\Command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/01/14 08:32:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan & Lisa Reichmann\Desktop\tdsskiller
[2010/01/13 08:44:14 | 00,176,392 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Dan & Lisa Reichmann\Desktop\TDSSKiller.exe
[2010/01/12 15:25:28 | 00,544,256 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan & Lisa Reichmann\Desktop\OTL.exe
[2010/01/01 23:42:02 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/06/29 07:40:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
[2009/02/16 12:50:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2009/02/16 12:50:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2008/09/13 23:49:46 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/09/13 08:55:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/05/03 07:25:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/05/03 07:25:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/14 08:46:04 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/14 08:46:03 | 00,350,196 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/01/14 08:43:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/14 08:43:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/14 08:43:39 | 10,637,68064 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/14 08:42:14 | 06,815,744 | -H-- | M] () -- C:\Documents and Settings\Dan & Lisa Reichmann\NTUSER.DAT
[2010/01/14 08:42:14 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Dan & Lisa Reichmann\ntuser.ini
[2010/01/14 08:40:49 | 47,806,987 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/14 08:40:49 | 00,139,041 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/14 08:32:23 | 00,176,392 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Dan & Lisa Reichmann\Desktop\TDSSKiller.exe
[2010/01/14 08:31:12 | 00,152,401 | ---- | M] () -- C:\Documents and Settings\Dan & Lisa Reichmann\Desktop\tdsskiller.zip
[2010/01/14 06:34:15 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/12 15:26:20 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Dan & Lisa Reichmann\Desktop\8cq82bjl.exe
[2010/01/12 15:25:38 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan & Lisa Reichmann\Desktop\OTL.exe
[2010/01/09 14:14:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekend Scanner.job
[2010/01/08 22:04:45 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Dan & Lisa Reichmann\My Documents\Pre-Program Basebuilding.doc
[2010/01/03 17:09:49 | 00,124,928 | ---- | M] () -- C:\Documents and Settings\Dan & Lisa Reichmann\My Documents\Credit2009.xls
[2010/01/01 23:42:05 | 00,001,780 | ---- | M] () -- C:\Documents and Settings\Dan & Lisa Reichmann\Desktop\HijackThis.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/14 08:31:12 | 00,152,401 | ---- | C] () -- C:\Documents and Settings\Dan & Lisa Reichmann\Desktop\tdsskiller.zip
[2010/01/12 15:26:12 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Dan & Lisa Reichmann\Desktop\8cq82bjl.exe
[2010/01/07 20:29:06 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Dan & Lisa Reichmann\My Documents\Pre-Program Basebuilding.doc
[2010/01/01 23:42:05 | 00,001,780 | ---- | C] () -- C:\Documents and Settings\Dan & Lisa Reichmann\Desktop\HijackThis.lnk
[2009/12/19 19:32:06 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Dan & Lisa Reichmann\Local Settings\Application Data\housecall.guid.cache
[2009/01/25 19:23:21 | 00,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2009/01/25 19:23:21 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2008/03/28 14:40:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QTW.ini
[2007/10/23 12:17:07 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2007/04/26 13:46:41 | 00,000,066 | ---- | C] () -- C:\WINDOWS\ESPR200.ini
[2007/04/26 13:46:00 | 00,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2006/10/25 07:08:10 | 00,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/10/15 13:26:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/08/28 16:41:06 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2006/08/28 16:40:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2005/11/13 16:03:50 | 00,000,036 | ---- | C] () -- C:\WINDOWS\Webica.ini
[2005/10/26 19:42:46 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Dan & Lisa Reichmann\Application Data\dm.ini
[2005/10/26 19:42:45 | 00,000,885 | ---- | C] () -- C:\Documents and Settings\Dan & Lisa Reichmann\Application Data\AdobeDLM.log
[2005/10/13 15:51:26 | 00,000,259 | ---- | C] () -- C:\WINDOWS\WSOPDELX.INI
[2005/09/03 16:20:18 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/14 06:40:14 | 00,013,312 | ---- | C] () -- C:\Documents and Settings\Dan & Lisa Reichmann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/14 06:20:02 | 00,000,458 | ---- | C] () -- C:\Documents and Settings\Dan & Lisa Reichmann\Application Data\wklnhst.dat
[2005/05/22 01:48:34 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/22 01:48:34 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/22 01:48:34 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/22 01:48:34 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/22 01:48:34 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/22 01:48:34 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/22 01:31:44 | 00,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/02/12 03:33:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 08:16:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 08:10:08 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/13 13:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[1999/01/22 13:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2006/01/22 17:11:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/06/30 05:37:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2007/09/23 07:18:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/03/09 04:36:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2005/05/22 01:57:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2006/01/22 17:39:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan & Lisa Reichmann\Application Data\ACD Systems
[2008/05/03 16:09:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan & Lisa Reichmann\Application Data\AVGTOOLBAR
[2007/10/10 07:00:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan & Lisa Reichmann\Application Data\CVS
[2005/11/13 16:17:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan & Lisa Reichmann\Application Data\ICAClient
[2006/08/28 16:38:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan & Lisa Reichmann\Application Data\InterTrust
[2005/08/30 18:25:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan & Lisa Reichmann\Application Data\InterVideo
[2006/10/07 20:21:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan & Lisa Reichmann\Application Data\Leadertech
[2009/09/12 05:49:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan & Lisa Reichmann\Application Data\RayV
[2008/03/16 08:02:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan & Lisa Reichmann\Application Data\Smilebox
[2007/11/18 14:01:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan & Lisa Reichmann\Application Data\Snapfish
[2005/08/14 06:39:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan & Lisa Reichmann\Application Data\Template
[2007/10/13 19:03:49 | 00,001,050 | -H-- | M] () -- C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job

========== Purity Check ==========


< End of report >
runrunlisa
Active Member
 
Posts: 11
Joined: January 2nd, 2010, 12:47 am

Re: Obviously in need of help - major redirect issues

Unread postby shinybeast » January 15th, 2010, 1:27 pm

Hi runrunlisa,

You are very welcome :)

That seems to have killed it.

Let's clean up some things and check for leftovers.


OTL

  • Double-click OTL.exe to start the program
  • Copy all of the text in the code box below and paste it in the white area under Custom Scans/Fixes (under the cyan line at the bottom of the window)
    Code: Select all
    :otl
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://coupons.smartsource.com/download/cscmv5X.cab (CMV5 Class)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
    
    :commands
    [emptytemp]
  • Close all running programs except for OTL, including all browser windows.
  • Then click Run Fix at the top of the window.
  • Once done, OTL will require a reboot. Please allow it.
  • After reboot, the log should open. Please save the log and post it in your next reply.


Update and Scan with MalwareBytes'

  • Start MalwareBytes' Anti-Malware (MBAM)
  • Click the Update tab, then click Check for Updates button
  • Allow MBAM to check for and download updates, then click OK
  • Click the Scanner tab and select (tick) Perform full scan
  • Click Scan to start then scan.
  • When it finishes, click OK in the window that pops up and then click Show Results in the main window
  • Check all items EXCEPT items in the C:\System Volume Information folder... then click on Remove Selected.
  • When the removal is complete, a logfile will open. Please copy and paste the entire contents of the logfile in your next reply. See NOTE below
  • If necessary, the logfile can also be accessed by running Malwarebytes' and clicking the Log tab. Double-click the current log to open it.
NOTE: If Malwarebytes' encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let it proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent Malwarebytes' from removing all the malware.


ESET Online Scanner

Note: You will need to disable your Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Please post the OTL log, the Malwarebytes log and the ESET log in your next reply.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: Obviously in need of help - major redirect issues

Unread postby runrunlisa » January 17th, 2010, 10:20 pm

Thanks-- here are the first two:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Starting removal of ActiveX control {549F957E-2F89-11D6-8CFE-00C04F52B225}
C:\WINDOWS\Downloaded Program Files\CpnMgr.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{549F957E-2F89-11D6-8CFE-00C04F52B225}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549F957E-2F89-11D6-8CFE-00C04F52B225}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{549F957E-2F89-11D6-8CFE-00C04F52B225}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549F957E-2F89-11D6-8CFE-00C04F52B225}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dan & Lisa Reichmann
->Temp folder emptied: 622632996 bytes
->Temporary Internet Files folder emptied: 128293849 bytes
->Java cache emptied: 27310765 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 87275004 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 19383825 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 118174347 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23944122 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 59796865 bytes
RecycleBin emptied: 3033495307 bytes

Total Files Cleaned = 3,930.00 mb


OTL by OldTimer - Version 3.1.24.0 log created on 01172010_141551

Files\Folders moved on Reboot...
C:\Documents and Settings\Dan & Lisa Reichmann\Local Settings\Temp\~DF55B5.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT001e4.TMP not found!

Registry entries deleted on Reboot...

Malwarebytes' Anti-Malware 1.44
Database version: 3584
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

1/17/2010 8:10:02 PM
mbam-log-2010-01-17 (20-10-01).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 240162
Time elapsed: 1 hour(s), 55 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Other to come shortly...
runrunlisa
Active Member
 
Posts: 11
Joined: January 2nd, 2010, 12:47 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 51 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware