1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Vista Internet Security 2012

Discussion in 'Virus & Other Malware Removal' started by fulci, Dec 20, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. fulci

    fulci Thread Starter

    Joined:
    Jul 20, 2004
    Messages:
    50
    I picked up the Vista Internet Secuirty 2012 trojan. My Kapersky detected and removed the trojan after which no .exe files would open, they would only ask what program to open it with. I contacted Kapersky and they gave me a download to fix this issue which it did. I'm wondering now if everything was cleaned up. Here is my information and thank you for the assistance.

    Hijack This:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:44:38 PM, on 12/20/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    C:\Program Files (x86)\Digital Line Detect\DLG.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Palm\Hotsync.exe
    C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\Program Files (x86)\Verizon\VSP\VerizonServicepointComHandler.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
    O2 - BHO: Somoto Toolbar - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll (file missing)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Somoto Toolbar - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll (file missing)
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
    O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
    O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
    O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files (x86)\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: PMB Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files (x86)\Palm\Hotsync.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tom\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    O8 - Extra context menu item: Open with WordPerfect - C:\Program Files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon High Speed Internet Installer.cab
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} (LogMeIn Rescue Applet Downloader) - https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
    O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

    --
    End of file - 14116 bytes



    DDS

    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
    Run by Tom at 20:49:54 on 2011-12-20
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.2273 [GMT -5:00]
    .
    AV: Kaspersky Anti-Virus *Enabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
    SP: Kaspersky Anti-Virus *Enabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RAVCpl64.exe
    C:\Windows\SysWOW64\ASTSRV.EXE
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio64.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    C:\Program Files (x86)\Digital Line Detect\DLG.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Palm\Hotsync.exe
    C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\Program Files (x86)\Verizon\VSP\VerizonServicepointComHandler.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Windows\system32\msiexec.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit=userinit.exe
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
    BHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [NBJ] "C:\Program Files (x86)\Ahead\Nero BackItUp\NBJ.exe"
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    mRun: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun: [QuickFinder Scheduler] "C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE"
    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
    mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
    mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
    mRun: [VerizonServicepoint.exe] "C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    StartupFolder: C:\Users\Tom\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    StartupFolder: C:\Users\Tom\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PMBMED~1.LNK - C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HOTSYN~1.LNK - C:\Program Files (x86)\Palm\Hotsync.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - C:\Users\Tom\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Open with WordPerfect - C:\Program Files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
    DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
    DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
    DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.2.1 192.168.1.1
    TCP: Interfaces\{4A9AD0FD-5CC4-4CAB-A4C5-746AAEE16002} : DhcpNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{7EA51102-8430-4AD5-AA02-CD977C1ADD42} : DhcpNameServer = 192.168.2.1 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
    BHO-X64: IEVkbdBHO - No File
    BHO-X64: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
    BHO-X64: Somoto Toolbar - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB-X64: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
    mRun-x64: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun-x64: [QuickFinder Scheduler] "C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE"
    mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
    mRun-x64: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
    mRun-x64: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
    mRun-x64: [VerizonServicepoint.exe] "C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\png9zjdh.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z133&install_date=20110902
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z133&form=ZGAADF&install_date=20110902&q=
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\PROGRA~2\Palm\PACKAG~1\NPInstal.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Verizon\VSP\nprpspa.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\DRIVERS\klbg.sys --> C:\Windows\system32\DRIVERS\klbg.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
    R2 ASTSRV;Nalpeiron Licensing Service;C:\Windows\System32\ASTSRV.EXE [2010-11-8 57344]
    R2 AVP;Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2008-7-29 208616]
    R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-9-25 189736]
    R2 ServicepointService;ServicepointService;C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe [2011-3-17 689464]
    R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-10 136176]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-10 136176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
    S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
    S3 USB_RNDIS_VISTA;Westell WireSpeed Dual Connect Modem;C:\Windows\system32\DRIVERS\usb8023.sys --> C:\Windows\system32\DRIVERS\usb8023.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-18 89920]
    .
    =============== File Associations ===============
    .
    JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2011-12-21 01:38:00 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C919020C-98A0-42D8-8753-EA1F2B7A13A7}\offreg.dll
    2011-12-21 01:06:17 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C919020C-98A0-42D8-8753-EA1F2B7A13A7}\mpengine.dll
    2011-12-16 02:10:21 85504 ----a-w- C:\Windows\System32\csrsrv.dll
    2011-12-16 02:10:19 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-12-16 02:10:19 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-12-16 02:10:12 559616 ----a-w- C:\Windows\System32\EncDec.dll
    2011-12-16 02:10:11 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2011-12-16 02:10:10 2764800 ----a-w- C:\Windows\System32\win32k.sys
    2011-12-16 02:10:08 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
    2011-12-16 02:10:08 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
    .
    ==================== Find3M ====================
    .
    2011-11-15 19:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
    2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-10-01 03:27:12 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 20:51:00.58 ===============
     

    Attached Files:

  2. fulci

    fulci Thread Starter

    Joined:
    Jul 20, 2004
    Messages:
    50
    bump
     
  3. fulci

    fulci Thread Starter

    Joined:
    Jul 20, 2004
    Messages:
    50
    bump
     
  4. Deejay100six

    Deejay100six

    Joined:
    Sep 27, 2011
    Messages:
    501
    Hi and welcome to TSG.

    I am reviewing your logs and will respond with a reply as soon as I can.

    Please note that all my replies are reviewed by a qualified Analyst before I post. This ensures that you will continue to receive quality expert assistance.

    Thank you for your patience.
     
  5. Deejay100six

    Deejay100six

    Joined:
    Sep 27, 2011
    Messages:
    501
    Hi, my name is Dave and I will be helping you to clean any malware which may be present on your system.

    Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.


    • Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.
    • If there is anything you don't understand, please ask BEFORE proceeding with the fixes.
    • Please ensure that you follow the instructions in the order I have them listed.
    • Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into your thread. If the logs are too big to post in one reply, please feel free to use more posts. Do NOT add them as attachments unless specifically instructed.
    • If I don't hear from you within 3 days from this initial or any subsequent post, I will have to unsubscribe from this thread, which means I will not recieve notifications of any further replies and will move on to assist someone else.


    ------------------------------------------------------------------------------------------------------------

    Looks like you pretty much caught it all. Just a malicious toolbar to dispose of but first, lets double check that you don't have any other malware.

    Download Malwarebytes' Anti-Malware to your desktop.


    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Save it to your desktop.
    Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

    ------------------------------------------------------------------------------------------------------------

    Then,

    Go here to run an online scannner from ESET.

    • Note: You will need to use Internet explorer for this scan
    • Vista or Windows 7 users, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.

      ------------------------------------------------------------------------------------------------------------

      Download OTL.exe to your desktop.

      Double click the icon to start the tool.
      • Click Run Scan and let the program run uninterrupted.
      • When the scan is complete, two text files will be created, OTL.Txt <- this one will be opened in Notepad and Extras.txt, on Desktop.
      Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Click Scan
    • Wait for the scan to finish
    • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log in your next reply.
     
  6. Deejay100six

    Deejay100six

    Joined:
    Sep 27, 2011
    Messages:
    501
    Hi, do you still require assistance?

    If you do not reply within 24 hours I will have to unsubscribe from this thread and wont be notified about any new replies.
     
  7. fulci

    fulci Thread Starter

    Joined:
    Jul 20, 2004
    Messages:
    50
    Yes, Dave I still require assistance here are my results. I could not locate the advanced settings on OTL to do the last thing you asked for. All other results are below. Thank you for your continued help.

    Malware Bytes Log

    Malwarebytes Anti-Malware (Trial) 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.15.04

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421


    Protection: Enabled

    1/15/2012 6:24:27 PM
    mbam-log-2012-01-15 (18-24-27).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 189698
    Time elapsed: 7 minute(s), 21 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    ESET Log

    [email protected] as CAB hook log:
    OnlineScanner64.ocx - registred OK
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=85948feb78789e45abd375983b0f66d1
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-01-16 12:16:51
    # local_time=2012-01-16 07:16:51 (-0500, Eastern Standard Time)
    # country="United States"
    # lang=9
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=1280 16777215 100 0 91775852 91775852 0 0
    # compatibility_mode=5892 16776573 100 56 0 163285414 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=335484
    # found=8
    # cleaned=0
    # scan_time=29503
    C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GU8XG531\clipextractor-z-silent[1].exe Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
    C:\Users\Tom\AppData\Local\Temp\Clip Extractor.exe Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
    C:\Users\Tom\AppData\Local\Temp\kna0.5959160373583595.exe a variant of Win32/Kryptik.XQO trojan (unable to clean) 00000000000000000000000000000000 I
    C:\Users\Tom\AppData\Local\Temp\ICReinstall\cnet_setupbasic_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
    C:\Users\Tom\AppData\Local\Temp\is1598539481\zgInstaller.exe Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
    C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\e5a51ab-3ceaafab a variant of Java/Agent.DZ trojan (unable to clean) 00000000000000000000000000000000 I
    C:\Users\Tom\Downloads\cnet_setupbasic_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
    C:\Users\Tom\Downloads\Microsoft Office 2007 Complete Third Edition\MS Office 2007.iso probably a variant of Win32/Agent.FGHQVIS trojan (unable to clean) 00000000000000000000000000000000 I


    OTL TXT File

    OTL logfile created on: 1/16/2012 7:54:30 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tom\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 30.42% Memory free
    8.21 Gb Paging File | 5.04 Gb Available in Paging File | 61.38% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 586.12 Gb Total Space | 269.27 Gb Free Space | 45.94% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 4.11 Gb Free Space | 41.09% Space Free | Partition Type: NTFS
    Drive F: | 1201.95 Gb Total Space | 280.96 Gb Free Space | 23.38% Space Free | Partition Type: NTFS
    Drive L: | 93.59 Gb Total Space | 89.16 Gb Free Space | 95.26% Space Free | Partition Type: NTFS
    Drive M: | 92.71 Gb Total Space | 42.09 Gb Free Space | 45.40% Space Free | Partition Type: NTFS

    Computer Name: TOM-PC | User Name: Tom | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/01/15 23:20:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Downloads\OTL.exe
    PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/09/20 19:16:12 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe
    PRC - [2011/01/10 10:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe
    PRC - [2011/01/10 10:56:32 | 004,318,520 | ---- | M] (Verizon) -- C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe
    PRC - [2011/01/10 10:56:32 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files (x86)\Verizon\VSP\VerizonServicepointComHandler.exe
    PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
    PRC - [2009/09/25 23:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    PRC - [2009/07/21 10:14:21 | 000,208,616 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    PRC - [2009/04/11 01:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    PRC - [2008/10/10 16:00:24 | 000,317,728 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    PRC - [2008/08/03 18:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
    PRC - [2008/05/19 13:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\ASTSRV.EXE
    PRC - [2008/02/22 09:33:00 | 000,072,192 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    PRC - [2008/01/03 18:28:08 | 001,392,640 | R--- | M] (PalmSource, Inc) -- C:\Program Files (x86)\Palm\Hotsync.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2011/01/10 10:47:40 | 000,158,208 | ---- | M] () -- C:\Program Files (x86)\Verizon\VSP\Windows7Features.dll
    MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2008/08/03 18:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2008/09/05 23:01:16 | 000,905,216 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
    SRV:64bit: - [2008/07/02 02:11:34 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
    SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/09/25 12:59:50 | 000,205,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Serviio\bin\ServiioService.exe -- (Serviio)
    SRV - [2011/01/10 10:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
    SRV - [2009/07/21 10:14:21 | 000,208,616 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (AVP)
    SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/12/31 10:50:17 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2008/05/19 13:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\ASTSRV.EXE -- (ASTSRV)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2010/08/16 15:31:18 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
    DRV:64bit: - [2010/08/16 15:31:16 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
    DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/04/11 00:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023.sys -- (USB_RNDIS_VISTA)
    DRV:64bit: - [2009/02/16 19:06:17 | 000,227,856 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF)
    DRV:64bit: - [2009/02/16 19:06:17 | 000,038,416 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\klbg.sys -- (KLBG)
    DRV:64bit: - [2008/11/08 18:46:58 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
    DRV:64bit: - [2008/09/05 23:55:38 | 004,709,376 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
    DRV:64bit: - [2008/09/05 23:55:38 | 004,709,376 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2008/07/21 18:34:42 | 000,147,984 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (kl1)
    DRV:64bit: - [2008/07/09 18:28:32 | 000,026,128 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\klim6.sys -- (KLIM6)
    DRV:64bit: - [2008/07/02 02:11:34 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
    DRV:64bit: - [2008/07/02 02:11:32 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
    DRV:64bit: - [2008/07/02 02:11:28 | 001,487,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
    DRV:64bit: - [2008/07/02 02:11:28 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
    DRV:64bit: - [2008/07/02 02:11:28 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2)
    DRV:64bit: - [2008/05/05 04:31:38 | 000,313,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
    DRV:64bit: - [2008/05/05 03:40:20 | 007,172,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z133&install_date=20110902
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 70 4E E4 B7 66 CC 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Bing"
    FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=Z133&install_date=20110902"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
    FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z133&form=ZGAADF&install_date=20110902&q="


    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Verizon\VSP\nprpspa.dll (Verizon)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~2\Palm\PACKAG~1\NPInstal.dll ()
    FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Verizon\VSP\nprpspa.dll (Verizon)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/03 20:45:01 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/23 19:10:28 | 000,000,000 | ---D | M]

    [2008/12/31 17:19:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions
    [2011/12/15 21:43:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\png9zjdh.default\extensions
    [2010/07/15 12:33:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\png9zjdh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/12/15 21:43:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\png9zjdh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2011/09/02 08:03:14 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\png9zjdh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2011/09/02 07:26:33 | 000,001,945 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\png9zjdh.default\searchplugins\bing-zugo.xml
    [2011/12/28 21:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/08/22 22:06:15 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2011/12/28 21:51:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
    [2011/12/03 20:45:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2011/12/03 20:44:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
    [2011/12/03 20:44:59 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\x64\ievkbd.dll (Kaspersky Lab)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)
    O2 - BHO: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll File not found
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKLM\..\Toolbar: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll File not found
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [AllShareAgent] "C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe" File not found
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab)
    O4 - HKLM..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers File not found
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe (Verizon)
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
    O4 - HKCU..\Run: [NBJ] C:\Program Files (x86)\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
    O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tom\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O8:64bit: - Extra context menu item: Open with WordPerfect - C:\Program Files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta ()
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tom\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O8 - Extra context menu item: Open with WordPerfect - C:\Program Files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta ()
    O9:64bit: - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\x64\SCIEPlgn.dll (Kaspersky Lab)
    O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab)
    O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon High Speed Internet Installer.cab (Support.com Configuration Class)
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
    O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab (LogMeIn Rescue Applet Downloader)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A9AD0FD-5CC4-4CAB-A4C5-746AAEE16002}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EA51102-8430-4AD5-AA02-CD977C1ADD42}: DhcpNameServer = 192.168.2.1 192.168.1.1
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd.dll) -C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll (Kaspersky Lab)
    O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) -C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll (Kaspersky Lab)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
    O24 - Desktop WallPaper: C:\Users\Tom\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Tom\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/01/01 16:41:56 | 000,000,067 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
    O33 - MountPoints2\{015f14f3-7e96-11de-bd8d-00219b0b3ad4}\Shell\AutoRun\command - "" = F:\setup.exe -- [2009/04/21 22:10:00 | 000,681,984 | ---- | M] ()
    O33 - MountPoints2\{015f14f3-7e96-11de-bd8d-00219b0b3ad4}\Shell\Install\command - "" = F:\setup.exe -- [2009/04/21 22:10:00 | 000,681,984 | ---- | M] ()
    O33 - MountPoints2\{5a0fd570-7e59-11df-bc0b-001bdc0f4a33}\Shell\AutoRun\command - "" = O:\PMB_P.exe
    O33 - MountPoints2\{5c3b37fa-5871-11e0-ad74-00219b0b3ad4}\Shell - "" = AutoRun
    O33 - MountPoints2\{5c3b37fa-5871-11e0-ad74-00219b0b3ad4}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a
    O33 - MountPoints2\{f1432511-5566-11de-88c5-806e6f6e6963}\Shell\AutoRun\command - "" = F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
    O33 - MountPoints2\{f1432511-5566-11de-88c5-806e6f6e6963}\Shell\open\command - "" = F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
    O33 - MountPoints2\{f69fe279-9cfd-11df-a345-001bdc0f4a33}\Shell\AutoRun\command - "" = O:\PMB_P.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/15 22:54:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2012/01/15 18:22:30 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Malwarebytes
    [2012/01/15 18:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/01/15 18:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/01/15 18:22:23 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/01/15 18:22:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/01/14 21:25:33 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
    [2012/01/14 21:25:33 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
    [2012/01/14 21:25:33 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
    [2012/01/14 21:25:33 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
    [2012/01/14 21:25:31 | 001,585,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
    [2012/01/14 21:25:28 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmm.dll
    [2012/01/14 21:25:28 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcicda.dll
    [2012/01/14 21:25:28 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciwave.dll
    [2012/01/14 21:25:28 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciseq.dll
    [2012/01/14 21:25:28 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciseq.dll
    [2012/01/14 21:25:26 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2012/01/14 21:25:23 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
    [2012/01/14 21:25:23 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
    [2012/01/08 13:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serviio
    [2012/01/08 13:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Serviio
    [2011/12/28 21:58:42 | 000,521,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
    [2011/12/28 21:58:42 | 000,189,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
    [2011/12/28 21:58:42 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
    [2011/12/28 21:58:42 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
    [2011/12/28 21:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2011/12/28 21:51:41 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
    [2011/12/28 21:51:41 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
    [2011/12/28 21:51:41 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
    [2011/12/28 13:48:17 | 000,000,000 | ---D | C] -- C:\Download
    [2011/12/28 13:47:56 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Samsung
    [2011/12/28 13:47:47 | 000,000,000 | ---D | C] -- C:\AllSharePhotoSlide
    [2011/12/28 13:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
    [2011/12/28 13:46:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
    [2008/11/08 18:46:58 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Tom\AppData\Roaming\pcouffin.sys

    ========== Files - Modified Within 30 Days ==========

    [2012/01/16 17:30:43 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/01/16 17:30:43 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/01/16 16:37:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/01/15 23:05:04 | 001,703,996 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox2.dat
    [2012/01/15 22:54:49 | 000,012,932 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox2.idx
    [2012/01/15 22:53:03 | 009,680,444 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox.dat
    [2012/01/15 22:38:07 | 000,098,924 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox.idx
    [2012/01/15 22:37:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/01/15 18:22:24 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/15 03:30:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/01/15 03:29:37 | 4293,054,464 | -HS- | M] () -- C:\hiberfil.sys
    [2012/01/15 03:28:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2012/01/15 03:05:19 | 000,724,402 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/01/15 03:05:19 | 000,608,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/01/15 03:05:19 | 000,105,962 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/01/08 13:37:57 | 000,001,869 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk
    [2012/01/07 11:38:01 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/01/02 19:02:34 | 000,038,912 | -H-- | M] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/12/28 21:58:20 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
    [2011/12/28 21:58:20 | 000,189,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
    [2011/12/28 21:58:20 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
    [2011/12/28 21:58:20 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
    [2011/12/28 14:19:30 | 000,001,886 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung AllShare.lnk
    [2011/12/19 11:15:36 | 000,009,476 | -HS- | M] () -- C:\ProgramData\xtkuce6a5hkq6xpf3htw6v060l6k
    [2011/12/19 11:15:35 | 000,009,476 | -HS- | M] () -- C:\Users\Tom\AppData\Local\xtkuce6a5hkq6xpf3htw6v060l6k

    ========== Files Created - No Company Name ==========

    [2012/01/15 18:22:24 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/08 13:37:57 | 000,001,869 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk
    [2011/12/28 13:47:07 | 000,001,886 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung AllShare.lnk
    [2011/12/18 20:19:32 | 000,009,476 | -HS- | C] () -- C:\Users\Tom\AppData\Local\xtkuce6a5hkq6xpf3htw6v060l6k
    [2011/12/18 20:19:32 | 000,009,476 | -HS- | C] () -- C:\ProgramData\xtkuce6a5hkq6xpf3htw6v060l6k
    [2011/09/02 07:39:09 | 000,000,591 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\ClipExtractor-YouTube-Clip-ExtractorFlvConverterDefaultSettings.xml
    [2010/09/19 21:30:48 | 000,000,000 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\wklnhst.dat
    [2010/09/11 21:35:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/09/08 21:09:55 | 000,002,007 | ---- | C] () -- C:\Windows\SysWow64\GUCI_AVS.ini
    [2010/06/12 17:56:05 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2010/01/01 16:57:52 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
    [2009/12/19 15:01:46 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
    [2009/09/16 21:15:56 | 000,176,436 | ---- | C] () -- C:\Windows\hpwins19.dat
    [2009/08/18 21:09:21 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2009/08/18 21:09:03 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2009/08/18 21:08:45 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/08/17 15:54:56 | 000,097,604 | ---- | C] () -- C:\Windows\hpqins15.dat
    [2009/06/24 20:32:44 | 000,010,563 | R--- | C] () -- C:\Windows\hpwscr19.dat
    [2008/12/02 23:24:51 | 000,149,504 | ---- | C] () -- C:\Windows\UNWISE.EXE
    [2008/11/23 12:21:12 | 000,000,009 | ---- | C] () -- C:\Windows\winhlp32.ini
    [2008/11/23 12:21:12 | 000,000,009 | ---- | C] () -- C:\Windows\winhelp.ini
    [2008/11/23 12:20:05 | 000,017,552 | ---- | C] () -- C:\Windows\SysWow64\TTYTWIN.DRV
    [2008/11/14 20:18:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2008/11/14 20:18:00 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
    [2008/11/14 20:14:29 | 000,001,460 | ---- | C] () -- C:\Users\Tom\AppData\Local\d3d9caps64.dat
    [2008/11/12 22:52:43 | 000,038,912 | -H-- | C] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/11/11 18:17:40 | 000,000,957 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2008/11/11 18:17:40 | 000,000,611 | ---- | C] () -- C:\Windows\ODBC.INI
    [2008/11/11 18:17:40 | 000,000,022 | ---- | C] () -- C:\Windows\exchng.ini
    [2008/11/08 18:46:58 | 000,099,384 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\inst.exe
    [2008/11/08 18:46:58 | 000,007,859 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\pcouffin.cat
    [2008/11/08 18:46:58 | 000,001,167 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\pcouffin.inf
    [2008/10/29 22:42:59 | 001,953,696 | ---- | C] () -- C:\Windows\SysWow64\igklg400.dll
    [2008/10/29 22:42:59 | 001,533,360 | ---- | C] () -- C:\Windows\SysWow64\igklg450.dll
    [2008/10/29 22:42:59 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
    [2008/10/29 22:40:43 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
    [2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2008/01/14 16:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
    [2008/01/07 09:08:10 | 000,000,997 | R--- | C] () -- C:\Windows\hpwmdl19.dat
    [2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2005/08/26 14:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
    [2005/08/26 14:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
    [2005/08/26 14:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe
    [1997/07/11 00:00:00 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\MSENCODE.DLL
    [1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DOCOBJ.DLL
    [1997/07/11 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\HLINKPRX.DLL

    < End of report >


    OTL Extras Log

    OTL Extras logfile created on: 1/16/2012 7:54:30 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tom\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 30.42% Memory free
    8.21 Gb Paging File | 5.04 Gb Available in Paging File | 61.38% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 586.12 Gb Total Space | 269.27 Gb Free Space | 45.94% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 4.11 Gb Free Space | 41.09% Space Free | Partition Type: NTFS
    Drive F: | 1201.95 Gb Total Space | 280.96 Gb Free Space | 23.38% Space Free | Partition Type: NTFS
    Drive L: | 93.59 Gb Total Space | 89.16 Gb Free Space | 95.26% Space Free | Partition Type: NTFS
    Drive M: | 92.71 Gb Total Space | 42.09 Gb Free Space | 45.40% Space Free | Partition Type: NTFS

    Computer Name: TOM-PC | User Name: Tom | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
    .js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- Reg Error: Key error. File not found
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = 9E 84 6A 10 B6 31 CA 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0166422C-5492-462C-B1B9-B41070A06D78}" = rport=139 | protocol=6 | dir=out | app=system |
    "{037D64D8-5AF5-48C0-BF05-0DBFDBA2D5EB}" = rport=445 | protocol=6 | dir=out | app=system |
    "{0EA28A19-FF94-477C-8DF8-3912B6C9205B}" = lport=54010 | protocol=6 | dir=in | name=samsung allshare slideshow service |
    "{13163E93-3888-4B54-870D-BC7FB1B3575D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{148C4589-7240-4E88-ACB8-604FAE050207}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{20788426-8C97-44E3-B2E3-B636D3872EE7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{264826F2-8917-47EF-A200-C1686A155B16}" = lport=137 | protocol=17 | dir=in | app=system |
    "{2FF3FF6F-70C9-45B7-958F-B2FB9DB12140}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{34DEF58A-6736-4912-A143-906E9662B147}" = lport=445 | protocol=6 | dir=in | app=system |
    "{3D1F7826-1A92-4A8A-AF83-6C3ADC348058}" = lport=23423 | protocol=6 | dir=in | name=serviio |
    "{3EC29373-5549-49D7-B52D-70742514400D}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{42DAD829-F444-4F07-88F6-4FCFDB253889}" = rport=138 | protocol=17 | dir=out | app=system |
    "{452EEDE7-0DBC-41E0-9750-84BDCC0A0049}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5511726A-115B-4BDD-B996-D2051E59B3B2}" = lport=138 | protocol=17 | dir=in | app=system |
    "{72AD7B27-91B5-48C6-94C8-05BD09BFF4A1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{814EA0E6-84B2-40A0-89B6-BC54B973DB0B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{958394F0-57C1-4EAD-8706-D1689EB21055}" = lport=139 | protocol=6 | dir=in | app=system |
    "{AD14B11B-7B06-4814-B604-DF9BD53115B5}" = rport=137 | protocol=17 | dir=out | app=system |
    "{B9ED58BD-8D29-4C3F-BC3E-B281AF9D60AC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{BC541B56-B4A9-45A9-ACE5-1DB76297B605}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{D82DDB0E-A75D-4021-A760-3F4F2AB0D4F0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{E4EAB593-BA37-44BD-8FE7-830BBB7F3620}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{09F772DE-C042-4B69-AD15-A13A3BD859D0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{0E4D0E43-AE39-406F-840E-26C80407D414}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe |
    "{120B0190-170B-49FE-8CD8-F5C29A4A43AA}" = protocol=58 | dir=in | [email protected],-28545 |
    "{1B873D70-444E-4E32-A30C-960BC54AFC24}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe |
    "{1D546126-2611-4886-9C4E-638791E426A4}" = protocol=1 | dir=in | [email protected],-28543 |
    "{231F3E23-D34E-4129-8E48-E76717B3F96E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{33B328C3-EF74-4705-A01F-9A31B8612B73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{376E15DE-83DB-46DE-B7EF-9670D54ECDEA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{3D72B307-3A9F-4461-B071-C24EF3CC14A5}" = protocol=6 | dir=in | app=c:\program files (x86)\verizon\vsp\servicepointservice.exe |
    "{4142C555-B2A8-43F2-A5C5-026AFEBE9516}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{4AD2D7EA-1657-42F8-B347-3809A02651EE}" = protocol=6 | dir=in | app=c:\program files (x86)\serviio\bin\serviioconsole.exe |
    "{53E9FAFB-3A12-4C39-9D03-DCD13DEAFF17}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{5E171290-5C48-4DC4-ACBD-EAD995F87193}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{6C3C55DE-FB52-429C-8B16-F4686C0A7594}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{7C66A749-56E4-48F0-B146-B7F76F541AED}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{80ADD2E3-76C5-4F38-83A1-E46564DA699A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8474A241-82BE-4E21-86DE-727FDEB76328}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{9245BDF3-74B0-4DE9-BCDE-0DF8244001CE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{9338168E-1A01-437A-B9BD-57D140E41569}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{95872B53-FE4F-465A-A4E5-22663A0D8810}" = protocol=17 | dir=in | app=c:\program files (x86)\serviio\bin\serviioservice.exe |
    "{987E0975-55BD-4EB7-9132-852336AFD931}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9A517B10-68CB-4E8D-9A8B-F44DDD2DE5F8}" = protocol=1 | dir=out | [email protected],-28544 |
    "{9D681B7B-9727-4F5E-968C-E33FEC09EDFF}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe |
    "{AB7CD1AE-E1E2-4552-BE8F-30CC36D896C5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B4EEC299-9C5A-412D-845D-BD201D43A12D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B549248E-A3FC-459E-81C0-48A86C0247A8}" = protocol=17 | dir=in | app=c:\program files (x86)\serviio\bin\serviioconsole.exe |
    "{B7F7A643-FCCE-400D-B75D-73E168D51E48}" = protocol=58 | dir=out | [email protected],-28546 |
    "{B85CC61A-22DD-4A93-B976-6F7D0AA125C2}" = protocol=6 | dir=in | app=c:\program files (x86)\serviio\bin\serviioservice.exe |
    "{BC3EB90D-8429-4FBC-82A7-1419BE54F7E9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{BEEB75D6-7568-4A28-86B8-0C2FDDBD4FC1}" = protocol=17 | dir=in | app=c:\program files (x86)\verizon\vsp\servicepointservice.exe |
    "{C8FFBA30-93F4-4A82-917D-F055ADC8EF8E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E572D255-199E-4F8C-A3D9-46B1EAD4DC36}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F2EBFD2F-19CC-40D1-BC53-85F36EB3D357}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{F7C0E92C-4C55-490F-BE8D-917F9AD4764A}" = protocol=6 | dir=out | app=system |
    "{FBC5B069-9CC0-46B6-991A-3B5231DD1152}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{FEB8DF4A-4896-4876-A2AA-AE79852912D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{061224B7-E552-4DA3-A0D1-31014D093A84}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
    "TCP Query User{07FDEF68-FB54-44B0-B160-80F0915BC9E2}C:\program files (x86)\cricutsync\bridge.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cricutsync\bridge.exe |
    "TCP Query User{2EE7955C-015D-4EFC-A3D3-AB5E6D5E8EB3}C:\program files\smartftp client\smartftp.exe" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
    "TCP Query User{4A4F8002-4950-4FFC-8664-B54A17E303C4}C:\users\tom\appdata\local\temp\lmibecd.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\tom\appdata\local\temp\lmibecd.tmp\lmi_rescue.exe |
    "TCP Query User{5F7CDE82-1513-4DC6-9429-9D961AB7D32B}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe |
    "TCP Query User{62739FAD-1600-41E7-84D8-BB0EC18FF995}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "UDP Query User{5E7E08FF-DFF5-43A7-AAB5-69DA2EFEC308}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
    "UDP Query User{660A71CF-C2A4-416C-93C9-E67F61CD9598}C:\program files\smartftp client\smartftp.exe" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
    "UDP Query User{7B10764E-2BE4-4FC7-9890-930A9DA3CF62}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "UDP Query User{8109C2A9-B96A-4471-A27E-ACC975CFB439}C:\users\tom\appdata\local\temp\lmibecd.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\tom\appdata\local\temp\lmibecd.tmp\lmi_rescue.exe |
    "UDP Query User{83A567E2-9C01-409D-9CA4-17765DEB7790}C:\program files (x86)\cricutsync\bridge.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cricutsync\bridge.exe |
    "UDP Query User{A68E0084-825A-441B-A008-B420011437DF}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0335701D-8E28-4A7F-B0EF-312974755BB2}" = Modem Diagnostic Tool
    "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
    "{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{7A3A509B-15AF-3139-8AA1-6785DDEE86A4}" = ATI Catalyst Install Manager
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{9DADBA45-2B06-4F7F-970B-E854ABC8917A}" = WBFS Manager 2.5
    "{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{E533CFC9-6596-4C4B-8DC7-682247FB2D23}" = SmartFTP Client
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FFC13A52-59CE-3F31-553F-8E90F5A7B2CF}" = ccc-utility64
    "CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem
    "HP Imaging Device Functions" = HP Imaging Device Functions 10.0
    "HP Photosmart Essential" = HP Photosmart Essential 2.5
    "HP Smart Web Printing" = HP Smart Web Printing
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Serviio" = Serviio
    "Shop for HP Supplies" = Shop for HP Supplies

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
    "{0A5E512C-342F-D6C5-5B9E-72F8B2FA5FC3}" = CCC Help English
    "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
    "{12FEC00C-027C-4A34-9AAB-562EDA43DC18}_is1" = MiniTool Partition Wizard Home Edition 5.2
    "{13FF1B89-3958-72BE-3A16-211B20A3C1D8}" = Catalyst Control Center Graphics Full New
    "{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
    "{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
    "{1ACA994D-3EF6-45E8-9206-19B599BEE31B}" = HP RC Mirror Driver
    "{1B307EAA-CCE0-793A-ECBF-77D8C65FCB68}" = Catalyst Control Center Core Implementation
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 30
    "{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
    "{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
    "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
    "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
    "{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
    "{3B225762-30C0-41BC-DCCC-30BB40E35052}" = Catalyst Control Center InstallProxy
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
    "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
    "{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
    "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
    "{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
    "{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
    "{6B502012-F65E-C204-330E-65AC9167C230}" = Catalyst Control Center Graphics Light
    "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
    "{6CDFADF4-6909-A405-D5DF-62789DD1C167}" = CricutSync
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
    "{83FBD495-DDF6-4C8D-92D6-10261DD6F6A3}" = WordPerfect Office X3
    "{86025CA2-ED1A-ED58-EAA0-050BDF4DABA2}" = Skins
    "{8697C02D-FECC-60EB-14DA-C90E2CD4FEBA}" = Catalyst Control Center Graphics Full Existing
    "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
    "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
    "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
    "{ADDF1EBE-EAF6-C184-6F7B-30FED598B52B}" = ccc-core-static
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
    "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
    "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
    "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
    "{C54BD796-7ECA-3C04-39B8-BF70647686F7}" = Catalyst Control Center HydraVision Full
    "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
    "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
    "{D58C0E35-46F6-D29E-E401-C921F0804795}" = Catalyst Control Center Graphics Previews Vista
    "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
    "{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
    "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
    "{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
    "{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "Blow Up 2" = Alien Skin Blow Up 2
    "Bokeh" = Alien Skin Bokeh
    "Creative Jukebox Driver" = Creative Jukebox Driver
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVD Shrink_is1" = DVD Shrink 3.2
    "DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.1.0
    "DVDFab 7_is1" = DVDFab 7.0.3.0 (26/03/2010)
    "ESET Online Scanner" = ESET Online Scanner v3
    "Exposure 2" = Alien Skin Exposure 2
    "EyeCandy5Impact" = Alien Skin Eye Candy 5 Impact
    "EyeCandy5Nature" = Alien Skin Eye Candy 5 Nature
    "EyeCandy5Textures" = Alien Skin Eye Candy 5 Textures
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.8.815
    "Google Chrome" = Google Chrome
    "GoToAssist" = GoToAssist 8.0.0.514
    "Handbrake" = Handbrake 0.9.4
    "Image Doctor 2" = Alien Skin Image Doctor 2
    "ImgBurn" = ImgBurn
    "InstallShield_{231A1A09-FDF2-45F2-B3D1-964CECE372BC}" = Seagate Manager Installer
    "InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
    "InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
    "InstallWIX_{6580C5A3-2336-4EC5-85F1-3448C5F6208A}" = Kaspersky Anti-Virus 2009
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
    "Mystical" = Uninstall Mystical
    "Nero - Burning Rom!UninstallKey" = Nero 6 Demo
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "RadialpointClientGateway_is1" = Verizon Servicepoint 3.7.44
    "SmartFTP Client 3.0 (x64) Setup Files" = SmartFTP Client Setup Files 3.0 (x64) (remove only)
    "Snap Art" = Alien Skin Snap Art
    "Verizon High Speed Internet_is1" = Verizon High Speed Internet
    "WBFS Manager 3.0" = WBFS Manager 3.0
    "Winamp" = Winamp
    "Yahoo! Applications" = Verizon Yahoo! Applications
    "YosemiteSync" = CricutSync

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/8/2012 3:38:17 PM | Computer Name = Tom-PC | Source = Application Error | ID = 1000
    Description = Faulting application ffmpeg.exe, version 0.0.0.0, time stamp 0x4e1f6fc9,
    faulting module ffmpeg.exe, version 0.0.0.0, time stamp 0x4e1f6fc9, exception code
    0xc0000005, fault offset 0x00009f3b, process id 0x113c, application start time 0x01ccce3d10a42d15.

    Error - 1/8/2012 3:38:42 PM | Computer Name = Tom-PC | Source = Application Error | ID = 1000
    Description = Faulting application ffmpeg.exe, version 0.0.0.0, time stamp 0x4e1f6fc9,
    faulting module ffmpeg.exe, version 0.0.0.0, time stamp 0x4e1f6fc9, exception code
    0xc0000005, fault offset 0x00009f3b, process id 0xcbc, application start time 0x01ccce3d20656115.

    Error - 1/8/2012 3:39:15 PM | Computer Name = Tom-PC | Source = Application Error | ID = 1000
    Description = Faulting application ffmpeg.exe, version 0.0.0.0, time stamp 0x4e1f6fc9,
    faulting module ffmpeg.exe, version 0.0.0.0, time stamp 0x4e1f6fc9, exception code
    0xc0000005, fault offset 0x00009f3b, process id 0x1730, application start time 0x01ccce3d32518b65.

    Error - 1/8/2012 3:39:32 PM | Computer Name = Tom-PC | Source = Application Error | ID = 1000
    Description = Faulting application ffmpeg.exe, version 0.0.0.0, time stamp 0x4e1f6fc9,
    faulting module ffmpeg.exe, version 0.0.0.0, time stamp 0x4e1f6fc9, exception code
    0xc0000005, fault offset 0x00009f3b, process id 0x1124, application start time 0x01ccce3d3c744d35.

    Error - 1/8/2012 3:39:55 PM | Computer Name = Tom-PC | Source = Application Error | ID = 1000
    Description = Faulting application ffmpeg.exe, version 0.0.0.0, time stamp 0x4e1f6fc9,
    faulting module ffmpeg.exe, version 0.0.0.0, time stamp 0x4e1f6fc9, exception code
    0xc0000005, fault offset 0x00009f3b, process id 0x17cc, application start time 0x01ccce3d4a40dd25.

    Error - 1/8/2012 3:41:59 PM | Computer Name = Tom-PC | Source = Application Error | ID = 1000
    Description = Faulting application ffmpeg.exe, version 0.0.0.0, time stamp 0x4e1f6fc9,
    faulting module ffmpeg.exe, version 0.0.0.0, time stamp 0x4e1f6fc9, exception code
    0xc0000005, fault offset 0x00009f3b, process id 0x898, application start time 0x01ccce3d947af065.

    Error - 1/8/2012 3:42:22 PM | Computer Name = Tom-PC | Source = Application Error | ID = 1000
    Description = Faulting application ffmpeg.exe, version 0.0.0.0, time stamp 0x4e1f6fc9,
    faulting module ffmpeg.exe, version 0.0.0.0, time stamp 0x4e1f6fc9, exception code
    0xc0000005, fault offset 0x0000aa59, process id 0x12e4, application start time 0x01ccce3da353e745.

    Error - 1/8/2012 3:44:29 PM | Computer Name = Tom-PC | Source = Application Error | ID = 1000
    Description = Faulting application ffmpeg.exe, version 0.0.0.0, time stamp 0x4e1f6fc9,
    faulting module ffmpeg.exe, version 0.0.0.0, time stamp 0x4e1f6fc9, exception code
    0xc0000005, fault offset 0x00009f3b, process id 0x14bc, application start time 0x01ccce3deb75c8e5.

    Error - 1/8/2012 3:45:43 PM | Computer Name = Tom-PC | Source = Application Error | ID = 1000
    Description = Faulting application ffmpeg.exe, version 0.0.0.0, time stamp 0x4e1f6fc9,
    faulting module ffmpeg.exe, version 0.0.0.0, time stamp 0x4e1f6fc9, exception code
    0xc0000005, fault offset 0x00009f3b, process id 0xeac, application start time 0x01ccce3e17e22905.

    Error - 1/8/2012 11:27:08 PM | Computer Name = Tom-PC | Source = EventSystem | ID = 4621
    Description =

    [ System Events ]
    Error - 1/15/2012 7:56:50 PM | Computer Name = Tom-PC | Source = cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 1/15/2012 7:56:51 PM | Computer Name = Tom-PC | Source = cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 1/15/2012 7:56:51 PM | Computer Name = Tom-PC | Source = cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 1/15/2012 7:56:52 PM | Computer Name = Tom-PC | Source = cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 1/15/2012 7:56:53 PM | Computer Name = Tom-PC | Source = cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 1/15/2012 7:56:53 PM | Computer Name = Tom-PC | Source = cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 1/15/2012 7:56:54 PM | Computer Name = Tom-PC | Source = cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 1/15/2012 7:56:55 PM | Computer Name = Tom-PC | Source = cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 1/15/2012 7:56:55 PM | Computer Name = Tom-PC | Source = cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 1/15/2012 7:56:56 PM | Computer Name = Tom-PC | Source = cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.


    < End of report >
     
  8. Deejay100six

    Deejay100six

    Joined:
    Sep 27, 2011
    Messages:
    501
    Hi Tom,

    Combofix

    Please scan with ComboFix.exe. Visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please read all the information carefully!

    You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

    Please include the log C:\ComboFix.txt in your next reply for further review.

    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
     
  9. fulci

    fulci Thread Starter

    Joined:
    Jul 20, 2004
    Messages:
    50
    Combofix Log

    ComboFix 12-01-18.04 - Tom 01/18/2012 21:10:03.1.4 - x64
    Microsoft® Windows Vista&#8482; Home Premium 6.0.6002.2.1252.1.1033.18.4093.1937 [GMT -5:00]
    Running from: c:\users\Tom\Downloads\ComboFix.exe
    AV: Kaspersky Anti-Virus *Disabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
    SP: Kaspersky Anti-Virus *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Tom\AppData\Roaming\inst.exe
    c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\png9zjdh.default\searchplugins\bing-zugo.xml
    c:\users\Tom\Desktop\Search.lnk
    c:\users\Tom\GoToAssistDownloadHelper.exe
    c:\windows\jestertb.dll
    c:\windows\system32\java.exe
    c:\windows\winhelp.ini
    F:\Autorun.inf
    F:\setup.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-19 to 2012-01-19 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-19 02:28 . 2012-01-19 02:28 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-19 01:40 . 2012-01-19 01:42 -------- d-----w- C:\temp backup
    2012-01-18 00:38 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2196E68B-836E-4092-A9F6-2206EBF20156}\mpengine.dll
    2012-01-16 03:54 . 2012-01-16 03:54 -------- d-----w- c:\program files (x86)\ESET
    2012-01-15 23:22 . 2012-01-15 23:22 -------- d-----w- c:\users\Tom\AppData\Roaming\Malwarebytes
    2012-01-15 23:22 . 2012-01-15 23:22 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-15 23:22 . 2012-01-15 23:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-01-15 23:22 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-08 18:36 . 2012-01-08 18:37 -------- d-----w- c:\program files (x86)\Serviio
    2011-12-29 02:58 . 2011-12-29 02:58 521448 ----a-w- c:\windows\system32\deployJava1.dll
    2011-12-29 02:58 . 2011-12-29 02:58 -------- d-----w- c:\program files\Java
    2011-12-28 18:48 . 2011-12-28 18:48 -------- d-----w- C:\Download
    2011-12-28 18:47 . 2012-01-08 18:24 -------- d-----w- c:\users\Tom\AppData\Roaming\Samsung
    2011-12-28 18:47 . 2011-12-28 18:47 -------- d-----w- C:\AllSharePhotoSlide
    2011-12-28 18:46 . 2011-12-28 18:46 -------- d-----w- c:\program files (x86)\Samsung
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-23 13:57 . 2011-12-16 02:10 2764800 ----a-w- c:\windows\system32\win32k.sys
    2011-11-15 19:29 . 2009-10-03 17:10 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-10 10:54 . 2010-06-07 22:07 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-11-08 14:58 . 2011-12-16 02:10 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-08 14:42 . 2011-12-16 02:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2011-11-04 01:53 . 2011-12-16 03:33 2309120 ----a-w- c:\windows\system32\jscript9.dll
    2011-11-04 01:44 . 2011-12-16 03:33 1390080 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 01:44 . 2011-12-16 03:33 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 01:34 . 2011-12-16 03:33 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-11-03 22:47 . 2011-12-16 03:33 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
    2011-11-03 22:40 . 2011-12-16 03:33 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-11-03 22:39 . 2011-12-16 03:33 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-11-03 22:31 . 2011-12-16 03:33 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-10-25 16:09 . 2011-12-16 02:10 85504 ----a-w- c:\windows\system32\csrsrv.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "NBJ"="c:\program files (x86)\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 1937408]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-07-29 17361032]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2008-08-03 36352]
    "QuickFinder Scheduler"="c:\program files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2006-07-05 77892]
    "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-07-21 208616]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
    "MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
    "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-02-22 72192]
    "VerizonServicepoint.exe"="c:\program files (x86)\Verizon\VSP\VerizonServicepoint.exe" [2011-01-10 4318520]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
    .
    c:\users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    PMB Media Check Tool.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-6-22 317728]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2008-10-29 50688]
    HotSync Manager.lnk - c:\program files (x86)\Palm\Hotsync.exe [2008-1-3 1392640]
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
    Serviio.lnk - c:\program files (x86)\Serviio\bin\ServiioConsole.exe [2011-9-25 155136]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-11 01:16]
    .
    2012-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-11 01:16]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RAVCpl64.exe" [2008-01-15 5641728]
    "Skytel"="Skytel.exe" [2007-11-21 1826816]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-05 137240]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-05 202264]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-05 165400]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - c:\users\Tom\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Open with WordPerfect - c:\program files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta
    IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.2.1 192.168.1.1
    DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\png9zjdh.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z133&install_date=20110902
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z133&form=ZGAADF&install_date=20110902&q=
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
    Wow6432Node-HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe
    Wow6432Node-HKLM-Run-AllShareAgent - c:\program files (x86)\Samsung\AllShare\AllShareAgent.exe
    HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2012-01-18 21:34:04
    ComboFix-quarantined-files.txt 2012-01-19 02:34
    .
    Pre-Run: 304,974,737,408 bytes free
    Post-Run: 314,011,209,728 bytes free
    .
    - - End Of File - - 53F86EBED4187832282B9EF88A1206C1
     
  10. Deejay100six

    Deejay100six

    Joined:
    Sep 27, 2011
    Messages:
    501
    Hi Tom,

    Looking good. :)

    One more scan just to make sure everything is gone.

    Perform an online scan with Panda ActiveScan

    • Click on Scan Your PC Now
    • A "pop up" window will appear, or a new tab will open.
    • Click on Register
    • Choose the option you like most, but we recommend the Free Registration.
    • Click on Register[​IMG]
    • Enter your e-mail address, and create a password.
    • Select "I do not want to receive any type of information". (unless you want to receive such information)
    • Click on Send
    • Confirm registration, and continue by entering your user name and password, then click on Enter
    • Select Full Scan, then Click on Scan Now
    • Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
    • If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
    • Please ignore the offer to buy the program. Click on Export To
      [​IMG]
    • Export the log and save it to your desktop.
    • Please copy/paste the contents of that log to your reply.

    * Turn off the real time scanner of any existing antivirus program while performing the online scan.

    Avast users note:

    Please do continue with the online scan at Panda if you receive an alert. It is a false positive from Avast because Panda Antivirus does not encrypt its virus database.


    ----------------------------------------------------------------------------------------------------------

    Download Security Check by screen317 from here or here.


    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    ----------------------------------------------------------------------------------------------------------

    In your next reply please;


    • Panda ActiveScan log
    • Checkup.txt
    • How is your computer running now?
     
  11. Deejay100six

    Deejay100six

    Joined:
    Sep 27, 2011
    Messages:
    501
    Hi, do you still require assistance?

    If you do not reply within 24 hours I will have to unsubscribe from this thread and wont be notified about any new replies.
     
  12. fulci

    fulci Thread Starter

    Joined:
    Jul 20, 2004
    Messages:
    50
    The computer seems to be running ok. Here are the logs you asked for. Thanks for the help.

    Panda Log

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2012-01-22 13:00:42
    PROTECTIONS: 1
    MALWARE: 39
    SUSPECTS: 1
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    Kaspersky Anti-Virus No Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\[email protected][1].txt
    00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\0czvrs5s.txt
    00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\z6ihobe9.txt
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\[email protected][2].txt
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\a35x5vj8.txt
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\rn1rhk9s.txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\gbxm6mm0.txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\pdu4789b.txt
    00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\[email protected][1].txt
    00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\fh5k0awf.txt
    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\5slyh8y3.txt
    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\[email protected][2].txt
    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\u8837cy5.txt
    00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\6g629rb1.txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\blfltxzt.txt
    00167647 Cookie/Yadro TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\[email protected][2].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\[email protected][1].txt
    00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\zvqyot86.txt
    00167760 Cookie/Hitslink TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\[email protected][1].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\bvg99fht.txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\[email protected][2].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\xjvasvi3.txt
    00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\[email protected][1].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\tx538e0w.txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\2vmaf1zu.txt
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\2iy6h1vz.txt
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\1nfwfbed.txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\[email protected][2].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\g0t5itg6.txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\dej779xe.txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\n2hw8915.txt
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\[email protected][2].txt
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\b6facz4n.txt
    00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\[email protected][2].txt
    00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\yenipcbl.txt
    00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\ik33na31.txt
    00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\nd3lh2vv.txt
    00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\[email protected][1].txt
    00187950 Cookie/bravenetA TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\[email protected][2].txt
    00194327 Cookie/Go TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\9tzzs8md.txt
    00207338 Cookie/Target TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\0807it2q.txt
    00207936 Cookie/Adviva TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\[email protected][2].txt
    00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\wcen35wa.txt
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\[email protected][2].txt
    00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\[email protected][1].txt
    00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\[email protected][2].txt
    00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\[email protected][2].txt
    00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\users\tom\appdata\roaming\microsoft\windows\cookies\low\[email protected][1].txt
    09686876 Exploit/CVE-2011-3544 Virus/Trojan No 0 Yes No c:\users\tom\appdata\locallow\sun\java\deployment\cache\6.0\33\53784821-4e3ca172
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location
    ;===================================================================================================================================================================================
    No c:\program files (x86)\adobe\adobe photoshop cs2\plug-ins\alien skin\blow up 2\blow.up.2.0.2-patch.exe
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================


    Checkup

    Results of screen317's Security Check version 0.99.30
    Windows Vista x64 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    ESET Online Scanner v3
    Kaspersky Anti-Virus 2009
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 30
    Java(TM) 6 Update 5
    Java version out of date!
    Adobe Flash Player 10.3.183.10 Flash Player out of Date!
    Adobe Reader 9 Adobe Reader out of date!
    Mozilla Firefox 8.0.1 Firefox out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    Kaspersky Lab Kaspersky Anti-Virus 2009 avp.exe
    ``````````End of Log````````````
     
  13. Deejay100six

    Deejay100six

    Joined:
    Sep 27, 2011
    Messages:
    501
    Hi Tom,

    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

    Updating Java:


    • Visit this site Java
    • Click the 'Free Java Download' button.
    • The site will advise if you need an updated version
    • Follow the instructions.


    After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)

    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.


    ------------------------------------------------------------------------------------------------

    Your Adobe Flash Player is out of date. Older versions have vulnerabilities that malware can use to infect your system.

    There is a newer version of Adobe Flash Player available.


    • Please go to this link Adobe Flash Player Download Link
    • Untick Free McAfee® Security Scan Plus if you do not wish to include this in the installation.
    • Click Download
    • Click the Continue button
    • Click Run.
    • Next click the Install Now button and follow the on screen prompts



    When the installation is complete go to Control panel >> Programs and features and uninstall all previous versions.

    ------------------------------------------------------------------------------------------------

    Your Adobe Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

    Adobe Reader is a large program and if you prefer a smaller program you can get Foxit 2.0 here.

    There is a newer version of Adobe Reader available.

    • Please go to this link Adobe Reader Download Link
    • Untick any program(s) you do not wish to include in the installation.
    • Click Download Now
    • Follow all on screen prompts


    When the installation is complete go to Add/Remove Programs and uninstall all previous versions.

    ------------------------------------------------------------------------------------------------

    You are running an out of date version of Firefox. Older versions have vulnerabilities that malware can use to infect your system.
    Please visit this page to download and install the latest version.

    ------------------------------------------------------------------------------------------------

    Please go to: VirusTotal


    • In the middle of the page you'll find a "Browse" button.

      [​IMG]

      Click the "Browse" button and browse to this file in RED:

      c:\program files (x86)\adobe\adobe photoshop cs2\plug-ins\alien skin\blow up 2\blow.up.2.0.2-patch.exe
    • Click "Open".
    • Then click the "Send File" button at the bottom of the VirusTotal page.
    • This will scan the file. Please be patient.
    • Once scanned, copy and paste the results in your next reply.


    If the site is busy, do the same at Jotti File Scan
     
  14. fulci

    fulci Thread Starter

    Joined:
    Jul 20, 2004
    Messages:
    50
    Hi Dave, I updated Java, Reader and Firefox. I didn't update Flash though because it said it didn't support Vista 64 bit. Should I have loaded it anyway? Also, I have one other question, I have been getting this error saying "Catalyst Control Centre has stopped working...". I know this has something to do with my video card software but I didn't know if it was virus related. Here is the result of the virus total scan:


    Antivirus

    Result

    Update




    AhnLab-V3

    -

    20120122



    AntiVir

    Adware/Lop.A.514

    20120123



    Antiy-AVL

    -

    20120123



    Avast

    -

    20120123



    AVG

    Generic19.BKHB

    20120123



    BitDefender

    Trojan.Generic.4975636

    20120124



    ByteHero

    -

    20120123



    CAT-QuickHeal

    HackTool.Patcher.A

    20120123



    ClamAV

    Trojan.QPatch

    20120124



    Commtouch

    W32/Trojan2.NBAX

    20120124



    Comodo

    -

    20120123



    DrWeb

    -

    20120124



    Emsisoft

    Trojan.SuspectCRC!IK

    20120123



    eSafe

    -

    20120123



    eTrust-Vet

    Win32/Fosniw.ZAAB

    20120123



    F-Prot

    W32/Trojan2.NBAX

    20120123



    F-Secure

    Trojan.Generic.4975636

    20120124



    Fortinet

    -

    20120124



    GData

    Trojan.Generic.4975636

    20120124



    Ikarus

    Trojan.SuspectCRC

    20120124



    Jiangmin

    -

    20120123



    K7AntiVirus

    Trojan

    20120123



    Kaspersky

    -

    20120124



    McAfee

    Generic PUP.z!ek

    20120124



    McAfee-GW-Edition

    Heuristic.BehavesLike.Win32.Backdoor.H

    20120124



    Microsoft

    -

    20120123



    NOD32

    a variant of Win32/HackTool.Patcher.T

    20120124



    Norman

    W32/Suspicious_Gen2.IVSMC

    20120123



    nProtect

    -

    20120123



    Panda

    Suspicious file

    20120123



    PCTools

    Adware.Lop!rem

    20120124



    Prevx

    -

    20120124



    Rising

    -

    20120118



    Sophos

    Troj/QPatch-A

    20120124



    SUPERAntiSpyware

    -

    20120124



    Symantec

    Adware.Lop

    20120124



    TheHacker

    -

    20120123



    TrendMicro

    TROJ_SPNR.08FD11

    20120123



    TrendMicro-HouseCall

    TROJ_SPNR.08FD11

    20120124



    VBA32

    -

    20120123



    VIPRE

    Trojan.Win32.Generic!BT

    20120124



    ViRobot

    -

    20120123



    VirusBuster

    HackTool.Patcher!a0eccKwfeAs

    20120123

    Thanks,
    Tom
     
  15. Deejay100six

    Deejay100six

    Joined:
    Sep 27, 2011
    Messages:
    501
    Hi Tom,

    No, thats fine.

    No, its not virus related and yes, you need to reinstall your video card drivers or failing that, reinstall your graphics card. If that doesn't work then you should start a new thread in Windows Vista Forum

    Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the box below into it:

    Code:
    folder::
    c:\program files (x86)\adobe\adobe photoshop cs2\plug-ins\alien skin\blow up 2
    Save this as CFScript.txt, in the same location as ComboFix.exe


    [​IMG]


    Refering to the picture above, drag CFScript into ComboFix.exe

    If you receive a prompt saying there is an updated version of ComboFix available, please allow it to update.

    Do not mouseclick combofix's window whilst it's running. This may cause it to stall.

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1032192

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice