Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan.Goldun


  • Please log in to reply
9 replies to this topic

#1 tooyummy4u

tooyummy4u

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 18 October 2009 - 12:02 PM

Weird, it also seems to affect my keyboard also. This is a brand new out of the box keyboard too. Thanks in advance for your help.

Tooy

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:36 PM

Posted 18 October 2009 - 12:17 PM

Hello tooyummy4u

Welcome to Welcome to BleepingComputer :(
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 tooyummy4u

tooyummy4u
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 18 October 2009 - 12:54 PM

Weird, it also seems to affect my keyboard also. This is a brand new out of the box keyboard too. Thanks in advance for your help.

Tooy


Thanks for your speedy reply. Here is the first file:

OTL logfile created on: 10/18/2009 1:34:15 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\TooYummy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 66.91% Memory free
3.85 Gb Paging File | 3.33 Gb Available in Paging File | 86.49% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 56.73 Gb Free Space | 50.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOBLPRINT
Current User Name: TooYummy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\TooYummy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
PRC - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wudfhost.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\ZuneBusEnum.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [Disabled | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LVCOMSer [Disabled | Stopped]) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVSrvLauncher [Disabled | Stopped]) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (Norton Internet Security [Auto | Running]) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe (Symantec Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (Pml Driver HPZ12 [Disabled | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (ZuneBusEnum [Auto | Running]) -- C:\WINDOWS\System32\ZuneBusEnum.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc [On_Demand | Stopped]) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (ZuneWlanCfgSvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\ZuneWlanCfgSvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (aslm75 [System | Running]) -- C:\WINDOWS\System32\drivers\aslm75.sys ()
DRV - (BHDrvx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\BHDrvx86.sys (Symantec Corporation)
DRV - (CamDrL [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Camdrl.sys (Logitech Inc.)
DRV - (ccHP [System | Running]) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\ccHPx86.sys (Symantec Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EL2000 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\EL2K_XP.sys (3Com Corporation)
DRV - (elagopro [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\elagopro.sys (Gteko Ltd.)
DRV - (elaunidr [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\elaunidr.sys (Gteko Ltd.)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (HPZid412 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (IDSxpx86 [System | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090916.003\IDSxpx86.sys (Symantec Corporation)
DRV - (LBeepKE [Auto | Running]) -- C:\WINDOWS\System32\Drivers\LBeepKE.sys (Logitech Inc.)
DRV - (LHidKe [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LHidKE.Sys (Logitech Inc.)
DRV - (LHidUsbK [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\LHidUsbK.Sys (Logitech Inc.)
DRV - (LMouKE [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys (Logitech Inc.)
DRV - (LVcKap [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\LVcKap.sys (Logitech Inc.)
DRV - (LVMVDrv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys (Logitech Inc.)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVUSBSta [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (NAVENG [On_Demand | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091018.003\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091018.003\NAVEX15.SYS (Symantec Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (pcouffin [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (SRTSP [System | Running]) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\system32\drivers\NIS\1007020.00B\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEFA [Boot | Running]) -- C:\WINDOWS\system32\drivers\NIS\1007020.00B\SYMEFA.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMIDS.SYS (Symantec Corporation)
DRV - (SymIM [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (SymIMMP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMTDI.SYS (Symantec Corporation)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (WinUSB [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\WinUSB.sys (Microsoft Corporation)
DRV - (zumbus [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\zumbus.sys (Microsoft Corporation)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 78 CE C2 03 EE 7E 95 40 8C E7 AD 55 FA 40 55 71 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/23 13:27:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/23 15:04:54 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\System32\dmconfig32.dll) - C:\WINDOWS\System32\dmconfig32.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\__c00A32C1: DllName - C:\WINDOWS\system32\__c00A32C1.dat - C:\WINDOWS\System32\__c00A32C1.dat (Sophos Plc)
O20 - Winlogon\Notify\8e129d0687: DllName - C:\WINDOWS\System32\dmconfig32.dll - C:\WINDOWS\System32\dmconfig32.dll ()
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/22 21:35:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3b1ff86f-8f88-11de-9c55-82d676bac608}\Shell\AutoRun\command - "" = F:\LinksysConnectPC.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/10/07 20:41:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8737778F-82C6-4680-A660-E8B2B8C8C22B}
[2009/10/07 20:41:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}
[2009/10/07 20:41:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{C1D59375-A181-4409-8AA2-9116026536CD}
[2009/10/07 20:42:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{D9AA4D17-9292-410D-9AA5-84526D062900}
[2009/10/17 18:49:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/10/04 10:02:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2009/10/17 15:49:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/10/18 12:54:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/10/17 16:10:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TooYummy\Application Data\Nero
[2009/10/07 20:42:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TooYummy\Application Data\Stamps.com Internet Postage
[2009/10/17 16:49:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TooYummy\Application Data\Vso
[2009/10/17 12:30:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TooYummy\Application Data\WinRAR
[2009/10/07 20:40:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TooYummy\Local Settings\Application Data\Seven Zip
[2009/10/17 18:42:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/10/17 18:49:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2009/10/17 15:49:27 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2009/10/17 19:10:25 | 00,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2009/09/26 22:08:42 | 00,000,000 | ---D | C] -- C:\Program Files\Coupons
[2009/10/17 15:24:18 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/10/17 16:14:54 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/10/07 20:40:57 | 00,000,000 | ---D | C] -- C:\Program Files\Stamps.com Internet Postage
[2009/10/18 11:09:06 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/17 12:26:00 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/10/18 12:54:37 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2009/10/18 13:29:15 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TooYummy\Desktop\OTL.exe
[2009/10/18 12:30:14 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\TooYummy\Desktop\RootRepeal.exe
[2009/10/18 11:37:14 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\TooYummy\Desktop\ATF-Cleaner.exe
[2009/10/18 11:18:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TooYummy\Desktop\backups
[2009/10/18 11:11:37 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\TooYummy\Desktop\HiJackThis.exe
[2009/10/18 06:38:12 | 00,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/10/18 06:38:12 | 00,215,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2009/10/18 06:38:12 | 00,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/10/17 20:17:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TooYummy\My Documents\Kaplan College First Semester
[2009/10/17 20:03:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TooYummy\My Documents\Adobe Professional Crack 8.0-2009
[2009/10/17 19:05:08 | 00,028,672 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\__c00A32C1.dat
[2009/10/17 18:50:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TooYummy\My Documents\Updater5
[2009/10/17 18:44:13 | 00,000,000 | -HSD | C] -- C:\WINDOWS\System32\LocalService
[2009/10/17 16:49:37 | 00,047,360 | ---- | C] (VSO Software) -- C:\WINDOWS\System32\drivers\pcouffin.sys
[2009/10/17 16:49:37 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\TooYummy\Application Data\pcouffin.sys
[2009/10/17 16:49:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TooYummy\My Documents\PcSetup
[2009/10/17 16:49:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TooYummy\My Documents\DVDFab
[2009/10/17 15:46:29 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2009/10/17 12:12:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TooYummy\Desktop\Homework
[2009/10/07 06:34:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/10/07 05:12:52 | 00,087,344 | ---- | C] (Prolific Technology Inc.) -- C:\WINDOWS\System32\IoctlSvc.exe
[2009/09/26 22:09:05 | 00,202,072 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2009/09/26 22:08:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cache

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/10/18 13:31:48 | 00,003,010 | -HS- | M] () -- C:\Documents and Settings\TooYummy\Application Data\02000000b4487b13687P.manifest
[2009/10/18 13:29:18 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TooYummy\Desktop\OTL.exe
[2009/10/18 13:01:00 | 00,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2009/10/18 12:56:02 | 00,004,338 | ---- | M] () -- C:\Documents and Settings\TooYummy\Desktop\ark.zip
[2009/10/18 12:55:51 | 00,002,651 | ---- | M] () -- C:\Documents and Settings\TooYummy\Desktop\Attach.zip
[2009/10/18 12:45:01 | 00,003,479 | ---- | M] () -- C:\Documents and Settings\TooYummy\Desktop\DDS.zip
[2009/10/18 12:33:20 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\TooYummy\Desktop\settings.dat
[2009/10/18 12:30:53 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\TooYummy\Desktop\RootRepeal.exe
[2009/10/18 11:38:14 | 07,280,672 | ---- | M] () -- C:\Documents and Settings\TooYummy\Desktop\SUPERAntiSpyware.exe
[2009/10/18 11:37:14 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\TooYummy\Desktop\ATF-Cleaner.exe
[2009/10/18 11:35:13 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\TooYummy\Desktop\SDFix.exe
[2009/10/18 11:21:52 | 00,005,609 | -HS- | M] () -- C:\Documents and Settings\TooYummy\Application Data\02000000b4487b13687C.manifest
[2009/10/18 11:21:40 | 00,000,011 | -HS- | M] () -- C:\Documents and Settings\TooYummy\Application Data\02000000b4487b13687S.manifest
[2009/10/18 11:21:32 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/18 11:21:32 | 00,000,621 | -HS- | M] () -- C:\Documents and Settings\TooYummy\Application Data\02000000b4487b13687O.manifest
[2009/10/18 11:21:30 | 00,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/10/18 11:21:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/18 11:21:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/18 11:11:39 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\TooYummy\Desktop\HiJackThis.exe
[2009/10/18 11:09:08 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\TooYummy\Desktop\HijackThis.lnk
[2009/10/18 09:00:00 | 00,000,660 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - TooYummy - Music Scan.job
[2009/10/18 05:00:00 | 00,000,426 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - TooYummy - Full System Scan.job
[2009/10/18 02:19:00 | 00,000,456 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2009/10/17 21:36:53 | 00,000,394 | ---- | M] () -- C:\xcrashdump.dat
[2009/10/17 20:51:10 | 00,406,550 | ---- | M] () -- C:\WINDOWS\System32\raidmg.dll
[2009/10/17 20:50:38 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 8 Professional.lnk
[2009/10/17 19:35:58 | 00,000,016 | ---- | M] () -- C:\WINDOWS\System32\api.dat
[2009/10/17 19:35:57 | 00,097,792 | ---- | M] () -- C:\WINDOWS\System32\kbdatat4.dll
[2009/10/17 19:12:40 | 00,122,368 | ---- | M] () -- C:\WINDOWS\System32\dmocx32.dll
[2009/10/17 19:10:19 | 00,000,862 | ---- | M] () -- C:\Documents and Settings\TooYummy\Desktop\FrostWire 4.18.3.lnk
[2009/10/17 19:05:50 | 00,028,672 | ---- | M] (Sophos Plc) -- C:\WINDOWS\System32\__c00A32C1.dat
[2009/10/17 19:03:04 | 00,200,192 | ---- | M] () -- C:\WINDOWS\System32\bcsprsrc32.dll
[2009/10/17 19:02:21 | 00,122,368 | ---- | M] () -- C:\WINDOWS\System32\cnvfat32.dll
[2009/10/17 18:56:17 | 00,120,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/17 18:53:26 | 00,021,120 | ---- | M] () -- C:\Documents and Settings\TooYummy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/17 18:52:28 | 00,018,692 | ---- | M] () -- C:\WINDOWS\GnuHashes.ini
[2009/10/17 18:52:21 | 00,122,368 | ---- | M] () -- C:\WINDOWS\System32\eapqec32.dll
[2009/10/17 18:51:18 | 00,122,368 | ---- | M] () -- C:\WINDOWS\System32\dx7vb32.dll
[2009/10/17 18:50:35 | 00,122,368 | ---- | M] () -- C:\WINDOWS\System32\glu3232.dll
[2009/10/17 18:44:14 | 00,001,530 | -HS- | M] () -- C:\WINDOWS\System32\GroupPolicy000.dat
[2009/10/17 18:44:09 | 00,122,368 | ---- | M] () -- C:\WINDOWS\System32\dmusic32.dll
[2009/10/17 18:44:05 | 00,122,368 | ---- | M] () -- C:\WINDOWS\System32\dmconfig32.dll
[2009/10/17 17:41:24 | 00,087,608 | ---- | M] () -- C:\Documents and Settings\TooYummy\Application Data\inst.exe
[2009/10/17 17:41:24 | 00,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\TooYummy\Application Data\pcouffin.sys
[2009/10/17 17:41:24 | 00,007,887 | ---- | M] () -- C:\Documents and Settings\TooYummy\Application Data\pcouffin.cat
[2009/10/17 17:41:24 | 00,001,144 | ---- | M] () -- C:\Documents and Settings\TooYummy\Application Data\pcouffin.inf
[2009/10/17 16:49:37 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\drivers\pcouffin.sys
[2009/10/15 20:51:46 | 00,501,230 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/15 20:51:46 | 00,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/15 20:51:46 | 00,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/15 20:47:15 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/07 20:51:53 | 00,000,036 | -H-- | M] () -- C:\WINDOWS\System32\f9t.dat
[2009/10/07 20:42:32 | 00,000,765 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Stamps.com.lnk
[2009/10/07 05:12:52 | 00,087,344 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\System32\IoctlSvc.exe
[2009/10/04 10:03:43 | 00,001,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2009/10/04 09:50:12 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\TooYummy\Desktop\GREGORY BUDGET-2009.xls
[2009/10/02 14:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/09/26 22:09:05 | 00,202,072 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2009/09/19 08:22:07 | 00,039,936 | ---- | M] () -- C:\Documents and Settings\TooYummy\My Documents\Dunn+New+2008+Resume.doc

========== Files - No Company Name ==========
[2009/10/18 12:56:02 | 00,004,338 | ---- | C] () -- C:\Documents and Settings\TooYummy\Desktop\ark.zip
[2009/10/18 12:55:51 | 00,002,651 | ---- | C] () -- C:\Documents and Settings\TooYummy\Desktop\Attach.zip
[2009/10/18 12:45:01 | 00,003,479 | ---- | C] () -- C:\Documents and Settings\TooYummy\Desktop\DDS.zip
[2009/10/18 12:30:56 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\TooYummy\Desktop\settings.dat
[2009/10/18 11:38:05 | 07,280,672 | ---- | C] () -- C:\Documents and Settings\TooYummy\Desktop\SUPERAntiSpyware.exe
[2009/10/18 11:35:08 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\TooYummy\Desktop\SDFix.exe
[2009/10/18 11:09:07 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\TooYummy\Desktop\HijackThis.lnk
[2009/10/17 20:56:12 | 00,000,394 | ---- | C] () -- C:\xcrashdump.dat
[2009/10/17 19:35:58 | 00,000,016 | ---- | C] () -- C:\WINDOWS\System32\api.dat
[2009/10/17 19:35:57 | 00,406,550 | ---- | C] () -- C:\WINDOWS\System32\raidmg.dll
[2009/10/17 19:35:57 | 00,097,792 | ---- | C] () -- C:\WINDOWS\System32\kbdatat4.dll
[2009/10/17 19:12:40 | 00,122,368 | ---- | C] () -- C:\WINDOWS\System32\dmocx32.dll
[2009/10/17 19:10:33 | 00,000,240 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2009/10/17 19:10:19 | 00,000,862 | ---- | C] () -- C:\Documents and Settings\TooYummy\Desktop\FrostWire 4.18.3.lnk
[2009/10/17 19:03:04 | 00,200,192 | ---- | C] () -- C:\WINDOWS\System32\bcsprsrc32.dll
[2009/10/17 19:02:20 | 00,122,368 | ---- | C] () -- C:\WINDOWS\System32\cnvfat32.dll
[2009/10/17 18:52:28 | 00,018,692 | ---- | C] () -- C:\WINDOWS\GnuHashes.ini
[2009/10/17 18:52:21 | 00,122,368 | ---- | C] () -- C:\WINDOWS\System32\eapqec32.dll
[2009/10/17 18:51:18 | 00,122,368 | ---- | C] () -- C:\WINDOWS\System32\dx7vb32.dll
[2009/10/17 18:50:35 | 00,122,368 | ---- | C] () -- C:\WINDOWS\System32\glu3232.dll
[2009/10/17 18:47:03 | 00,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 8 Professional.lnk
[2009/10/17 18:44:14 | 00,001,530 | -HS- | C] () -- C:\WINDOWS\System32\GroupPolicy000.dat
[2009/10/17 18:44:09 | 00,122,368 | ---- | C] () -- C:\WINDOWS\System32\dmusic32.dll
[2009/10/17 18:44:08 | 00,005,609 | -HS- | C] () -- C:\Documents and Settings\TooYummy\Application Data\02000000b4487b13687C.manifest
[2009/10/17 18:44:08 | 00,003,010 | -HS- | C] () -- C:\Documents and Settings\TooYummy\Application Data\02000000b4487b13687P.manifest
[2009/10/17 18:44:08 | 00,000,621 | -HS- | C] () -- C:\Documents and Settings\TooYummy\Application Data\02000000b4487b13687O.manifest
[2009/10/17 18:44:08 | 00,000,011 | -HS- | C] () -- C:\Documents and Settings\TooYummy\Application Data\02000000b4487b13687S.manifest
[2009/10/17 18:44:05 | 00,122,368 | ---- | C] () -- C:\WINDOWS\System32\dmconfig32.dll
[2009/10/17 16:49:45 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\TooYummy\Application Data\pcouffin.log
[2009/10/17 16:49:37 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\TooYummy\Application Data\inst.exe
[2009/10/17 16:49:37 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\TooYummy\Application Data\pcouffin.cat
[2009/10/17 16:49:37 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\TooYummy\Application Data\pcouffin.inf
[2009/10/07 20:42:32 | 00,000,765 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Stamps.com.lnk
[2009/10/07 20:40:57 | 00,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2009/10/04 10:02:11 | 00,001,781 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2009/10/04 09:16:08 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\TooYummy\Desktop\GREGORY BUDGET-2009.xls
[2009/09/19 08:22:06 | 00,039,936 | ---- | C] () -- C:\Documents and Settings\TooYummy\My Documents\Dunn+New+2008+Resume.doc
[2009/08/23 17:28:16 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\drivers\service.ini
[2009/08/23 17:11:02 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/23 16:15:14 | 00,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2009/08/23 16:11:41 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2009/08/23 14:33:42 | 00,000,131 | ---- | C] () -- C:\Documents and Settings\TooYummy\Local Settings\Application Data\fusioncache.dat
[2009/08/23 13:38:38 | 00,000,849 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/23 12:02:00 | 00,021,120 | ---- | C] () -- C:\Documents and Settings\TooYummy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/22 21:55:13 | 05,882,718 | -H-- | C] () -- C:\Documents and Settings\TooYummy\Local Settings\Application Data\IconCache.db
[2009/08/22 21:51:42 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\TooYummy\Application Data\desktop.ini
[2009/08/22 17:14:23 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/05/16 14:01:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 14:01:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 14:01:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 14:01:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 14:01:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/07/18 17:42:42 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/02/03 08:59:04 | 00,050,127 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2003/03/31 08:00:00 | 00,000,668 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/03/31 08:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

========== LOP Check ==========

[2009/10/18 12:54:45 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/10/07 20:41:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8737778F-82C6-4680-A660-E8B2B8C8C22B}
[2009/10/07 20:41:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}
[2009/10/07 20:41:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{C1D59375-A181-4409-8AA2-9116026536CD}
[2009/10/07 20:42:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{D9AA4D17-9292-410D-9AA5-84526D062900}
[2009/08/23 18:26:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/10/17 18:49:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/08/23 17:59:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2009/10/04 10:02:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2009/09/04 19:35:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/09/04 19:34:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/08/23 18:19:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/08/23 17:51:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/10/18 12:55:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/10/17 18:44:08 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\TooYummy\Application Data
[2009/08/23 11:29:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TooYummy\Application Data\Blitware
[2009/09/11 21:58:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TooYummy\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/08/23 18:19:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TooYummy\Application Data\DriverCure
[2009/10/17 19:47:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TooYummy\Application Data\FrostWire
[2009/08/23 12:51:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TooYummy\Application Data\Leadertech
[2009/08/23 17:21:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TooYummy\Application Data\OfficeUpdate12
[2009/10/07 20:42:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TooYummy\Application Data\Stamps.com Internet Postage
[2009/10/17 17:41:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TooYummy\Application Data\Vso
[2003/03/31 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/18 02:19:00 | 00,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
[2009/10/18 09:00:00 | 00,000,660 | ---- | M] () -- C:\WINDOWS\Tasks\Norton AntiVirus - TooYummy - Music Scan.job
[2009/10/18 05:00:00 | 00,000,426 | ---- | M] () -- C:\WINDOWS\Tasks\Norton Internet Security - TooYummy - Full System Scan.job
[2009/10/18 11:21:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/18 13:01:00 | 00,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========


< End of report >

Below is the extras file:

OTL Extras logfile created on: 10/18/2009 1:34:15 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\TooYummy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 66.91% Memory free
3.85 Gb Paging File | 3.33 Gb Available in Paging File | 86.49% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 56.73 Gb Free Space | 50.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOBLPRINT
Current User Name: TooYummy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Linksys Driver\WRT600N Setup Wizard v1.01\SetupWizard.exe" = C:\Linksys Driver\WRT600N Setup Wizard v1.01\SetupWizard.exe:*:Enabled:Setup Wizard of WRT600N -- (Linksys)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{72E67064-A144-42A6-BC85-12276B2D5D42}" = 2400_2500Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B957F8D-FBDE-4DB4-99E7-192487575050}" = 23_24_2500Tour
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9AD84892-7664-479C-8F95-7A25B964B04D}" = 2400_2500trb
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}" = WinZip 14.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4C9170-F517-42EB-A5CB-F16DE610315A}" = Stamps.com Application Support for Microsoft Outlook 2000, 2002, 2003
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D61C1058-EDC7-48D0-85B2-B322BE385059}" = Stamps.com Address Book Support for Microsoft Outlook 97-2007
"{DAD4DE93-9438-4823-AE5E-93A1BE846FE0}" = Stamps.com Application Support for Microsoft Word 2000, 2002, 2003
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}" = KhalSetup
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FBCFA617-1856-4BE2-BA3C-BADD374757E7}" = 2500
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.7 Professional
"Adobe Acrobat 8 Professional - English, Français, Deutsch_817" = Adobe Acrobat 8.1.7 - CPSID_50029
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0042)
"FrostWire" = FrostWire 4.18.3
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.2
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"QcDrv" = Logitech® Camera Driver
"Stamps.com" = Stamps.com
"Stamps.com support for Microsoft Outlook 2000-2007" = Stamps.com support for Microsoft Outlook 2000-2007
"Stamps.com support for Microsoft Outlook 97-2007" = Stamps.com support for Microsoft Outlook 97-2007
"Stamps.com support for Microsoft Word 2000-2007" = Stamps.com support for Microsoft Word 2000-2007
"SystemRequirementsLab" = System Requirements Lab
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Yahoo! Messenger" = Yahoo! Messenger
"Zune" = Zune

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/30/2009 5:48:18 PM | Computer Name = HOBLPRINT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/1/2009 6:16:33 PM | Computer Name = HOBLPRINT | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 10/1/2009 8:13:24 PM | Computer Name = HOBLPRINT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10c.ocx, version 10.0.32.18, fault address 0x000a147b.

Error - 10/1/2009 8:13:28 PM | Computer Name = HOBLPRINT | Source = Application Error | ID = 1001
Description = Fault bucket 1391830422.

Error - 10/7/2009 9:39:13 PM | Computer Name = HOBLPRINT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10c.ocx, version 10.0.32.18, fault address 0x00189f4f.

Error - 10/7/2009 9:40:17 PM | Computer Name = HOBLPRINT | Source = Application Error | ID = 1001
Description = Fault bucket 1390869898.

Error - 10/13/2009 8:01:20 PM | Computer Name = HOBLPRINT | Source = MsiInstaller | ID = 1013
Description = Product: Adobe Reader 9.2 -- A process is running that cannot be shut
down by Setup. Please either close all applications and run Setup again, or restart
your computer and run Setup again.

Error - 10/17/2009 6:44:21 PM | Computer Name = HOBLPRINT | Source = Application Error | ID = 1000
Description = Faulting application patch.by.dbc.exe, version 0.0.0.0, faulting module
patch.by.dbc.exe, version 0.0.0.0, fault address 0x00001b11.

Error - 10/17/2009 7:56:41 PM | Computer Name = HOBLPRINT | Source = Application Hang | ID = 1002
Description = Hanging application Acrobat.exe, version 8.0.0.456, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/17/2009 7:58:04 PM | Computer Name = HOBLPRINT | Source = Application Hang | ID = 1002
Description = Hanging application Acrobat.exe, version 8.0.0.456, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/31/2009 8:25:14 PM | Computer Name = HOBL | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address 000C6E5831C9 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/1/2009 9:55:00 PM | Computer Name = HOBL | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 9/1/2009 9:55:00 PM | Computer Name = HOBL | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 9/4/2009 7:32:52 PM | Computer Name = HOBLPRINT | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer
share name Printer.

Error - 9/10/2009 3:09:18 AM | Computer Name = HOBLPRINT | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer
share name Printer.

Error - 9/12/2009 8:16:40 AM | Computer Name = HOBLPRINT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IDSxpx86

Error - 9/28/2009 7:26:25 AM | Computer Name = HOBLPRINT | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 000C6E5831C9 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/2/2009 6:10:40 PM | Computer Name = HOBLPRINT | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.104 for the Network Card with network
address 000C6E5831C9 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/2/2009 6:10:41 PM | Computer Name = HOBLPRINT | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer
share name Printer.

Error - 10/3/2009 5:20:01 PM | Computer Name = HOBLPRINT | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer
share name Printer.


< End of report >

I am going to go do the other portion of your message and then I will post it here. Thanks again. BRB.

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:36 PM

Posted 18 October 2009 - 01:01 PM

Ok you are welcome. :(
Post when ready.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 tooyummy4u

tooyummy4u
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 18 October 2009 - 05:40 PM

Ok you are welcome. :(
Post when ready.


Wow you were not kidding when you said that would take long. Here is the log:

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-18 18:32:58
Windows 5.1.2600 Service Pack 3
Running: w0c27htq.exe; Driver: C:\DOCUME~1\TooYummy\LOCALS~1\Temp\uftcipod.sys


---- System - GMER 1.0.15 ----

SSDT 89E9DB80 ZwAlertResumeThread
SSDT 89E9D860 ZwAlertThread
SSDT 89E7CDB8 ZwAllocateVirtualMemory
SSDT 89E9EC08 ZwAssignProcessToJobObject
SSDT 8A33F0E0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB6EF5130]
SSDT 89E9E488 ZwCreateMutant
SSDT 89E9EE88 ZwCreateSymbolicLinkObject
SSDT 8A1C7E90 ZwCreateThread
SSDT 89E9E8B8 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB6EF53B0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB6EF5910]
SSDT 89E7E518 ZwDuplicateObject
SSDT 89E9D488 ZwFreeVirtualMemory
SSDT 89E9DE18 ZwImpersonateAnonymousToken
SSDT 89E9DED8 ZwImpersonateThread
SSDT 8A2BD240 ZwLoadDriver
SSDT 89E86C90 ZwMapViewOfSection
SSDT 89E9E3C8 ZwOpenEvent
SSDT 89E809A0 ZwOpenProcess
SSDT 89E7E4E0 ZwOpenProcessToken
SSDT 89E9E668 ZwOpenSection
SSDT 89E7E5E8 ZwOpenThread
SSDT 89E9EB38 ZwProtectVirtualMemory
SSDT 8A58BB30 ZwResumeThread
SSDT 89E9CD80 ZwSetContextThread
SSDT 89E9D690 ZwSetInformationProcess
SSDT 89E9E978 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB6EF5B60]
SSDT 89E9E728 ZwSuspendProcess
SSDT 89E9D5D0 ZwSuspendThread
SSDT 89E86BE8 ZwTerminateProcess
SSDT 89E9D340 ZwTerminateThread
SSDT 89E7CD80 ZwUnmapViewOfSection
SSDT 89E9CE40 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 7C 804E26D8 8 Bytes JMP 6A268766
.text ntoskrnl.exe!_abnormal_termination + 11C 804E2778 8 Bytes JMP 9CCCB806
.text ntoskrnl.exe!_abnormal_termination + 130 804E278C 4 Bytes CALL 33E9B17A
.text ntoskrnl.exe!_abnormal_termination + 234 804E2890 8 Bytes CALL 6833091E
.text ntoskrnl.exe!_abnormal_termination + 24C 804E28A8 4 Bytes CALL 52D81092
.text ...
? SYMEFA.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[6992] ntdll.dll!RtlValidateUnicodeString + 554 7C9163BE 10 Bytes JMP 045F00AF
.text C:\Program Files\Internet Explorer\iexplore.exe[6992] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6992] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6992] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2543F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6992] ole32.dll!OleInitialize + E37 77500521 7 Bytes JMP 045F0168
.text C:\Program Files\Internet Explorer\iexplore.exe[6992] ole32.dll!CoImpersonateClient + 51 775156C0 7 Bytes JMP 045F021E
.text C:\Program Files\Internet Explorer\iexplore.exe[6992] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100116A0 C:\WINDOWS\System32\dmconfig32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6992] ws2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 100115C7 C:\WINDOWS\System32\dmconfig32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6992] ws2_32.dll!bind 71AB4480 5 Bytes JMP 10011551 C:\WINDOWS\System32\dmconfig32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6992] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 1001162A C:\WINDOWS\System32\dmconfig32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6992] ws2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 1001165F C:\WINDOWS\System32\dmconfig32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7924] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7924] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7924] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7924] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7924] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7924] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7924] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7924] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7924] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7924] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100116A0 C:\WINDOWS\System32\dmconfig32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7924] ws2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 100115C7 C:\WINDOWS\System32\dmconfig32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7924] ws2_32.dll!bind 71AB4480 5 Bytes JMP 10011551 C:\WINDOWS\System32\dmconfig32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7924] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 1001162A C:\WINDOWS\System32\dmconfig32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[7924] ws2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 1001165F C:\WINDOWS\System32\dmconfig32.dll

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\w0c27htq.exe[660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BA2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\w0c27htq.exe[660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BA2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\w0c27htq.exe[660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BA2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\w0c27htq.exe[660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BA2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01A82F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01A82CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01A82D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01A82CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[1820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00522F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[1820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00522CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[1820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00522D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[1820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00522CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\rundll32.exe[2860] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BC2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\rundll32.exe[2860] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BC2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\rundll32.exe[2860] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BC2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\rundll32.exe[2860] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BC2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[6040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[6040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[6040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[6040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C62F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C62CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C62D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C62CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6992] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7924] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CB2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7924] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CB2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7924] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00CB2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7924] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CB2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\WudfRd \Device\UMDFCtrlDev-db3d8940-bbf9-11de-9c82-000c6e5831c9 kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:36 PM

Posted 18 October 2009 - 06:29 PM

Install\Run Malwarebytes

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=====
Download Dr.Web CureIt to the desktop.
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow Posted Image at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log.
NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Edited by kahdah, 18 October 2009 - 06:30 PM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 tooyummy4u

tooyummy4u
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 19 October 2009 - 06:33 AM

Install\Run Malwarebytes

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=====
Download Dr.Web CureIt to the desktop.
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow Posted Image at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log.
NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.


Here is the Malwarebytes log:

Malwarebytes' Anti-Malware 1.41
Database version: 2982
Windows 5.1.2600 Service Pack 3

10/18/2009 9:30:06 PM
mbam-log-2009-10-18 (21-30-06).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 180778
Time elapsed: 51 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\dmconfig32.dll (Trojan.Tracur) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\8e129d0687 (Trojan.Tracur) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\dmconfig32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\dmconfig32.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\dmconfig32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Documents and Settings\TooYummy\Desktop\backups\backup-20091018-111837-135.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\TooYummy\Desktop\backups\backup-20091018-111837-295.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\TooYummy\Local Settings\Temp\7.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1078081533-1532298954-839522115-1003\Dc108.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eapqec32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

Here is the Dr.Web log:

HPFix.reg;C:\Documents and Settings\TooYummy\My Documents\Crystal's Home PC\Crystal Home PC Desktop Items\SDFix\apps;Trojan.StartPage.1505;Deleted.;
HPFix2.reg;C:\Documents and Settings\TooYummy\My Documents\Crystal's Home PC\Crystal Home PC Desktop Items\SDFix\apps;Trojan.StartPage.1505;Deleted.;
Process.exe;C:\Documents and Settings\TooYummy\My Documents\Crystal's Home PC\Crystal Home PC Desktop Items\SDFix\apps;Tool.Prockill;Deleted.;
setup.exe;C:\Documents and Settings\TooYummy\My Documents\Crystal's Home PC\Crystal Home PC Desktop Items\Techsmith.SnagIt.v8.2.3.Incl.Ke;Trojan.MulDrop.5074;Deleted.;
Blue October - Calling You.mp3;C:\Documents and Settings\TooYummy\My Documents\Crystal's Home PC\My Music;Trojan.WMALoader;Cured.;
Pink - Hell wit ya.mp3;C:\Documents and Settings\TooYummy\My Documents\Crystal's Home PC\My Music;Trojan.WMALoader;Cured.;
Blue October - Calling You.mp3;C:\Documents and Settings\TooYummy\My Documents\My Music;Trojan.WMALoader;Cured.;
Pink - Hell wit ya.mp3;C:\Documents and Settings\TooYummy\My Documents\My Music;Trojan.WMALoader;Cured.;
SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\TooYummy\Desktop\SDFix.exe;Tool.Prockill;;
SDFix.exe;C:\Documents and Settings\TooYummy\Desktop;Archive contains infected objects;Moved.;
vnc-4_1_1-x86_win32.exe\data001;C:\Documents and Settings\TooYummy\My Documents\Crystal's Home PC\vnc-4_1_1-x86_win32.exe;Program.RemoteAdmin;;
vnc-4_1_1-x86_win32.exe\data003;C:\Documents and Settings\TooYummy\My Documents\Crystal's Home PC\vnc-4_1_1-x86_win32.exe;Program.RemoteAdmin;;
vnc-4_1_1-x86_win32.exe;C:\Documents and Settings\TooYummy\My Documents\Crystal's Home PC;Archive contains infected objects;Moved.;
vnc-4.0-x86_win32.exe\data002;C:\Documents and Settings\TooYummy\My Documents\Crystal's Home PC\My Received Files\vnc-4.0-x86_win32.exe;Program.RemoteAdmin;;
vnc-4.0-x86_win32.exe\data003;C:\Documents and Settings\TooYummy\My Documents\Crystal's Home PC\My Received Files\vnc-4.0-x86_win32.exe;Program.RemoteAdmin;;
vnc-4.0-x86_win32.exe\data004;C:\Documents and Settings\TooYummy\My Documents\Crystal's Home PC\My Received Files\vnc-4.0-x86_win32.exe;Program.RemoteAdmin;;
vnc-4.0-x86_win32.exe\data006;C:\Documents and Settings\TooYummy\My Documents\Crystal's Home PC\My Received Files\vnc-4.0-x86_win32.exe;Program.RemoteAdmin;;
vnc-4.0-x86_win32.exe;C:\Documents and Settings\TooYummy\My Documents\Crystal's Home PC\My Received Files;Archive contains infected objects;Moved.;
CouponPrinter.ocx;C:\WINDOWS;Adware.Coupons.34;;

Here is the New OTL log ( I did not get an Extras report this time.):

OTL logfile created on: 10/19/2009 7:23:16 AM - Run 2
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\TooYummy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 78.06% Memory free
3.85 Gb Paging File | 3.56 Gb Available in Paging File | 92.47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 56.64 Gb Free Space | 50.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOBLPRINT
Current User Name: TooYummy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\TooYummy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wudfhost.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\ZuneBusEnum.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [Disabled | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LVCOMSer [Disabled | Stopped]) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVSrvLauncher [Disabled | Stopped]) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (Norton Internet Security [Auto | Running]) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe (Symantec Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (Pml Driver HPZ12 [Disabled | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (ZuneBusEnum [Auto | Running]) -- C:\WINDOWS\System32\ZuneBusEnum.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc [On_Demand | Stopped]) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (ZuneWlanCfgSvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\ZuneWlanCfgSvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (aslm75 [System | Running]) -- C:\WINDOWS\System32\drivers\aslm75.sys ()
DRV - (BHDrvx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\BHDrvx86.sys (Symantec Corporation)
DRV - (CamDrL [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Camdrl.sys (Logitech Inc.)
DRV - (ccHP [System | Running]) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\ccHPx86.sys (Symantec Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EL2000 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\EL2K_XP.sys (3Com Corporation)
DRV - (elagopro [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\elagopro.sys (Gteko Ltd.)
DRV - (elaunidr [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\elaunidr.sys (Gteko Ltd.)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (HPZid412 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (IDSxpx86 [System | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090916.003\IDSxpx86.sys (Symantec Corporation)
DRV - (LBeepKE [Auto | Running]) -- C:\WINDOWS\System32\Drivers\LBeepKE.sys (Logitech Inc.)
DRV - (LHidKe [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LHidKE.Sys (Logitech Inc.)
DRV - (LHidUsbK [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\LHidUsbK.Sys (Logitech Inc.)
DRV - (LMouKE [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys (Logitech Inc.)
DRV - (LVcKap [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\LVcKap.sys (Logitech Inc.)
DRV - (LVMVDrv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys (Logitech Inc.)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVUSBSta [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (NAVENG [On_Demand | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091018.020\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091018.020\NAVEX15.SYS (Symantec Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (pcouffin [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (SRTSP [System | Running]) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\system32\drivers\NIS\1007020.00B\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEFA [Boot | Running]) -- C:\WINDOWS\system32\drivers\NIS\1007020.00B\SYMEFA.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMIDS.SYS (Symantec Corporation)
DRV - (SymIM [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (SymIMMP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMTDI.SYS (Symantec Corporation)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (WinUSB [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\WinUSB.sys (Microsoft Corporation)
DRV - (zumbus [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\zumbus.sys (Microsoft Corporation)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 78 CE C2 03 EE 7E 95 40 8C E7 AD 55 FA 40 55 71 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/23 13:27:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/23 15:04:54 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/22 21:35:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3b1ff86f-8f88-11de-9c55-82d676bac608}\Shell\AutoRun\command - "" = F:\LinksysConnectPC.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/10/07 20:41:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8737778F-82C6-4680-A660-E8B2B8C8C22B}
[2009/10/07 20:41:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}
[2009/10/07 20:41:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{C1D59375-A181-4409-8AA2-9116026536CD}
[2009/10/07 20:42:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{D9AA4D17-9292-410D-9AA5-84526D062900}
[2009/10/17 18:49:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/10/04 10:02:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2009/10/18 19:41:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/17 15:49:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/10/18 12:54:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/10/18 19:41:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TooYummy\Application Data\Malwarebytes
[2009/10/17 16:10:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TooYummy\Application Data\Nero
[2009/10/07 20:42:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TooYummy\Application Data\Stamps.com Internet Postage
[2009/10/17 16:49:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TooYummy\Application Data\Vso
[2009/10/17 12:30:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TooYummy\Application Data\WinRAR
[2009/10/07 20:40:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TooYummy\Local Settings\Application Data\Seven Zip
[2009/10/17 18:42:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/10/17 18:49:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2009/10/17 15:49:27 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2009/10/17 19:10:25 | 00,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2009/09/26 22:08:42 | 00,000,000 | ---D | C] -- C:\Program Files\Coupons
[2009/10/18 19:41:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/18 18:44:56 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/10/17 15:24:18 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/10/17 16:14:54 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/10/07 20:40:57 | 00,000,000 | ---D | C] -- C:\Program Files\Stamps.com Internet Postage
[2009/10/18 11:09:06 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/17 12:26:00 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/10/18 12:54:37 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2009/10/18 21:38:44 | 18,562,192 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\TooYummy\Desktop\drweb-cureit.exe
[2009/10/18 19:41:39 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/18 19:41:38 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/18 19:39:02 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\TooYummy\Desktop\mbam-setup.exe
[2009/10/18 13:29:15 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TooYummy\Desktop\OTL.exe
[2009/10/18 12:30:14 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\TooYummy\Desktop\RootRepeal.exe
[2009/10/18 11:37:14 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\TooYummy\Desktop\ATF-Cleaner.exe
[2009/10/18 11:18:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TooYummy\Desktop\backups
[2009/10/18 11:11:37 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\TooYummy\Desktop\HiJackThis.exe
[2009/10/18 06:38:12 | 00,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/10/18 06:38:12 | 00,215,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2009/10/18 06:38:12 | 00,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/10/17 20:17:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TooYummy\My Documents\Kaplan College First Semester
[2009/10/17 20:03:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TooYummy\My Documents\Adobe Professional Crack 8.0-2009
[2009/10/17 18:50:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TooYummy\My Documents\Updater5
[2009/10/17 16:49:37 | 00,047,360 | ---- | C] (VSO Software) -- C:\WINDOWS\System32\drivers\pcouffin.sys
[2009/10/17 16:49:37 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\TooYummy\Application Data\pcouffin.sys
[2009/10/17 16:49:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TooYummy\My Documents\PcSetup
[2009/10/17 16:49:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TooYummy\My Documents\DVDFab
[2009/10/17 15:46:29 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2009/10/17 12:12:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TooYummy\Desktop\Homework
[2009/10/07 06:34:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/10/07 05:12:52 | 00,087,344 | ---- | C] (Prolific Technology Inc.) -- C:\WINDOWS\System32\IoctlSvc.exe
[2009/09/26 22:09:05 | 00,202,072 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2009/09/26 22:08:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cache

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/10/19 07:14:41 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/19 07:14:23 | 00,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/10/19 07:14:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/19 07:14:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/19 07:08:36 | 00,002,547 | ---- | M] () -- C:\Documents and Settings\TooYummy\Desktop\DrWeb.csv
[2009/10/19 07:06:26 | 00,000,426 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - TooYummy - Full System Scan.job
[2009/10/19 07:01:00 | 00,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2009/10/18 21:38:44 | 18,562,192 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\TooYummy\Desktop\drweb-cureit.exe
[2009/10/18 20:36:59 | 00,005,609 | -HS- | M] () -- C:\Documents and Settings\TooYummy\Application Data\02000000b4487b13687C.manifest
[2009/10/18 20:36:59 | 00,003,012 | -HS- | M] () -- C:\Documents and Settings\TooYummy\Application Data\02000000b4487b13687P.manifest
[2009/10/18 20:36:59 | 00,000,621 | -HS- | M] () -- C:\Documents and Settings\TooYummy\Application Data\02000000b4487b13687O.manifest
[2009/10/18 20:36:27 | 00,000,011 | -HS- | M] () -- C:\Documents and Settings\TooYummy\Application Data\02000000b4487b13687S.manifest
[2009/10/18 19:41:42 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/18 19:39:12 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\TooYummy\Desktop\mbam-setup.exe
[2009/10/18 18:44:30 | 00,000,668 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/18 14:03:36 | 00,291,328 | ---- | M] () -- C:\w0c27htq.exe
[2009/10/18 13:29:18 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TooYummy\Desktop\OTL.exe
[2009/10/18 12:56:02 | 00,004,338 | ---- | M] () -- C:\Documents and Settings\TooYummy\Desktop\ark.zip
[2009/10/18 12:55:51 | 00,002,651 | ---- | M] () -- C:\Documents and Settings\TooYummy\Desktop\Attach.zip
[2009/10/18 12:45:01 | 00,003,479 | ---- | M] () -- C:\Documents and Settings\TooYummy\Desktop\DDS.zip
[2009/10/18 12:33:20 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\TooYummy\Desktop\settings.dat
[2009/10/18 12:30:53 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\TooYummy\Desktop\RootRepeal.exe
[2009/10/18 11:38:14 | 07,280,672 | ---- | M] () -- C:\Documents and Settings\TooYummy\Desktop\SUPERAntiSpyware.exe
[2009/10/18 11:37:14 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\TooYummy\Desktop\ATF-Cleaner.exe
[2009/10/18 11:11:39 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\TooYummy\Desktop\HiJackThis.exe
[2009/10/18 11:09:08 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\TooYummy\Desktop\HijackThis.lnk
[2009/10/18 09:00:00 | 00,000,660 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - TooYummy - Music Scan.job
[2009/10/18 02:19:00 | 00,000,456 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2009/10/17 21:36:53 | 00,000,394 | ---- | M] () -- C:\xcrashdump.dat
[2009/10/17 20:50:38 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 8 Professional.lnk
[2009/10/17 19:35:58 | 00,000,016 | ---- | M] () -- C:\WINDOWS\System32\api.dat
[2009/10/17 19:10:19 | 00,000,862 | ---- | M] () -- C:\Documents and Settings\TooYummy\Desktop\FrostWire 4.18.3.lnk
[2009/10/17 18:56:17 | 00,120,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/17 18:53:26 | 00,021,120 | ---- | M] () -- C:\Documents and Settings\TooYummy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/17 17:41:24 | 00,087,608 | ---- | M] () -- C:\Documents and Settings\TooYummy\Application Data\inst.exe
[2009/10/17 17:41:24 | 00,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\TooYummy\Application Data\pcouffin.sys
[2009/10/17 17:41:24 | 00,007,887 | ---- | M] () -- C:\Documents and Settings\TooYummy\Application Data\pcouffin.cat
[2009/10/17 17:41:24 | 00,001,144 | ---- | M] () -- C:\Documents and Settings\TooYummy\Application Data\pcouffin.inf
[2009/10/17 16:49:37 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\drivers\pcouffin.sys
[2009/10/15 20:51:46 | 00,501,230 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/15 20:51:46 | 00,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/15 20:51:46 | 00,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/15 20:47:15 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/07 20:51:53 | 00,000,036 | -H-- | M] () -- C:\WINDOWS\System32\f9t.dat
[2009/10/07 20:42:32 | 00,000,765 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Stamps.com.lnk
[2009/10/07 05:12:52 | 00,087,344 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\System32\IoctlSvc.exe
[2009/10/04 10:03:43 | 00,001,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2009/10/04 09:50:12 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\TooYummy\Desktop\GREGORY BUDGET-2009.xls
[2009/10/02 14:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/09/26 22:09:05 | 00,202,072 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2009/09/19 08:22:07 | 00,039,936 | ---- | M] () -- C:\Documents and Settings\TooYummy\My Documents\Dunn+New+2008+Resume.doc

========== Files - No Company Name ==========
[2009/10/19 07:08:36 | 00,002,547 | ---- | C] () -- C:\Documents and Settings\TooYummy\Desktop\DrWeb.csv
[2009/10/18 19:41:42 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/18 14:01:38 | 00,291,328 | ---- | C] () -- C:\w0c27htq.exe
[2009/10/18 12:56:02 | 00,004,338 | ---- | C] () -- C:\Documents and Settings\TooYummy\Desktop\ark.zip
[2009/10/18 12:55:51 | 00,002,651 | ---- | C] () -- C:\Documents and Settings\TooYummy\Desktop\Attach.zip
[2009/10/18 12:45:01 | 00,003,479 | ---- | C] () -- C:\Documents and Settings\TooYummy\Desktop\DDS.zip
[2009/10/18 12:30:56 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\TooYummy\Desktop\settings.dat
[2009/10/18 11:38:05 | 07,280,672 | ---- | C] () -- C:\Documents and Settings\TooYummy\Desktop\SUPERAntiSpyware.exe
[2009/10/18 11:09:07 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\TooYummy\Desktop\HijackThis.lnk
[2009/10/17 20:56:12 | 00,000,394 | ---- | C] () -- C:\xcrashdump.dat
[2009/10/17 19:35:58 | 00,000,016 | ---- | C] () -- C:\WINDOWS\System32\api.dat
[2009/10/17 19:10:33 | 00,000,240 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2009/10/17 19:10:19 | 00,000,862 | ---- | C] () -- C:\Documents and Settings\TooYummy\Desktop\FrostWire 4.18.3.lnk
[2009/10/17 18:47:03 | 00,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 8 Professional.lnk
[2009/10/17 18:44:08 | 00,005,609 | -HS- | C] () -- C:\Documents and Settings\TooYummy\Application Data\02000000b4487b13687C.manifest
[2009/10/17 18:44:08 | 00,003,012 | -HS- | C] () -- C:\Documents and Settings\TooYummy\Application Data\02000000b4487b13687P.manifest
[2009/10/17 18:44:08 | 00,000,621 | -HS- | C] () -- C:\Documents and Settings\TooYummy\Application Data\02000000b4487b13687O.manifest
[2009/10/17 18:44:08 | 00,000,011 | -HS- | C] () -- C:\Documents and Settings\TooYummy\Application Data\02000000b4487b13687S.manifest
[2009/10/17 16:49:45 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\TooYummy\Application Data\pcouffin.log
[2009/10/17 16:49:37 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\TooYummy\Application Data\inst.exe
[2009/10/17 16:49:37 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\TooYummy\Application Data\pcouffin.cat
[2009/10/17 16:49:37 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\TooYummy\Application Data\pcouffin.inf
[2009/10/07 20:42:32 | 00,000,765 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Stamps.com.lnk
[2009/10/07 20:40:57 | 00,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2009/10/04 10:02:11 | 00,001,781 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2009/10/04 09:16:08 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\TooYummy\Desktop\GREGORY BUDGET-2009.xls
[2009/09/19 08:22:06 | 00,039,936 | ---- | C] () -- C:\Documents and Settings\TooYummy\My Documents\Dunn+New+2008+Resume.doc
[2009/08/23 17:28:16 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\drivers\service.ini
[2009/08/23 17:11:02 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/23 16:15:14 | 00,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2009/08/23 16:11:41 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2009/08/23 14:33:42 | 00,000,131 | ---- | C] () -- C:\Documents and Settings\TooYummy\Local Settings\Application Data\fusioncache.dat
[2009/08/23 13:38:38 | 00,000,849 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/23 12:02:00 | 00,021,120 | ---- | C] () -- C:\Documents and Settings\TooYummy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/22 21:55:13 | 05,882,718 | -H-- | C] () -- C:\Documents and Settings\TooYummy\Local Settings\Application Data\IconCache.db
[2009/08/22 21:51:42 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\TooYummy\Application Data\desktop.ini
[2009/08/22 17:14:23 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/05/16 14:01:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 14:01:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 14:01:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 14:01:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 14:01:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/07/18 17:42:42 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/02/03 08:59:04 | 00,050,127 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2003/03/31 08:00:00 | 00,000,668 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/03/31 08:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

========== LOP Check ==========

[2009/10/18 19:41:38 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/10/07 20:41:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8737778F-82C6-4680-A660-E8B2B8C8C22B}
[2009/10/07 20:41:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}
[2009/10/07 20:41:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{C1D59375-A181-4409-8AA2-9116026536CD}
[2009/10/07 20:42:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{D9AA4D17-9292-410D-9AA5-84526D062900}
[2009/08/23 18:26:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/10/17 18:49:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/08/23 17:59:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2009/10/04 10:02:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2009/09/04 19:35:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/09/04 19:34:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/08/23 18:19:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/08/23 17:51:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/10/18 12:55:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/10/18 19:41:45 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\TooYummy\Application Data
[2009/08/23 11:29:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TooYummy\Application Data\Blitware
[2009/09/11 21:58:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TooYummy\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/08/23 18:19:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TooYummy\Application Data\DriverCure
[2009/10/17 19:47:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TooYummy\Application Data\FrostWire
[2009/08/23 12:51:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TooYummy\Application Data\Leadertech
[2009/08/23 17:21:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TooYummy\Application Data\OfficeUpdate12
[2009/10/07 20:42:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TooYummy\Application Data\Stamps.com Internet Postage
[2009/10/17 17:41:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TooYummy\Application Data\Vso
[2003/03/31 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/18 02:19:00 | 00,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
[2009/10/18 09:00:00 | 00,000,660 | ---- | M] () -- C:\WINDOWS\Tasks\Norton AntiVirus - TooYummy - Music Scan.job
[2009/10/19 07:06:26 | 00,000,426 | ---- | M] () -- C:\WINDOWS\Tasks\Norton Internet Security - TooYummy - Full System Scan.job
[2009/10/19 07:14:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/19 07:01:00 | 00,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========


< End of report >

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:36 PM

Posted 19 October 2009 - 07:08 AM

Looks good how are things running?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 tooyummy4u

tooyummy4u
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 19 October 2009 - 06:14 PM

Looks good how are things running?


Working wonderfully so far. Thank you so much for your time and patience. Keyboard is even back to normal. You are the best! :(

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:36 PM

Posted 19 October 2009 - 08:48 PM

You are welcome :(

======First======
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 16...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
======================Clear out infected System Restore points======================


Then we need to reset your System Restore points.
The link below shows how to do this.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================
After that your all set. :(


The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...

Edited by kahdah, 19 October 2009 - 08:48 PM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users