1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Vista | AV Protection 2011 Infection

Discussion in 'Virus & Other Malware Removal' started by brothasoul, Nov 18, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. brothasoul

    brothasoul Thread Starter

    Joined:
    Aug 12, 2003
    Messages:
    51
    Last night my computer was infected with the AV Protection 2011.

    I was able to run DDS & get both logs to pop up, however when I tried to save dds.txt, AV Protection intervened & closed it. I was able to save attatch.txt - the log is below.

    AV Protection similarly closed GMER before I was able to run a scan.

    I rebooted the computer in safe mode & was able to run HijackThis (log is also below)

    Assistance to help remedy this would be greatly appreciated.

    [hijackthis]


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:29:11 PM, on 11/18/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Safe mode

    Running processes:
    C:\Windows\Explorer.EXE
    C:\Windows\helppane.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Users\Prince\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ed.msnbc.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: Isohunt-vuze Toolbar - {6c3a1de1-94ca-4ad6-acdf-c1324adc487b} - C:\Program Files\Isohunt-vuze\tbIsoh.dll
    O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: Isohunt-vuze Toolbar - {6c3a1de1-94ca-4ad6-acdf-c1324adc487b} - C:\Program Files\Isohunt-vuze\tbIsoh.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
    O4 - HKLM\..\Run: [SmartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
    O4 - HKLM\..\Run: [VAIOMyMemCenter] "C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" 1
    O4 - HKLM\..\Run: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
    O4 - HKLM\..\Run: [VAIOSurvey] "C:\Program Files\Sony\VAIO Survey\VAIO Sat Survey.exe"
    O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"
    O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    O4 - HKLM\..\Run: [jppmmG55aQJdW8f8234A] C:\Windows\system32\AV Protection 2011v121.exe
    O4 - HKLM\..\Run: [npppnGG5aQHdW7f] C:\Users\Prince\AppData\Roaming\dwme.exe
    O4 - HKLM\..\Run: [DBA.exe] C:\Program Files\LP\CEFB\DBA.exe
    O4 - HKLM\..\Run: [15D.exe] C:\Program Files\LP\3AEB\15D.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
    O4 - HKCU\..\Run: [googletalk] C:\Users\Prince\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [TranscodingService] "C:\Program Files\TiVo\Desktop\TranscodingService.exe" /auto
    O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
    O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry
    O4 - HKCU\..\Run: [cdloader] "C:\Users\Prince\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Prince\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: AOLDDI.LNK = C:\DDI\AOLICON.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://ptproxy04na.societylink.org/iNotes6W.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
    O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: dlbk_device - - C:\Windows\system32\dlbkcoms.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
    O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
    O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
    O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
    O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
    O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 14139 bytes


    [attach.txt]

    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/21/2008 12:07:59 PM
    System Uptime: 11/18/2011 3:39:11 PM (0 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Intel® Core™2 Duo CPU T5800 @ 2.00GHz | N/A | 1200/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 224 GiB total, 29.744 GiB free.
    D: is Removable
    E: is Removable
    F: is CDROM ()
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    .
    µTorrent
    7-Zip 9.20
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.0.1)
    Adobe Shockwave Player 11.5
    AIM 6
    Amazon Kindle For PC v1.1
    Amazon MP3 Downloader 1.0.9
    Any Video Converter 3.3.0
    AOL Toolbar 5.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Magic-i Visual Effects
    ArcSoft WebCam Companion 2
    Ask Toolbar
    AVG 2011
    AviSynth 2.5
    BlackBerry Desktop Software 6.1
    BlackBerry Device Software v6.0.0 for the BlackBerry 9300 smartphone
    Bonjour
    CCleaner
    CDDRV_Installer
    Click to Disc
    Click to Disc Editor
    Compatibility Pack for the 2007 Office system
    Convert AVI to MP4 1.3
    Coupon Printer for Windows
    Dealio Toolbar v4.0.1
    erLT
    Feedback Tool
    FlashGet 1.9.6.1073
    Google Chrome
    Google Talk (remove only)
    GoToMeeting 4.8.0.723
    HDAUDIO SoftV92 Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel PROSet Wireless
    Intel® Graphics Media Accelerator Driver
    Intel® PROSet/Wireless WiFi Software
    IrfanView (remove only)
    Isohunt-vuze Toolbar
    iTunes
    iWisoft Free Video Converter 1.2
    Java Auto Updater
    Java™ 6 Update 24
    KhalInstallWrapper
    Last.fm 1.5.4.27091
    Linksys EasyLink Advisor
    LiveUpdate (Symantec Corporation)
    Logitech SetPoint
    magicJack
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Media Player Classic
    MediaCoder 0.7.3.4616
    MediaCoder 3GP Edition 0.6.0
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Move Media Player
    Mozilla Firefox 7.0.1 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Music Transfer
    Napster
    Napster Burn Engine
    Octoshape add-in for Adobe Flash Player
    OGA Notifier 2.0.0048.0
    OpenMG Secure Module 5.1.00
    Primo
    Pure Networks Platform
    QuickBooks Simple Start 2008
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    Rhapsody
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio Easy Media Creator 10 LJ
    Roxio Easy Media Creator Home
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Setting Utility Series
    Skype web features
    Skype™ 4.1
    SmartWi Connection Utility
    Sony Picture Utility
    Sony Video Shared Library
    Spelling Dictionaries Support For Adobe Reader 9
    Spybot - Search & Destroy
    SupportSoft Assisted Service
    Synaptics Pointing Device Driver
    System Requirements Lab
    The Weather Channel Desktop 6
    TiVo Desktop 2.7
    TomTom HOME 2.7.5.2014
    TomTom HOME Visual Studio Merge Modules
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office OneNote 2007 (KB980729)
    VAIO Care
    VAIO Content Folder Setting
    VAIO Content Metadata Intelligent Analyzing Manager
    VAIO Content Metadata Manager Setting
    VAIO Content Metadata XML Interface Library
    VAIO Control Center
    VAIO Data Restore Tool
    VAIO DVD Menu Data Basic
    VAIO Entertainment Platform
    VAIO Event Service
    VAIO Help and Support
    VAIO Launcher
    VAIO Media plus
    VAIO Movie Story
    VAIO Movie Story Template Data
    VAIO MusicBox
    VAIO MusicBox Sample Music
    VAIO My Memory Center
    VAIO OOBE and Welcome Center
    VAIO Original Function Setting
    VAIO Power Management
    VAIO Presentation Support
    VAIO Smart Network
    VAIO Startup Assistant
    VAIO Survey
    VAIO Update 4
    VAIO Wallpaper Contents
    VAIO Wireless Wizard
    Vista Codec Package
    VLC media player 1.1.4
    WebEx Support Manager for Internet Explorer
    Windows Installer Clean Up
    Windows Media Player Firefox Plugin
    WinDVD for VAIO
    WinRAR archiver
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/18/2011 3:40:31 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    11/18/2011 3:26:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 DMICall spldr Wanarpv6
    11/18/2011 3:26:40 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    11/18/2011 3:25:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    11/18/2011 3:25:52 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
    11/18/2011 3:25:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    11/18/2011 3:25:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    11/18/2011 3:25:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/18/2011 3:25:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    11/18/2011 11:47:27 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 DfsC DMICall NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
    11/18/2011 11:47:27 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/18/2011 11:47:27 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    11/18/2011 11:47:27 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    11/18/2011 11:47:27 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/18/2011 11:47:27 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    11/18/2011 11:47:27 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/18/2011 11:47:27 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/18/2011 11:47:27 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    11/18/2011 11:47:27 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/18/2011 11:47:27 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    11/18/2011 11:47:27 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/18/2011 11:47:27 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/18/2011 11:47:27 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/18/2011 11:46:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    11/18/2011 11:46:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    11/18/2011 11:46:13 AM, Error: EventLog [6008] - The previous system shutdown at 6:43:49 AM on 11/18/2011 was unexpected.
    11/18/2011 1:47:36 AM, Error: EventLog [6008] - The previous system shutdown at 1:45:10 AM on 11/18/2011 was unexpected.
    11/18/2011 1:27:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
    11/18/2011 1:27:18 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/18/2011 1:27:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    11/18/2011 1:24:09 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
    11/18/2011 1:24:09 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
    11/18/2011 1:23:58 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 00215D22C3AE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    11/17/2011 5:53:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Automatic LiveUpdate Scheduler service to connect.
    11/17/2011 5:52:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
    11/17/2011 5:52:13 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/17/2011 5:52:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
    11/17/2011 11:16:19 AM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00215D22C3AE. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    11/16/2011 8:15:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
    11/16/2011 8:15:48 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/16/2011 10:32:53 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{A2E7F870-1ABE-4A21-B434-7F7028A3F5B9} because another computer on the network has the same name. The server could not start.
    11/12/2011 8:20:44 PM, Error: EventLog [6008] - The previous system shutdown at 7:34:37 PM on 11/12/2011 was unexpected.
    11/12/2011 10:39:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
    11/12/2011 10:39:37 AM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  2. oldman960

    oldman960

    Joined:
    Apr 7, 2010
    Messages:
    166
    Hi brothasoul, welcome to the forum.


    To make cleaning this machine easier
    • Please do not uninstall/install any programs unless asked to
      It is more difficult when files/programs are appearing in/disappearing from the logs.
    • Please do not run any scans other than those requested
    • Please follow all instructions in the order posted
    • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
    • Do not attach any logs/reports, etc.. unless specifically requested to do so.
    • If you have problems with or do not understand the instructions, Please ask before continuing.
    • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

    Open hijackthis, do a system scan only and checkmark these lines, if present


    O4 - HKLM\..\Run: [jppmmG55aQJdW8f8234A] C:\Windows\system32\AV Protection 2011v121.exe


    Close ALL other windows/browsers and click Fix Checked. Answer Yes if prompted. Close HJT.

    Reboot your computer and try to run DDS again.


    Download aswMBR.exe to your desktop.

    Right click aswMBR.exe and click "Run as Administrator"to run it

    Click the "Scan" button to start scan
    [​IMG]

    On completion of the scan click save log, save it to your desktop and post in your next reply
    [​IMG]

    There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.



    Please post back with
    • DDS.txt
    • aswMBR log
    • mbr.zip (attached)
    Thanks
     
  3. brothasoul

    brothasoul Thread Starter

    Joined:
    Aug 12, 2003
    Messages:
    51
    The only part of your request that was not successful was the placement of a MBR.dat file on the desktop. What follows are the requested logs. Thank you for your help.

    [DDS]

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
    Run by Prince at 19:23:17 on 2011-11-18
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2938.1511 [GMT -6:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\RtkAudioService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\dlbkcoms.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    C:\Program Files\Sony\Network Utility\NSUService.exe
    C:\Windows\system32\java.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Sony\VAIO Care\VCsystray.exe
    C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
    C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files\LP\3AEB\15D.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\TiVo\Desktop\TranscodingService.exe
    C:\Program Files\TiVo\Desktop\TiVoNotify.exe
    C:\Program Files\TiVo\Desktop\TiVoServer.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Windows\system32\msiexec.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\80FCC\lvvm.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
    C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
    C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    uSearch Bar = Preserve
    mDefault_Page_URL = hxxp://www.sony.com/vaiopeople_f08
    mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    mURLSearchHooks: Isohunt-vuze Toolbar: {6c3a1de1-94ca-4ad6-acdf-c1324adc487b} - c:\program files\isohunt-vuze\tbIsoh.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
    BHO: Isohunt-vuze Toolbar: {6c3a1de1-94ca-4ad6-acdf-c1324adc487b} - c:\program files\isohunt-vuze\tbIsoh.dll
    BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
    TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    TB: Isohunt-vuze Toolbar: {6c3a1de1-94ca-4ad6-acdf-c1324adc487b} - c:\program files\isohunt-vuze\tbIsoh.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Aim6]
    uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
    uRun: [googletalk] c:\users\prince\appdata\roaming\google\google talk\googletalk.exe /autostart
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [TranscodingService] "c:\program files\tivo\desktop\TranscodingService.exe" /auto
    uRun: [TivoNotify] "c:\program files\tivo\desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
    uRun: [TivoServer] "c:\program files\tivo\desktop\TiVoServer.exe" /service /registry
    uRun: [cdloader] "c:\users\prince\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" -s
    uRun: [Google Update] "c:\users\prince\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
    mRun: [SmartWiHelper] "c:\program files\sony corporation\smartwi connection utility\SmartWiHelper.exe" /WindowsStartup
    mRun: [VAIOMyMemCenter] "c:\program files\sony\vaio my memory center\VAIO MyMemCenter.exe" 1
    mRun: [VAIORegistration] "c:\program files\sony\first experience\WelcomeLauncher.exe"
    mRun: [VAIOSurvey] "c:\program files\sony\vaio survey\VAIO Sat Survey.exe"
    mRun: [VWLASU] "c:\program files\sony\vaio wireless wizard\AutoLaunchWLASU.exe"
    mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
    mRun: [npppnGG5aQHdW7f] c:\users\prince\appdata\roaming\dwme.exe
    mRun: [DBA.exe] c:\program files\lp\cefb\DBA.exe
    mRun: [15D.exe] c:\program files\lp\3aeb\15D.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\aolddi.lnk - c:\ddi\AOLICON.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
    IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
    IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    LSP: mswsock.dll
    Trusted Zone: real.com\rhap-app-4-0
    Trusted Zone: real.com\rhapreg
    Trusted Zone: rhapsody.com\rhap-app-4-0
    Trusted Zone: rhapsody.com\rhapreg
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://ptproxy04na.societylink.org/iNotes6W.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{6CB7D6CF-F024-47B7-ADCD-397DC7796FB5} : DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{A2E7F870-1ABE-4A21-B434-7F7028A3F5B9} : DhcpNameServer = 209.18.47.61 209.18.47.62
    Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    Notify: VESWinlogon - VESWinlogon.dll
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\prince\appdata\roaming\mozilla\firefox\profiles\n9a0y7as.default\
    FF - prefs.js: browser.startup.homepage - hxxp://advocate.com/
    FF - prefs.js: keyword.URL - hxxp://www.search.yahoo.com/search?p=
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\users\prince\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\users\prince\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
    FF - plugin: c:\users\prince\appdata\roaming\move networks\plugins\npqmp071505000011.dll
    FF - plugin: c:\users\prince\appdata\roaming\move networks\plugins\npqmp071701000002.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
    R2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe -service --> c:\windows\system32\dlbkcoms.exe -service [?]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-18 204800]
    R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2010-7-4 299008]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2008-8-21 17408]
    R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
    R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-8-1 9344]
    .
    =============== Created Last 30 ================
    .
    2011-11-18 21:42:26 -------- d-----w- c:\users\prince\appdata\roaming\IRZZ99hYXwUVlBz
    2011-11-18 21:42:25 -------- d-----w- c:\users\prince\appdata\roaming\agggllOBtzPcA1v
    2011-11-18 19:34:14 -------- d-----w- c:\users\prince\appdata\roaming\ZUUUCeelIBrP
    2011-11-18 19:34:14 -------- d-----w- c:\users\prince\appdata\roaming\sGGG5aaQJ6d
    2011-11-18 19:25:48 -------- d-----w- c:\users\prince\appdata\roaming\JXqjYCekIrOtAuS
    2011-11-18 19:25:48 -------- d-----w- c:\users\prince\appdata\roaming\iH6dWK7fR9
    2011-11-18 18:27:44 -------- d-----w- c:\users\prince\appdata\roaming\Malwarebytes
    2011-11-18 18:27:35 -------- d-----w- c:\programdata\Malwarebytes
    2011-11-18 18:27:31 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-18 18:27:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-18 12:34:17 -------- d-----w- c:\users\prince\appdata\roaming\ZQJ6dEK8fZhXjCl
    2011-11-18 12:34:17 -------- d-----w- c:\users\prince\appdata\roaming\oBtzPNycAuDoFpG
    2011-11-18 07:41:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-11-18 07:41:52 -------- d-----w- c:\program files\Spybot Search & Destroy
    2011-11-18 07:37:32 -------- d-----w- c:\program files\80FCC
    2011-11-18 07:36:57 -------- d-----w- c:\users\prince\appdata\roaming\BE080
    2011-11-18 07:36:56 -------- d-----w- c:\program files\LP
    2011-11-18 07:36:38 -------- d-----w- c:\users\prince\appdata\roaming\VTTXXwjUCelI
    2011-11-18 07:36:38 -------- d-----w- c:\users\prince\appdata\roaming\qrrrzPNNyA1uv2b
    2011-11-18 07:36:29 2910720 ----a-w- c:\windows\system32\AV Protection 2011v121.exe
    2011-11-18 07:36:29 288256 ----a-w- c:\users\prince\appdata\roaming\dwme.exe
    2011-11-18 07:36:29 -------- d-----w- c:\users\prince\appdata\roaming\A000uuvS2ibF
    2011-11-18 07:36:28 -------- d-----w- c:\users\prince\appdata\roaming\ZCCeelIBB
    .
    ==================== Find3M ====================
    .
    2011-11-18 19:30:43 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
    2011-11-06 17:20:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-06 14:00:44 72080 ----a-w- c:\users\prince\g2mdlhlpx.exe
    2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-08-25 16:14:01 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll
    2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    ============= FINISH: 19:26:13.34 ===============


    [DDS Attach]

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/21/2008 12:07:59 PM
    System Uptime: 11/18/2011 7:19:34 PM (0 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz | N/A | 2000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 224 GiB total, 29.648 GiB free.
    D: is Removable
    E: is Removable
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    .
    µTorrent
    7-Zip 9.20
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.0.1)
    Adobe Shockwave Player 11.5
    AIM 6
    Amazon Kindle For PC v1.1
    Amazon MP3 Downloader 1.0.9
    Any Video Converter 3.3.0
    AOL Toolbar 5.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Magic-i Visual Effects
    ArcSoft WebCam Companion 2
    Ask Toolbar
    AVG 2011
    AviSynth 2.5
    BlackBerry Desktop Software 6.1
    BlackBerry Device Software v6.0.0 for the BlackBerry 9300 smartphone
    Bonjour
    CCleaner
    CDDRV_Installer
    Click to Disc
    Click to Disc Editor
    Compatibility Pack for the 2007 Office system
    Convert AVI to MP4 1.3
    Coupon Printer for Windows
    Dealio Toolbar v4.0.1
    erLT
    Feedback Tool
    FlashGet 1.9.6.1073
    Google Chrome
    Google Talk (remove only)
    GoToMeeting 4.8.0.723
    HDAUDIO SoftV92 Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel PROSet Wireless
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PROSet/Wireless WiFi Software
    IrfanView (remove only)
    Isohunt-vuze Toolbar
    iTunes
    iWisoft Free Video Converter 1.2
    Java Auto Updater
    Java(TM) 6 Update 24
    KhalInstallWrapper
    Last.fm 1.5.4.27091
    Linksys EasyLink Advisor
    LiveUpdate (Symantec Corporation)
    Logitech SetPoint
    magicJack
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Media Player Classic
    MediaCoder 0.7.3.4616
    MediaCoder 3GP Edition 0.6.0
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Move Media Player
    Mozilla Firefox 7.0.1 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Music Transfer
    Napster
    Napster Burn Engine
    Octoshape add-in for Adobe Flash Player
    OGA Notifier 2.0.0048.0
    OpenMG Secure Module 5.1.00
    Primo
    Pure Networks Platform
    QuickBooks Simple Start 2008
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    Rhapsody
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio Easy Media Creator 10 LJ
    Roxio Easy Media Creator Home
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Setting Utility Series
    Skype web features
    Skype™ 4.1
    SmartWi Connection Utility
    Sony Picture Utility
    Sony Video Shared Library
    Spelling Dictionaries Support For Adobe Reader 9
    Spybot - Search & Destroy
    SupportSoft Assisted Service
    Synaptics Pointing Device Driver
    System Requirements Lab
    The Weather Channel Desktop 6
    TiVo Desktop 2.7
    TomTom HOME 2.7.5.2014
    TomTom HOME Visual Studio Merge Modules
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office OneNote 2007 (KB980729)
    VAIO Care
    VAIO Content Folder Setting
    VAIO Content Metadata Intelligent Analyzing Manager
    VAIO Content Metadata Manager Setting
    VAIO Content Metadata XML Interface Library
    VAIO Control Center
    VAIO Data Restore Tool
    VAIO DVD Menu Data Basic
    VAIO Entertainment Platform
    VAIO Event Service
    VAIO Help and Support
    VAIO Launcher
    VAIO Media plus
    VAIO Movie Story
    VAIO Movie Story Template Data
    VAIO MusicBox
    VAIO MusicBox Sample Music
    VAIO My Memory Center
    VAIO OOBE and Welcome Center
    VAIO Original Function Setting
    VAIO Power Management
    VAIO Presentation Support
    VAIO Smart Network
    VAIO Startup Assistant
    VAIO Survey
    VAIO Update 4
    VAIO Wallpaper Contents
    VAIO Wireless Wizard
    Vista Codec Package
    VLC media player 1.1.4
    WebEx Support Manager for Internet Explorer
    Windows Installer Clean Up
    Windows Media Player Firefox Plugin
    WinDVD for VAIO
    WinRAR archiver
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/18/2011 7:20:47 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    11/18/2011 7:16:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 DMICall spldr Wanarpv6
    11/18/2011 7:16:51 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    11/18/2011 7:16:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    11/18/2011 7:16:05 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
    11/18/2011 7:16:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    11/18/2011 7:16:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    11/18/2011 7:15:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/18/2011 7:15:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    11/18/2011 4:27:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 DfsC DMICall NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
    11/18/2011 4:27:34 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/18/2011 4:27:34 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    11/18/2011 4:27:34 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    11/18/2011 4:27:34 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/18/2011 4:27:34 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    11/18/2011 4:27:34 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/18/2011 4:27:34 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/18/2011 4:27:34 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    11/18/2011 4:27:34 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/18/2011 4:27:34 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    11/18/2011 4:27:34 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/18/2011 4:27:34 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/18/2011 4:27:34 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/18/2011 4:26:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    11/18/2011 4:26:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    11/18/2011 4:26:20 PM, Error: EventLog [6008] - The previous system shutdown at 4:07:16 PM on 11/18/2011 was unexpected.
    11/18/2011 11:46:13 AM, Error: EventLog [6008] - The previous system shutdown at 6:43:49 AM on 11/18/2011 was unexpected.
    11/18/2011 1:47:36 AM, Error: EventLog [6008] - The previous system shutdown at 1:45:10 AM on 11/18/2011 was unexpected.
    11/18/2011 1:27:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
    11/18/2011 1:27:18 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/18/2011 1:27:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    11/18/2011 1:24:09 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
    11/18/2011 1:24:09 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
    11/18/2011 1:23:58 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 00215D22C3AE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    11/17/2011 5:53:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Automatic LiveUpdate Scheduler service to connect.
    11/17/2011 5:52:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
    11/17/2011 5:52:13 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/17/2011 5:52:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
    11/17/2011 11:16:19 AM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00215D22C3AE. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    11/16/2011 8:15:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
    11/16/2011 8:15:48 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/16/2011 10:32:53 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{A2E7F870-1ABE-4A21-B434-7F7028A3F5B9} because another computer on the network has the same name. The server could not start.
    11/12/2011 8:20:44 PM, Error: EventLog [6008] - The previous system shutdown at 7:34:37 PM on 11/12/2011 was unexpected.
    11/12/2011 10:39:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
    11/12/2011 10:39:37 AM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================



    [aswMBR]

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-18 19:49:03
    -----------------------------
    19:49:03.016 OS Version: Windows 6.0.6002 Service Pack 2
    19:49:03.016 Number of processors: 2 586 0xF0D
    19:49:03.016 ComputerName: PRINCE-PC UserName: Prince
    19:51:37.753 Initialize success
    19:52:03.212 AVAST engine defs: 11111801
    19:52:22.837 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    19:52:22.837 Disk 0 Vendor: ST925082 3.AA Size: 238475MB BusType: 3
    19:52:22.837 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000068
    19:52:22.837 Disk 1 Vendor: RICOH 01 Size: 238475MB BusType: 0
    19:52:22.837 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000069
    19:52:22.837 Disk 2 Vendor: RICOH 02 Size: 238475MB BusType: 0
    19:52:22.868 Disk 0 MBR read successfully
    19:52:22.868 Disk 0 MBR scan
    19:52:22.884 Disk 0 Windows VISTA default MBR code
    19:52:22.884 Disk 0 scanning sectors +488395120
    19:52:23.211 Disk 0 scanning C:\Windows\system32\drivers
    19:52:43.694 Service scanning
    19:52:45.160 Modules scanning
    19:53:12.720 Disk 0 trace - called modules:
    19:53:12.760 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
    19:53:12.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86617298]
    19:53:12.770 3 CLASSPNP.SYS[8a3ab8b3] -> nt!IofCallDriver -> [0x854428f0]
    19:53:12.775 5 acpi.sys[806926bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x859f1028]
    19:53:17.985 AVAST engine scan C:\Windows
    19:53:24.040 AVAST engine scan C:\Windows\system32
    19:53:32.425 File: C:\Windows\system32\AV Protection 2011v121.exe **INFECTED** Win32:FakeAV-CND [Trj]
    19:56:25.580 AVAST engine scan C:\Windows\system32\drivers
    19:56:45.980 AVAST engine scan C:\Users\Prince
    20:03:53.515 File: C:\Users\Prince\AppData\Roaming\BE080\39837.exe **INFECTED** Win32:Cycbot-OR [Trj]
    20:03:53.745 File: C:\Users\Prince\AppData\Roaming\BE080\84B47.exe **INFECTED** Win32:Cycbot-OR [Trj]
    20:03:53.995 File: C:\Users\Prince\AppData\Roaming\BE080\874CE.exe **INFECTED** Win32:Cycbot-OR [Trj]
    20:03:54.725 File: C:\Users\Prince\AppData\Roaming\dwme.exe **INFECTED** Win32:Cycbot-OR [Trj]
    20:10:18.980 AVAST engine scan C:\ProgramData
    20:16:03.553 Scan finished successfully
    20:21:41.386 Disk 0 MBR has been saved successfully to "H:\MBR.dat"
    20:21:42.072 The log file has been saved successfully to "H:\aswMBR.txt"
     
  4. oldman960

    oldman960

    Joined:
    Apr 7, 2010
    Messages:
    166
    Hi brothasoul,
    aswMBR was ran from the H:\ drive which would explain why mbr.dat is not on your desktop. :eek: You will find it on the H:\ drive. Please zip it and attach it to your next reply.

    It is important to download the tools to the location specified.

    • If you are using Firefox, make sure that your download settings are as follows:
      -Tools->Options->Main tab
      -Set to "Always ask me where to Save the files".

    µTorrent, Isohunt-vuze Toolbar, Napster
    You have µTorrent, Isohunt-vuze Toolbar, Napster, P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it. It's not the programs themselves that are the problem but what cam be downloaded with them usually from an unknown source.

    References for the risk of these programs can be found in these links:
    http://www.microsoft.com/windows/ie/commun...protection.mspx

    http://www.internetworldstats.com/articles/art053.htm://http://www.techweb.com/wire/1605005...cles/art053.htm

    I would recommend that you uninstall µTorrent, Isohunt-vuze Toolbar, Napster, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

    If you wish to keep it, please do not use it until your computer is cleaned.


    I can see what appears to be another major infection. Before we attempt to clean this machine I like to try to determine which variant we are dealing with.


    Download OTL to your desktop.

    • Right click on OTL.exe and click "Run as Administrator" to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output
    • Check the boxes beside LOP Check and Purity Check.
    • In the window under Custom Scans/Fixes copy and paste the following


      netsvcs
      %SYSTEMDRIVE%\*.*
      %systemroot%\Fonts\*.com
      %systemroot%\Fonts\*.dll
      %systemroot%\Fonts\*.ini
      %systemroot%\Fonts\*.ini2
      %systemroot%\Fonts\*.exe
      %systemroot%\system32\spool\prtprocs\w32x86\*.*
      %systemroot%\REPAIR\*.bak1
      %systemroot%\REPAIR\*.ini
      %systemroot%\system32\*.jpg
      %systemroot%\*.jpg
      %systemroot%\*.png
      %systemroot%\*.scr
      %systemroot%\*._sy
      %APPDATA%\Adobe\Update\*.*
      %ALLUSERSPROFILE%\Favorites\*.*
      %APPDATA%\Microsoft\*.*
      %PROGRAMFILES%\*.*
      %APPDATA%\Update\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      %PROGRAMFILES%\bak. /s
      %systemroot%\system32\bak. /s
      %ALLUSERSPROFILE%\Start Menu\*.lîk /x
      %systemroot%\system32\config\systemprofile\*.dat /x
      %systemroot%\*.config
      %systemroot%\system32\*.db
      %PROGRAMFILES%\Internet Explorer\*.dat
      %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
      %USERPROFILE%\Deskuop\*.exe
      %PROGRAMFILES%\Common Files\*.*
      %systemroot%\*.src
      %systemroot%\install\*.*
      %systemroot%\system32\DLL\*.*
      %systemroot%\system32\HelpFiles\*.*
      %systemroot%\system32\rundll\*.*
      %systemroot%\winn32\*.*
      %systemroot%\Java\*.*
      %systemroot%\system32\test\*.*
      %systemroot%\system32\Rundll32\*.*
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      %USERPROFILE%\..|smtmp;true;true;true /FP
      /md5start
      iexplore.*
      explorer.*
      winlogon.*
      dll
      zx.dll
      hlp.dat
      conserv.dll
      netbt.sys
      /md5stop

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.



    Please post back with
    • mbr.zip (attached)
    • both OTL logs
    thanks
     
  5. brothasoul

    brothasoul Thread Starter

    Joined:
    Aug 12, 2003
    Messages:
    51
    Sorry about that error with the MBR file. I used an uninfected laptop to downloaded the needed files, then transfered them to my USB drive. I was not aware that I loaded aswMBR from the USB drive, instead of from the copy I'd saved to the desktop. If re-running the scan from my desktop & posting the related MBR file would be helpful, let me know.

    I appreciate the heads up on the P2P software. I am familiar with their use. I acutally got this infection when I was researching Rick Perry's stance on the DREAM act online (true story d:) Not ten seconds into reading an article on a site seemingly indicating his support, AV Protection 2011 was making its presence known. So much for trying to expand my political knowledge base, huh?

    It's been a good 7-8 years since I had a virus like this on a previous computer. I was using XP at the time, and this website helped me clean it up. I believe I got some tips on anti virus software to use from here...and this instance let me know that the AVG free I was using was not making the cut. I did some research & Kaspersky Anti-Virus looks worth the purchase. Any thought on that?

    I am about to move forward with running OTL. I will post again as soon as the logs have loaded.

    Thank you much for your help thus far.
     

    Attached Files:

    • MBR.zip
      File size:
      554 bytes
      Views:
      1
  6. brothasoul

    brothasoul Thread Starter

    Joined:
    Aug 12, 2003
    Messages:
    51
    [OTL.txt]

    OTL logfile created on: 11/19/2011 12:45:43 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Prince\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.87 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 55.96% Memory free
    5.95 Gb Paging File | 4.25 Gb Available in Paging File | 71.42% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 223.93 Gb Total Space | 27.29 Gb Free Space | 12.19% Space Free | Partition Type: NTFS
    Drive H: | 14.92 Gb Total Space | 9.61 Gb Free Space | 64.45% Space Free | Partition Type: FAT32

    Computer Name: PRINCE-PC | User Name: Prince | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found
    PRC - C:\Users\Prince\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Users\Prince\AppData\Roaming\BE080\874CE.exe ()
    PRC - C:\Program Files\80FCC\lvvm.exe ()
    PRC - C:\Users\Prince\AppData\Roaming\dwme.exe ()
    PRC - C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
    PRC - C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.AutoUpdate.exe (Research In Motion)
    PRC - C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited)
    PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
    PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
    PRC - C:\Windows\System32\java.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Last.fm\LastFM.exe (Last.fm)
    PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
    PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
    PRC - C:\Program Files\TiVo\Desktop\TiVoNotify.exe (TiVo Inc.)
    PRC - C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe (TiVo Inc.)
    PRC - C:\Program Files\TiVo\Desktop\TranscodingService.exe (TiVo Inc.)
    PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
    PRC - C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
    PRC - C:\Program Files\Sony\VAIO Care\VCsystray.exe (Sony Electronics, Inc.)
    PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
    PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
    PRC - C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
    PRC - C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe ()
    PRC - C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe ()
    PRC - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
    PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
    PRC - C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
    PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
    PRC - C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
    PRC - C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe ()
    PRC - C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe (Sony Electronics, Inc.)
    PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
    PRC - C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
    PRC - C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
    PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
    PRC - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
    PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
    PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
    PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
    PRC - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe (ArcSoft, Inc.)
    PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
    PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
    PRC - C:\Windows\System32\dlbkcoms.exe ( )
    PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
    PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Users\Prince\AppData\Roaming\BE080\874CE.exe ()
    MOD - C:\Program Files\80FCC\lvvm.exe ()
    MOD - C:\Users\Prince\AppData\Roaming\dwme.exe ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8adb45c62e4c797bd4c706afe9e8bfb9\System.Core.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
    MOD - C:\Program Files\Yahoo!\Messenger\yui.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libtidy.dll ()
    MOD - C:\Program Files\Last.fm\srv_rtaudioplayback.dll ()
    MOD - C:\Program Files\Last.fm\ext_messengernotify.dll ()
    MOD - C:\Program Files\Last.fm\ext_skypenotify.dll ()
    MOD - C:\Program Files\Last.fm\srv_madtranscode.dll ()
    MOD - C:\Program Files\Last.fm\srv_httpinput.dll ()
    MOD - C:\Program Files\Last.fm\LastFmFingerprint1.dll ()
    MOD - C:\Program Files\Last.fm\breakpad.dll ()
    MOD - C:\Program Files\Last.fm\Moose1.dll ()
    MOD - C:\Program Files\Last.fm\LastFmTools1.dll ()
    MOD - C:\Program Files\Last.fm\libfftw3f-3.dll ()
    MOD - C:\Program Files\Last.fm\zlibwapi.dll ()
    MOD - C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Logitech\SetPoint\khalwrapper.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
    MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll ()
    MOD - C:\Program Files\TiVo\Desktop\libmatroska.dll ()
    MOD - C:\Program Files\TiVo\Desktop\libebml.dll ()
    MOD - C:\Program Files\WinRAR\RarExt.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll ()
    MOD - C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\SharedInterfaces.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\DebugMsg.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\SonyCommonLib.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWGadgetInterface.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\MessageXML.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\Resources.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\DictionaryLookup.dll ()
    MOD - C:\Program Files\Last.fm\QtNetwork4.dll ()
    MOD - C:\Program Files\Last.fm\QtSql4.dll ()
    MOD - C:\Program Files\Last.fm\QtGui4.dll ()
    MOD - C:\Program Files\Last.fm\QtXml4.dll ()
    MOD - C:\Program Files\Last.fm\QtCore4.dll ()
    MOD - C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll ()
    MOD - C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll ()
    MOD - C:\Program Files\Last.fm\imageformats\qmng4.dll ()
    MOD - C:\Program Files\Last.fm\imageformats\qgif4.dll ()
    MOD - C:\Program Files\Last.fm\imageformats\qjpeg4.dll ()
    MOD - C:\Program Files\TiVo\Desktop\StlpMt45.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
    SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
    SRV - (NSUService) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
    SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
    SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
    SRV - (RtkAudioService) -- C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
    SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
    SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
    SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
    SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
    SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
    SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
    SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
    SRV - (SOHDms) -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe (Sony Corporation)
    SRV - (SOHCImp) -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe (Sony Corporation)
    SRV - (SOHDs) -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe (Sony Corporation)
    SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
    SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
    SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
    SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
    SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
    SRV - (LinksysUpdater) -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
    SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
    SRV - (uCamMonitor) -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe (ArcSoft, Inc.)
    SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
    SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
    SRV - (dlbk_device) -- C:\Windows\System32\dlbkcoms.exe ( )
    SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
    SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
    SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (Avgrkx86) -- File not found
    DRV - (AVGIDSEH) -- File not found
    DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
    DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
    DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
    DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
    DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
    DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
    DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
    DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
    DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
    DRV - (pnarp) -- C:\Windows\System32\drivers\pnarp.sys (Pure Networks, Inc.)
    DRV - (purendis) -- C:\Windows\System32\drivers\purendis.sys (Pure Networks, Inc.)
    DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
    DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
    DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
    DRV - (CrystalSysInfo) -- C:\Program Files\MediaCoder\SysInfo.sys ()
    DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
    DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
    DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
    DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\..\URLSearchHook: {6c3a1de1-94ca-4ad6-acdf-c1324adc487b} - C:\Program Files\Isohunt-vuze\tbIsoh.dll (Conduit Ltd.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ed.msnbc.msn.com/
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://advocate.com/"
    FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: [email protected]:7
    FF - prefs.js..extensions.enabledItems: [email protected]:1.2.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5
    FF - prefs.js..extensions.enabledItems: {D9A7CBEC-DE1A-444f-A092-844461596C4D}:4.5
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: [email protected]:1.1
    FF - prefs.js..extensions.enabledItems: [email protected]:2.3.0
    FF - prefs.js..extensions.enabledItems: [email protected]:1.4.4
    FF - prefs.js..extensions.enabledItems: [email protected]:0.51
    FF - prefs.js..keyword.URL: "http://www.search.yahoo.com/search?p="

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Prince\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Prince\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Prince\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Prince\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/02 15:39:21 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/17 14:59:04 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Prince\AppData\Roaming\Move Networks [2010/02/16 21:37:23 | 000,000,000 | ---D | M]

    [2010/08/12 13:11:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Prince\AppData\Roaming\Mozilla\Extensions
    [2010/08/12 13:11:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Prince\AppData\Roaming\Mozilla\Extensions\[email protected]
    [2011/11/12 18:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\extensions
    [2011/02/07 09:55:36 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(46)
    [2010/08/07 20:33:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/03/25 00:27:46 | 000,000,000 | ---D | M] (MTV Direct Community Toolbar) -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\extensions\{4215af89-e516-4ba5-bbfa-a85490a73c21}(86)
    [2011/11/12 18:28:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
    [2011/10/27 11:37:31 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
    [2011/02/20 22:38:25 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}(91)
    [2011/11/12 00:51:26 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(32)
    [2011/07/09 01:39:42 | 000,000,000 | ---D | M] ("Blackout") -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\extensions\[email protected]
    [2011/02/07 09:55:37 | 000,000,000 | ---D | M] (Dictionary.com) -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\extensions\[email protected](45).com
    [2011/08/01 08:17:55 | 000,000,000 | ---D | M] (CineMeter) -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\extensions\[email protected]
    [2011/02/21 18:53:54 | 000,000,000 | ---D | M] (Paste and Go 3) -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\extensions\[email protected]
    [2010/03/08 10:50:41 | 000,000,000 | ---D | M] (SearchIMDB) -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\extensions\[email protected]
    [2011/07/09 01:45:12 | 000,000,000 | ---D | M] (Tabs on top) -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\extensions\[email protected]
    [2010/02/15 07:28:57 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\extensions\[email protected]
    [2010/09/30 11:17:49 | 000,000,939 | ---- | M] () -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\searchplugins\dictionary.xml
    [2010/04/26 11:41:38 | 000,001,928 | ---- | M] () -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\searchplugins\epguidescom.xml
    [2011/10/22 22:13:03 | 000,002,567 | ---- | M] () -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\searchplugins\hulu.xml
    [2010/03/22 12:30:35 | 000,001,512 | ---- | M] () -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\searchplugins\imdb.xml
    [2009/08/09 20:32:16 | 000,002,298 | ---- | M] () -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\searchplugins\lastfm.xml
    [2010/03/22 12:31:33 | 000,001,729 | ---- | M] () -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\searchplugins\rotten-tomatoes.xml
    [2011/02/04 02:16:30 | 000,001,632 | ---- | M] () -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\searchplugins\weathercom.xml
    [2009/08/09 20:32:42 | 000,000,945 | ---- | M] () -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\searchplugins\youtube-video-search.xml
    [2011/08/17 14:59:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2009/12/02 22:12:01 | 000,000,000 | ---D | M] (Dealio Toolbar Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
    [2010/05/08 23:29:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/05 22:45:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/12/07 19:55:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/04/04 06:59:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2009/12/02 22:12:02 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
    () (No name found) -- C:\USERS\PRINCE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N9A0Y7AS.DEFAULT\EXTENSIONS\{6E84150A-D526-41F1-A480-A67D3FED910D}.XPI
    () (No name found) -- C:\USERS\PRINCE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N9A0Y7AS.DEFAULT\EXTENSIONS\[email protected]
    () (No name found) -- C:\USERS\PRINCE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N9A0Y7AS.DEFAULT\EXTENSIONS\[email protected]
    () (No name found) -- C:\USERS\PRINCE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N9A0Y7AS.DEFAULT\EXTENSIONS\[email protected]
    () (No name found) -- C:\USERS\PRINCE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N9A0Y7AS.DEFAULT\EXTENSIONS\[email protected]
    [2011/10/02 15:39:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/10/02 15:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    ========== Chrome ==========

    CHR - default_search_provider: Yahoo! (Enabled)
    CHR - default_search_provider: search_url = http://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
    CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Prince\AppData\Local\Google\Chrome\Application\15.0.874.120\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Prince\AppData\Local\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Prince\AppData\Local\Google\Chrome\Application\15.0.874.120\pdf.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Prince\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Prince\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Prince\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Tabs to the front! = C:\Users\Prince\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjaooagfdhdhmbfchnkhggjmacjlacla\0.2.4_0\
    CHR - Extension: HuffingtonPost NewsGlide = C:\Users\Prince\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjialelnkjdomiblmnpcpjongleegef\0.3.2_0\

    O1 HOSTS File: ([2011/11/18 06:32:53 | 000,437,878 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 123fporn.info
    O1 - Hosts: 15087 more lines...
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
    O2 - BHO: (Isohunt-vuze Toolbar) - {6c3a1de1-94ca-4ad6-acdf-c1324adc487b} - C:\Program Files\Isohunt-vuze\tbIsoh.dll (Conduit Ltd.)
    O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Isohunt-vuze Toolbar) - {6c3a1de1-94ca-4ad6-acdf-c1324adc487b} - C:\Program Files\Isohunt-vuze\tbIsoh.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Isohunt-vuze Toolbar) - {6C3A1DE1-94CA-4AD6-ACDF-C1324ADC487B} - C:\Program Files\Isohunt-vuze\tbIsoh.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O4 - HKLM..\Run: [15D.exe] C:\Program Files\LP\3AEB\15D.exe ()
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [DBA.exe] C:\Program Files\LP\CEFB\DBA.exe ()
    O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
    O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
    O4 - HKLM..\Run: [npppnGG5aQHdW7f] C:\Users\Prince\AppData\Roaming\dwme.exe ()
    O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
    O4 - HKLM..\Run: [VAIOMyMemCenter] C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe ()
    O4 - HKLM..\Run: [VAIORegistration] C:\Program Files\Sony\First Experience\WelcomeLauncher.exe (Sony Electronics, Inc.)
    O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\VAIO Sat Survey.exe ()
    O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
    O4 - HKCU..\Run: [Aim6] File not found
    O4 - HKCU..\Run: [cdloader] C:\Users\Prince\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
    O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
    O4 - HKCU..\Run: [googletalk] C:\Users\Prince\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKCU..\Run: [TivoNotify] C:\Program Files\TiVo\Desktop\TiVoNotify.exe (TiVo Inc.)
    O4 - HKCU..\Run: [TivoServer] C:\Program Files\TiVo\Desktop\TiVoServer.exe (TiVo Inc.)
    O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O4 - HKCU..\Run: [TranscodingService] C:\Program Files\TiVo\Desktop\TranscodingService.exe (TiVo Inc.)
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
    O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://ptproxy04na.societylink.org/iNotes6W.cab (iNotes6 Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CB7D6CF-F024-47B7-ADCD-397DC7796FB5}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2E7F870-1ABE-4A21-B434-7F7028A3F5B9}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKCU Winlogon: Shell - (C:\Users\Prince\AppData\Roaming\BE080\874CE.exe) -C:\Users\Prince\AppData\Roaming\BE080\874CE.exe ()
    O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{01704e55-227f-11df-a5a3-001dba874cef}\Shell - "" = AutoRun
    O33 - MountPoints2\{01704e55-227f-11df-a5a3-001dba874cef}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/19 00:38:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Prince\Desktop\OTL.exe
    [2011/11/18 20:48:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2011/11/18 20:44:51 | 161,350,808 | ---- | C] (Kaspersky Lab) -- C:\Users\Prince\Desktop\kav2012_12.0.0.374-2441en_us.exe
    [2011/11/18 19:37:46 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Prince\Desktop\aswMBR.exe
    [2011/11/18 19:10:13 | 000,000,000 | ---D | C] -- C:\Users\Prince\Desktop\backups
    [2011/11/18 16:28:20 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Prince\Desktop\HijackThis.exe
    [2011/11/18 15:42:26 | 000,000,000 | ---D | C] -- C:\Users\Prince\AppData\Roaming\IRZZ99hYXwUVlBz
    [2011/11/18 15:42:25 | 000,000,000 | ---D | C] -- C:\Users\Prince\AppData\Roaming\agggllOBtzPcA1v
    [2011/11/18 15:32:33 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Prince\Desktop\dds.scr
    [2011/11/18 13:34:14 | 000,000,000 | ---D | C] -- C:\Users\Prince\AppData\Roaming\ZUUUCeelIBrP
    [2011/11/18 13:34:14 | 000,000,000 | ---D | C] -- C:\Users\Prince\AppData\Roaming\sGGG5aaQJ6d
    [2011/11/18 13:25:48 | 000,000,000 | ---D | C] -- C:\Users\Prince\AppData\Roaming\JXqjYCekIrOtAuS
    [2011/11/18 13:25:48 | 000,000,000 | ---D | C] -- C:\Users\Prince\AppData\Roaming\iH6dWK7fR9
    [2011/11/18 12:27:44 | 000,000,000 | ---D | C] -- C:\Users\Prince\AppData\Roaming\Malwarebytes
    [2011/11/18 12:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/11/18 12:26:37 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Prince\Desktop\mbam-setup.exe
    [2011/11/18 12:01:11 | 001,564,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Prince\Desktop\digitalblack.com.exe
    [2011/11/18 06:34:17 | 000,000,000 | ---D | C] -- C:\Users\Prince\AppData\Roaming\ZQJ6dEK8fZhXjCl
    [2011/11/18 06:34:17 | 000,000,000 | ---D | C] -- C:\Users\Prince\AppData\Roaming\oBtzPNycAuDoFpG
    [2011/11/18 01:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot Search & Destroy
    [2011/11/18 01:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot Search & Destroy
    [2011/11/18 01:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011/11/18 01:37:32 | 000,000,000 | ---D | C] -- C:\Program Files\80FCC
    [2011/11/18 01:36:57 | 000,000,000 | ---D | C] -- C:\Users\Prince\AppData\Roaming\BE080
    [2011/11/18 01:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\LP
    [2011/11/18 01:36:39 | 000,000,000 | ---D | C] -- C:\Users\Prince\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Protection 2011
    [2011/11/18 01:36:38 | 000,000,000 | ---D | C] -- C:\Users\Prince\AppData\Roaming\VTTXXwjUCelI
    [2011/11/18 01:36:38 | 000,000,000 | ---D | C] -- C:\Users\Prince\AppData\Roaming\qrrrzPNNyA1uv2b
    [2011/11/18 01:36:29 | 002,910,720 | ---- | C] (&#1050;&#1086;&#1088;&#1087;&#1086;&#1088;&#1072;&#1094;&#1080;&#1103; &#1052;&#1072;&#1081;&#1082;&#1088;&#1086;&#1089;&#1086;&#1092;&#1090;) -- C:\Windows\System32\AV Protection 2011v121.exe
    [2011/11/18 01:36:29 | 000,000,000 | ---D | C] -- C:\Users\Prince\AppData\Roaming\A000uuvS2ibF
    [2011/11/18 01:36:28 | 000,000,000 | ---D | C] -- C:\Users\Prince\AppData\Roaming\ZCCeelIBB
    [2007/06/25 21:17:06 | 000,386,288 | ---- | C] ( ) -- C:\Windows\System32\dlbkih.exe
    [2007/06/25 21:17:04 | 000,537,840 | ---- | C] ( ) -- C:\Windows\System32\dlbkcoms.exe
    [2007/06/25 21:17:00 | 000,382,192 | ---- | C] ( ) -- C:\Windows\System32\dlbkcfg.exe
    [2007/03/21 13:41:30 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System32\dlbkcu.dll
    [2007/01/30 14:47:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbkpmui.dll
    [2007/01/30 14:46:00 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbkserv.dll
    [2007/01/30 14:38:18 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbkcomm.dll
    [2007/01/30 14:36:30 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbklmpm.dll
    [2007/01/30 14:35:00 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbkiesc.dll
    [2007/01/30 14:32:06 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbkpplc.dll
    [2007/01/30 14:31:08 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbkcomc.dll
    [2007/01/30 14:30:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbkprox.dll
    [2007/01/30 14:22:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbkinpa.dll
    [2007/01/30 14:21:46 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbkusb1.dll
    [2007/01/30 14:17:02 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbkhbn3.dll
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/11/19 00:38:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Prince\Desktop\OTL.exe
    [2011/11/19 00:30:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2964417686-3802623456-3068059845-1000UA.job
    [2011/11/19 00:26:50 | 000,000,554 | ---- | M] () -- C:\Users\Prince\Desktop\MBR.zip
    [2011/11/19 00:22:24 | 000,002,255 | ---- | M] () -- C:\Users\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
    [2011/11/19 00:20:31 | 004,105,233 | ---- | M] () -- C:\Users\Prince\Desktop\Mary_J_Blige-Miss_Me_With_That_1307132211.zip
    [2011/11/19 00:08:46 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/11/19 00:08:46 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/11/18 23:44:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/11/18 23:44:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/11/18 22:30:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2964417686-3802623456-3068059845-1000Core.job
    [2011/11/18 20:59:48 | 000,000,563 | ---- | M] () -- C:\Users\Prince\Desktop\Setup Squad Video Clips, Watch Full Episodes Online Logo TV Watch Free Videos & New Music Videos.website
    [2011/11/18 20:59:28 | 000,000,563 | ---- | M] () -- C:\Users\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\Setup Squad Video Clips, Watch Full Episodes Online Logo TV Watch Free Videos & New Music Videos.website
    [2011/11/18 20:55:05 | 000,128,672 | ---- | M] () -- C:\ProgramData\LuUninstall.LiveUpdate
    [2011/11/18 20:46:57 | 161,350,808 | ---- | M] (Kaspersky Lab) -- C:\Users\Prince\Desktop\kav2012_12.0.0.374-2441en_us.exe
    [2011/11/18 19:43:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/11/18 19:43:44 | 3081,801,728 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/18 19:06:36 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Prince\Desktop\aswMBR.exe
    [2011/11/18 16:21:54 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Prince\Desktop\HijackThis.exe
    [2011/11/18 15:56:24 | 000,302,592 | ---- | M] () -- C:\Users\Prince\Desktop\gmer.exe
    [2011/11/18 15:30:26 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Prince\Desktop\dds.scr
    [2011/11/18 12:34:06 | 001,008,092 | ---- | M] () -- C:\Users\Prince\Desktop\rkill.scr
    [2011/11/18 12:23:22 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Prince\Desktop\mbam-setup.exe
    [2011/11/18 12:00:24 | 000,212,480 | ---- | M] () -- C:\Users\Prince\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/11/18 11:55:26 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Prince\Desktop\digitalblack.com.exe
    [2011/11/18 06:32:53 | 000,437,878 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/11/18 01:37:03 | 000,001,210 | ---- | M] () -- C:\Users\Prince\AppData\Roaming\ldr.ini
    [2011/11/18 01:36:29 | 002,910,720 | ---- | M] (&#1050;&#1086;&#1088;&#1087;&#1086;&#1088;&#1072;&#1094;&#1080;&#1103; &#1052;&#1072;&#1081;&#1082;&#1088;&#1086;&#1089;&#1086;&#1092;&#1090;) -- C:\Windows\System32\AV Protection 2011v121.exe
    [2011/11/18 01:36:29 | 000,288,256 | ---- | M] () -- C:\Users\Prince\AppData\Roaming\dwme.exe
    [2011/11/17 01:10:07 | 000,000,477 | ---- | M] () -- C:\Users\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\Rachel Maddow Show.website
    [2011/11/17 00:33:38 | 000,010,562 | ---- | M] () -- C:\Users\Prince\AppData\Roaming\wklnhst.dat
    [2011/11/15 18:57:56 | 000,005,972 | ---- | M] () -- C:\Users\Prince\AppData\Local\d3d9caps.dat
    [2011/11/14 14:13:48 | 000,019,282 | ---- | M] () -- C:\Users\Prince\Desktop\mjb.jpg
    [2011/11/14 03:57:33 | 000,057,798 | ---- | M] () -- C:\Users\Prince\Desktop\Rihanna.jpg
    [2011/11/14 00:07:13 | 000,000,543 | ---- | M] () -- C:\Users\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\AfterElton.com The pop culture site that plays for your team..website
    [2011/11/13 21:25:52 | 000,000,372 | ---- | M] () -- C:\Users\Prince\Documents - Shortcut.lnk
    [2011/11/09 15:04:10 | 000,000,503 | ---- | M] () -- C:\Users\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Mail The best web-based email!.website
    [2011/11/08 01:05:47 | 000,000,604 | ---- | M] () -- C:\Users\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\Netflix - Member Login Sign In To Your Account.website
    [2011/11/06 11:20:38 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/11/19 00:27:10 | 000,000,554 | ---- | C] () -- C:\Users\Prince\Desktop\MBR.zip
    [2011/11/19 00:20:38 | 004,182,147 | ---- | C] () -- C:\Users\Prince\Desktop\Mary J Blige - Miss Me With That (Prod. by Harvey Mason).mp3
    [2011/11/19 00:20:30 | 004,105,233 | ---- | C] () -- C:\Users\Prince\Desktop\Mary_J_Blige-Miss_Me_With_That_1307132211.zip
    [2011/11/18 20:59:28 | 000,000,563 | ---- | C] () -- C:\Users\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\Setup Squad Video Clips, Watch Full Episodes Online Logo TV Watch Free Videos & New Music Videos.website
    [2011/11/18 20:55:00 | 000,128,672 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
    [2011/11/18 19:20:02 | 3081,801,728 | -HS- | C] () -- C:\hiberfil.sys
    [2011/11/18 15:57:08 | 000,302,592 | ---- | C] () -- C:\Users\Prince\Desktop\gmer.exe
    [2011/11/18 14:21:03 | 001,008,092 | ---- | C] () -- C:\Users\Prince\Desktop\rkill.scr
    [2011/11/18 01:36:38 | 000,001,210 | ---- | C] () -- C:\Users\Prince\AppData\Roaming\ldr.ini
    [2011/11/18 01:36:29 | 000,288,256 | ---- | C] () -- C:\Users\Prince\AppData\Roaming\dwme.exe
    [2011/11/14 14:13:46 | 000,019,282 | ---- | C] () -- C:\Users\Prince\Desktop\mjb.jpg
    [2011/11/14 03:57:33 | 000,057,798 | ---- | C] () -- C:\Users\Prince\Desktop\Rihanna.jpg
    [2011/11/13 21:25:52 | 000,000,372 | ---- | C] () -- C:\Users\Prince\Documents - Shortcut.lnk
    [2011/01/14 10:31:36 | 000,004,608 | ---- | C] () -- C:\Windows\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/21 12:08:20 | 000,007,263 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
    [2010/02/20 13:51:38 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/01/28 02:09:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2009/08/18 13:40:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/18 13:40:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/08/18 13:39:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2009/08/13 09:24:02 | 000,004,096 | -H-- | C] () -- C:\Users\Prince\AppData\Local\keyfile3.drm
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/07/15 14:30:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/05/30 01:37:40 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009/05/30 01:31:52 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2009/02/08 11:37:04 | 000,000,102 | ---- | C] () -- C:\Windows\dellstat.ini
    [2008/12/24 07:26:30 | 000,005,972 | ---- | C] () -- C:\Users\Prince\AppData\Local\d3d9caps.dat
    [2008/12/23 22:33:21 | 000,212,480 | ---- | C] () -- C:\Users\Prince\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/12/23 09:19:35 | 000,010,562 | ---- | C] () -- C:\Users\Prince\AppData\Roaming\wklnhst.dat
    [2008/08/21 01:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
    [2008/08/01 12:11:00 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
    [2008/08/01 12:11:00 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
    [2008/08/01 12:11:00 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1511.dll
    [2008/08/01 12:11:00 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
    [2008/08/01 12:10:05 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2007/09/04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2007/03/21 13:53:26 | 000,462,848 | ---- | C] () -- C:\Windows\System32\dlbkjswr.dll
    [2007/03/21 13:53:16 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dlbkcur.dll
    [2007/03/21 13:41:20 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlbkutil.dll
    [2007/02/22 22:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbkcoin.dll
    [2007/02/07 22:58:00 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
    [2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
    [2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 06:47:37 | 000,340,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 04:33:01 | 000,595,684 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 04:33:01 | 000,101,350 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2005/12/16 19:15:44 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbkvs.dll
    [2005/09/13 21:27:08 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbkcnv5.dll
    [2005/09/13 21:27:08 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbkcnv4.dll

    ========== LOP Check ==========

    [2011/11/18 01:36:29 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\A000uuvS2ibF
    [2008/12/22 21:35:45 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\acccore
    [2011/11/18 15:42:25 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\agggllOBtzPcA1v
    [2010/02/19 12:12:05 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\Amazon
    [2011/01/21 12:23:21 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\AnvSoft
    [2010/11/07 15:30:48 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\AVG10
    [2010/05/24 17:05:16 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\AVG9
    [2010/12/24 10:48:13 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\avidemux
    [2010/11/05 10:20:51 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\Azureus
    [2011/11/18 11:46:25 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\BE080
    [2010/11/24 02:19:20 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\Broad Intelligence
    [2011/01/11 01:11:13 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\FlashGet
    [2011/11/18 13:25:48 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\iH6dWK7fR9
    [2009/01/04 11:39:54 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\InterVideo
    [2011/07/01 02:49:51 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\IrfanView
    [2011/11/18 15:42:27 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\IRZZ99hYXwUVlBz
    [2011/11/18 13:26:15 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\JXqjYCekIrOtAuS
    [2010/09/03 13:38:34 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\Leadertech
    [2011/11/09 13:42:44 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\mjusbsp
    [2011/11/18 06:34:17 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\oBtzPNycAuDoFpG
    [2011/11/18 01:36:39 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\qrrrzPNNyA1uv2b
    [2010/11/23 18:54:52 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\Research In Motion
    [2011/11/18 13:34:17 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\sGGG5aaQJ6d
    [2010/01/20 21:49:03 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\SystemRequirementsLab
    [2009/01/08 18:29:47 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\Template
    [2010/08/12 13:11:14 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\TomTom
    [2011/11/18 21:42:12 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\uTorrent
    [2010/02/15 14:29:02 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\VistaCodecs
    [2011/11/18 01:36:38 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\VTTXXwjUCelI
    [2011/11/18 01:36:28 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\ZCCeelIBB
    [2011/11/18 06:34:18 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\ZQJ6dEK8fZhXjCl
    [2011/11/18 13:34:14 | 000,000,000 | ---D | M] -- C:\Users\Prince\AppData\Roaming\ZUUUCeelIBrP
    [2011/11/18 19:42:43 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/06/26 15:44:57 | 000,000,199 | ---- | M] () -- C:\11.txt
    [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2008/08/01 12:06:54 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2006/09/18 15:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2010/06/13 13:16:51 | 000,000,326 | ---- | M] () -- C:\fullscreen.htm
    [2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2011/11/18 19:43:44 | 3081,801,728 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
    [2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2008/08/21 01:37:34 | 000,000,187 | ---- | M] () -- C:\Installer_Setup.log
    [2009/06/14 08:06:22 | 000,000,744 | -H-- | M] () -- C:\IPH.PH
    [2011/11/18 19:43:41 | 3395,616,768 | -HS- | M] () -- C:\pagefile.sys
    [2011/11/18 18:35:17 | 000,000,434 | ---- | M] () -- C:\rkill.log
    [2011/11/18 12:26:17 | 000,077,328 | ---- | M] () -- C:\TDSSKiller.2.6.19.0_18.11.2011_12.01.19_log.txt
    [2011/11/18 13:27:29 | 000,001,820 | ---- | M] () -- C:\TDSSKiller.2.6.19.0_18.11.2011_13.27.19_log.txt
    [2011/11/18 13:29:56 | 000,077,792 | ---- | M] () -- C:\TDSSKiller.2.6.19.0_18.11.2011_13.27.52_log.txt
    [2011/11/18 14:23:45 | 000,001,820 | ---- | M] () -- C:\TDSSKiller.2.6.19.0_18.11.2011_14.23.43_log.txt
    [2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2008/08/21 01:48:15 | 000,389,654 | ---- | M] () -- C:\vcredist_x86.log
    [2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
    [2009/08/13 07:16:06 | 000,000,254 | ---- | M] () -- C:\WirelessDiagLog.csv
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    < %systemroot%\Fonts\*.com >
    [2006/11/02 06:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 06:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 06:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/08/21 20:13:44 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 15:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2007/02/28 08:49:48 | 000,102,400 | ---- | M] () -- C:\Windows\system32\spool\prtprocs\w32x86\dlbkpp5c.dll
    [2006/11/02 06:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 20:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/20 21:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/20 21:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/20 21:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lîk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >

    < %USERPROFILE%\Deskuop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    < %USERPROFILE%\..|smtmp;true;true;true /FP >


    < MD5 for: EXPLORER.EXE >
    [2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
    [2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
    [2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
    [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
    [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
    [2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
    [2008/01/20 20:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

    < MD5 for: EXPLORER.EXE.MUI >
    [2006/11/02 06:41:18 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\en-US\explorer.exe.mui
    [2006/11/02 06:41:18 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_03bbc52176b6ba20\explorer.exe.mui

    < MD5 for: EXPLORER.EXE-19C780DC.PF >
    [2011/11/18 14:21:35 | 000,015,400 | ---- | M] () MD5=D53E6B199E23E9A1C3E2A4B82B5ED663 -- C:\Windows\Prefetch\EXPLORER.EXE-19C780DC.pf

    < MD5 for: EXPLORER.EXE-A80E4F97.PF >
    [2011/11/18 21:41:41 | 000,145,748 | ---- | M] () MD5=6E58216E2DE7BA022DAABA75C94D88DF -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf

    < MD5 for: EXPLORER.EXE-CFAE8B11.PF >
    [2011/11/18 14:21:34 | 000,009,272 | ---- | M] () MD5=26E949115BDFBEEC064AE9BA3AB769E8 -- C:\Windows\Prefetch\EXPLORER.EXE-CFAE8B11.pf

    < MD5 for: IEXPLORE.COM-BF4051A8.PF >
    [2011/11/18 14:21:22 | 000,013,572 | ---- | M] () MD5=D5B5B38CB021B89A6DA3EE96132163BA -- C:\Windows\Prefetch\IEXPLORE.COM-BF4051A8.pf

    < MD5 for: IEXPLORE.EXE >
    [2008/04/24 22:22:36 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=07ED775D6DB4BFA96D7CFB09EB228418 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\iexplore.exe
    [2009/01/14 22:14:36 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=0844F5B9CB3BB85A917D347EF1565B6C -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\iexplore.exe
    [2009/11/21 00:42:38 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=1B6362BB14FCEB9E76BCF9A953B04788 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18865_none_120f459f2ff7e1f8\iexplore.exe
    [2010/02/23 09:06:13 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=25DB705A7DC85C208B3CF2D20F118AA7 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_127872a6492dd595\iexplore.exe
    [2009/04/11 00:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation) MD5=2C5168C856455CC43C4B4E1CC1920001 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
    [2009/08/26 23:23:17 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=2E48756F12C21F46895036AC089AAD97 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18828_none_123d862d2fd4be39\iexplore.exe
    [2010/01/02 08:58:26 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=3D8DA00B028DEA9517066F1CECBFC4A2 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_128c11ea491f6b05\iexplore.exe
    [2010/05/04 00:32:18 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=48A6109E8DF0365195298CC527B7426A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23019_none_12d2cb5048e98eab\iexplore.exe
    [2010/09/08 00:26:34 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=4A719476A6393B1DCACFEB4F3AC6599C -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23067_none_129abb204913e7b2\iexplore.exe
    [2009/07/22 00:04:09 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=4B5AEA50CE77FBA4C2D169622DC9B489 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\iexplore.exe
    [2008/10/15 22:27:53 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=4CBA2F58668F2D5F3259CBE73E227F25 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_2debf43c36078f24\iexplore.exe
    [2010/11/02 00:03:13 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=5AB037B17F8A87D052F5A88E0D29A3C8 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18999_none_11f2d8e9300c984e\iexplore.exe
    [2008/01/20 20:23:50 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=5B92133D3E7FB2644677686305E29E81 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
    [2010/05/04 00:00:35 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=5C9B1062EA7A44E8F6BFDE994B68C7AA -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_123d88132fd4bb60\iexplore.exe
    [2010/06/26 00:06:48 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7420BE0E7D3D1320054F7ACA0594953D -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_1222e6c92fe9748f\iexplore.exe
    [2009/08/27 07:31:08 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=7DD482E4A2E3CBB0A72F718C342F5B75 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22918_none_12d1f2e448ea4212\iexplore.exe
    [2010/01/02 00:40:20 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=88BD42DAE7CFFEB256CA7145A15E4843 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_11f6a4e9300acdd5\iexplore.exe
    [2011/06/06 03:29:41 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Program Files\Internet Explorer\iexplore.exe
    [2011/06/06 03:29:41 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16421_none_58a99749ebaa0de6\iexplore.exe
    [2010/11/02 01:13:47 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=92A17B0A89D14815AACC62CD190B6CE3 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23091_none_127449a04931a37b\iexplore.exe
    [2008/04/24 20:04:08 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=9F1427F203CA078005C9943800929640 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\iexplore.exe
    [2010/02/23 00:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=9F52FBE99C749E3F32C75124F09F1B03 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_124f26c32fc81e22\iexplore.exe
    [2009/03/08 15:09:24 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
    [2009/07/21 15:53:43 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=C33BD196A0301F9B23D9A003D30ED8B0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\iexplore.exe
    [2010/09/08 00:02:42 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=D5A730DFDEAE005373E62BC2A866E3BB -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18975_none_120477992ffffb10\iexplore.exe
    [2008/10/15 22:42:58 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=D762642A109433EEDCD332B0A9511137 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\iexplore.exe
    [2009/11/21 09:05:17 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=E7F8DF50E483D165BB01F367D3519AA7 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22956_none_12a4b2a0490c7f28\iexplore.exe
    [2010/06/26 00:52:42 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=F05B3A2C6CB319DD1377AD566CF5ECE5 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_12a958f24909fe6f\iexplore.exe
    [2009/01/14 22:18:47 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=F0B1CA517977BA2FF6DA33F1B966C488 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\iexplore.exe

    < MD5 for: IEXPLORE.EXE.MUI >
    [2006/11/02 06:41:15 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=3CCDDDBC49DEACA370F39A9F0E146A1B -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_3b55b11a57da5590\iexplore.exe.mui
    [2011/06/06 03:29:43 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
    [2011/06/06 03:29:43 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.1.8112.16421_en-us_52562cc123574ecd\iexplore.exe.mui
    [2009/03/08 15:27:11 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.6001.18702_en-us_207795706a90d6c1\iexplore.exe.mui

    < MD5 for: IEXPLORE.EXE-3FB1D9C5.PF >
    [2011/11/18 14:21:33 | 000,011,232 | ---- | M] () MD5=9B6F08F3798543468A8BD29B6A8BCB32 -- C:\Windows\Prefetch\IEXPLORE.EXE-3FB1D9C5.pf

    < MD5 for: IEXPLORE.EXE-7D728524.PF >
    [2011/11/18 14:21:34 | 000,010,168 | ---- | M] () MD5=D7077796651E7B7A293E56BF6915EF06 -- C:\Windows\Prefetch\IEXPLORE.EXE-7D728524.pf

    < MD5 for: IEXPLORE.EXE-908C99F8.PF >
    [2011/11/18 20:59:48 | 000,419,876 | ---- | M] () MD5=B53DC5E80BEE0B7B4A5B69936B7BDB3E -- C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf

    < MD5 for: IEXPLORE.EXE-C78B7AEF.PF >
    [2011/11/18 14:21:45 | 000,013,682 | ---- | M] () MD5=90B3CB05AF7DE5177AF29B3A5DCFF2B7 -- C:\Windows\Prefetch\IEXPLORE.EXE-C78B7AEF.pf

    < MD5 for: NETBT.SYS >
    [2008/01/20 20:24:59 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
    [2011/11/18 13:30:43 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\System32\drivers\netbt.sys
    [2011/11/18 13:30:43 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys

    < MD5 for: WINLOGON.EXE >
    [2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
    [2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
    [2008/01/20 20:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

    < MD5 for: WINLOGON.EXE.MUI >
    [2008/01/20 20:25:40 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\System32\en-US\winlogon.exe.mui
    [2008/01/20 20:25:40 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_caf8918b0416723a\winlogon.exe.mui
    [2006/11/02 06:40:50 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=A1D2856F3EC3C86EBBF1442B0245A8B3 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c8c1cf8f072b6166\winlogon.exe.mui

    < MD5 for: WINLOGON.EXE-CE446F99.PF >
    [2011/11/18 14:21:31 | 000,030,430 | ---- | M] () MD5=2AE87143DF8E5E2D3845AEA64539D156 -- C:\Windows\Prefetch\WINLOGON.EXE-CE446F99.pf

    < MD5 for: WINLOGON.MOF >
    [2006/09/18 15:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\System32\wbem\winlogon.mof
    [2006/09/18 15:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.0.6000.16386_none_7e0207d478fccc94\winlogon.mof

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\$NtUninstallKB34446$] -> Error: Cannot create file handle -> Unknown point type

    < End of report >
     
  7. brothasoul

    brothasoul Thread Starter

    Joined:
    Aug 12, 2003
    Messages:
    51
    [Extras.txt]

    OTL Extras logfile created on: 11/19/2011 12:45:43 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Prince\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.87 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 55.96% Memory free
    5.95 Gb Paging File | 4.25 Gb Available in Paging File | 71.42% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 223.93 Gb Total Space | 27.29 Gb Free Space | 12.19% Space Free | Partition Type: NTFS
    Drive H: | 14.92 Gb Total Space | 9.61 Gb Free Space | 64.45% Space Free | Partition Type: FAT32

    Computer Name: PRINCE-PC | User Name: Prince | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2964417686-3802623456-3068059845-1000]
    "EnableNotifications" = 0
    "EnableNotificationsRef" = 9

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\iCall\iCall.exe" = C:\Program Files\iCall\iCall.exe:*:Enabled:iCall


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{06AF9424-E165-4B7E-8644-1D52A341D3AB}" = rport=445 | protocol=6 | dir=out | app=system |
    "{0F63DD5C-D465-4C71-9376-196690BBE43A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{1170A90A-1116-47C8-98DA-FD2CA4336863}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{1AF4349B-DE06-4D08-BC3B-11A9C016EB22}" = rport=137 | protocol=17 | dir=out | app=system |
    "{2223D696-C9DD-44C6-8072-0BD81F3F1D14}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{2555B9D4-8BDC-4935-86FA-31122BE40E0E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{3520FCAA-8564-481C-B570-150937F5325E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{3F61F664-C960-42DA-9B35-69280FE9EAB6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{55B4FDEB-855E-406E-9B27-6D50D217D111}" = rport=139 | protocol=6 | dir=out | app=system |
    "{55F95C79-B0BD-4D9D-B906-BF6D200C6DB9}" = rport=138 | protocol=17 | dir=out | app=system |
    "{5A69A617-30B7-436F-ADB3-B94C16ADF3FE}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
    "{64595E38-C590-4017-A850-1333986C39D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{65B51E44-89F3-4A09-9A81-10665FCD47A3}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
    "{6E6EEB02-59E3-4738-A0D1-4D2F626B8485}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{73A16A36-5023-4B22-8DCE-AA5C81D79FFD}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
    "{7E05119A-E2F8-4867-BDFE-39FBE32CE1E5}" = lport=139 | protocol=6 | dir=in | app=system |
    "{7E6CA4A6-32EA-4CEF-9292-E9F801D7F288}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{82CDDADB-EC7F-40CB-AB01-4E959F6EBDF1}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
    "{9BE05ABC-CA30-464B-B5F6-6711D5793239}" = lport=138 | protocol=17 | dir=in | app=system |
    "{B403CA9B-BBA6-4A98-8CFB-773612C6778E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{CDAFB51F-876D-4C75-ADBE-489F85EEDE20}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
    "{DB012CC6-5F46-47A1-BB47-B6E75FE52090}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
    "{F0BAA61C-308D-4A87-93F4-7D47DE4CE5C2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{F3EC49B9-36FB-4940-9DB8-C6A8EF61F6C3}" = lport=137 | protocol=17 | dir=in | app=system |
    "{F6F99ED4-67A3-4D4A-A95C-BB2DFE2A5E7B}" = lport=9000 | protocol=17 | dir=in | name=icall port ii |
    "{FEB7885A-620F-4911-B58E-7FDD825C3132}" = lport=4255 | protocol=17 | dir=in | name=icall port i |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0067D2D2-575D-4747-93C2-F7F242C42B42}" = protocol=17 | dir=in | app=c:\program files\tivo\desktop\tivodesktop.exe |
    "{0395EE52-675C-4FAB-9256-F2BCB82EB22F}" = protocol=6 | dir=in | app=c:\program files\foxtabflvplayer\uninstall\uninstall.exe |
    "{0433FB5C-8C00-4C51-8AE1-A8117630E046}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{0617FD88-AC10-454A-99AB-39E2E41C61B0}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
    "{06B4968B-B865-4BE8-8ECA-551F34633230}" = protocol=1 | dir=in | [email protected],-28543 |
    "{0BEE9AD9-A03F-4EB2-90EC-9E232ECFA57D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{0F00F3C3-8F70-43CE-A13E-03C5C4275D28}" = protocol=17 | dir=in | app=c:\users\prince\appdata\roaming\mjusbsp\magicjack.exe |
    "{10B45949-E908-4162-9AD8-A1E87A62154B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{139FFEF3-CD1B-49D7-BF22-D8E6DBF40323}" = protocol=17 | dir=in | app=c:\program files\icall\icall.exe |
    "{182BE650-D156-4F38-B230-34AB2A4260BD}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{18A53344-290E-4803-AA99-0E16263676B8}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
    "{19934827-E235-4093-8431-D4AAD3CC8A7C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{22116633-81E5-4582-B3D8-94D9F4150900}" = protocol=17 | dir=in | app=c:\program files\common files\tivo shared\transfer\tivotransfer.exe |
    "{31B38904-C8D7-4FB7-906C-F671919413FD}" = protocol=6 | dir=in | app=c:\program files\tivo\desktop\tivoserver.exe |
    "{35E7EBA7-679B-43FF-A93B-DB71A62B904E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{5E2C01A2-0FB8-4DA8-99D9-6F3AA5AC4D62}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{61F0BEA8-BF96-403E-8143-18F07D95320C}" = protocol=6 | dir=in | app=c:\program files\common files\tivo shared\transfer\tivotransfer.exe |
    "{62AF817C-E538-4A4C-897F-B99C2335CF39}" = protocol=17 | dir=in | app=c:\program files\tivo\desktop\tivoserver.exe |
    "{68210228-BDC0-4B0E-812C-C8C659E491E9}" = protocol=6 | dir=in | app=c:\program files\tivo\desktop\tivodesktop.exe |
    "{73E53C68-0564-4F60-8316-088E94CC012A}" = protocol=6 | dir=in | app=c:\users\prince\appdata\roaming\mjusbsp\magicjack.exe |
    "{752BD02D-81CD-4D2C-AE21-93534B1C0257}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{7C11E4D7-2607-419B-9BBF-2B92D5B58442}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{7F4CC8F8-4509-45EF-BF6E-AB92E28EF408}" = protocol=1 | dir=out | [email protected],-28544 |
    "{97A9856D-20A2-4D62-ACD1-6DF053D00A64}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{9F86BC8C-7203-4316-92FE-C20F5DD04392}" = protocol=6 | dir=in | app=c:\program files\tivo\desktop\curl.exe |
    "{A4E6D0A7-695C-4182-9D5C-88F879449BE9}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
    "{B6651BAE-BDD8-4CED-A4A1-8F6C888F46E1}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{B91E33F5-989D-43BB-BC77-6A68A1028DD2}" = protocol=17 | dir=in | app=c:\program files\tivo\desktop\curl.exe |
    "{BA4AEBC2-46CE-4AFF-9802-E5F0534707B0}" = protocol=58 | dir=out | [email protected],-28546 |
    "{BD738242-FE38-4655-AA99-6F8B8846C18C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{C196DAA4-9EA1-446F-AB91-76E27492C360}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{CB04037F-88FB-4744-8995-43D0AC16798A}" = protocol=58 | dir=in | [email protected],-28545 |
    "{D2B3CE5B-0EE5-4AF8-9BAC-98ACD400377D}" = protocol=17 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
    "{D490CD55-A497-4AC2-B2F8-116CD60BDD0B}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{D4DEA785-E7FE-4134-85BB-EB373254E9E4}" = protocol=6 | dir=in | app=c:\program files\icall\icall.exe |
    "{D6C78EA8-0A6D-4EB0-8E84-67A8341CBFD3}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
    "{E27146A7-B5C8-4234-80B0-9918C62C3A0C}" = protocol=6 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
    "{E2B54812-1879-4977-B08E-6A82BF453E93}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{ED31AA54-4224-439C-AC66-6172DB3554C4}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
    "{F88453C3-F56F-4D7A-8384-78DC3B8F739D}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
    "TCP Query User{3C32E319-44B7-4F1D-BC0E-40D79B002C50}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdm.exe |
    "TCP Query User{3D276597-E004-4E32-83E7-1F44035D5EC4}C:\users\prince\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\prince\appdata\roaming\mjusbsp\magicjack.exe |
    "TCP Query User{43FF07C8-42FB-4E7F-9A62-E5272FE58AD3}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
    "TCP Query User{754FF3DF-8723-4D97-9C0E-58CC980ECAD1}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "TCP Query User{922C9208-BED2-49A2-A4E9-8E959148E6C3}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
    "TCP Query User{A7C2DABB-B63B-4E9A-A664-26930585C0E1}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
    "TCP Query User{A9B5A63A-4D29-4CBC-BF6F-2997137E90F8}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
    "UDP Query User{04639F9B-CBEB-4BF9-A66F-50CE82A90A7A}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "UDP Query User{1D01F8DE-1B56-4458-B8DA-B03B480C076F}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
    "UDP Query User{2854B85D-7E0E-4D3E-A951-DE856F098876}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdm.exe |
    "UDP Query User{3A101BB5-B474-4F5F-A019-C03E9E0DC87F}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
    "UDP Query User{7CF0B991-BC80-428F-A541-43528B883F76}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
    "UDP Query User{86F46814-A085-414E-828D-A54EBEF996B9}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
    "UDP Query User{E00A1D38-C2E5-4428-A196-C2E8608828BC}C:\users\prince\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\prince\appdata\roaming\mjusbsp\magicjack.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
    "{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
    "{1455271A-A211-454B-9641-F774836FA86E}" = BlackBerry Device Software v6.0.0 for the BlackBerry 9300 smartphone
    "{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
    "{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
    "{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support
    "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
    "{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
    "{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
    "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 24
    "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
    "{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
    "{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
    "{363611D9-1106-41F2-B74E-BD8481C41219}" = Click to Disc
    "{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
    "{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
    "{4E839090-3B68-436A-B3CF-A2A08C38DD26}" = TiVo Desktop 2.7
    "{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
    "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
    "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
    "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
    "{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
    "{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
    "{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
    "{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects
    "{7E823DA5-43A2-46E8-A75E-5A2A0FDE81A1}" = VAIO Content Metadata Manager Setting
    "{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8BD60AEF-3F9D-47AE-B80A-FB7FFCE335A0}" = VAIO Movie Story
    "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
    "{8ECB8220-F419-4BEB-9596-97033C533702}" = QuickBooks Simple Start 2008
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}" = Dealio Toolbar v4.0.1
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
    "{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
    "{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
    "{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility
    "{9C1EED58-1790-45C4-ADBC-5D45FCA7292E}" = Pure Networks Platform
    "{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
    "{A552C4EA-D41E-4C61-A0FB-C0E05440F7D7}" = VAIO Entertainment Platform
    "{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
    "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
    "{BACD22AE-5B6B-4F23-B506-3FCFF13AC137}" = VAIO Media plus
    "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
    "{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO Wireless Wizard
    "{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
    "{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
    "{CB8A8696-93EC-414E-A752-850AB133F68A}" = VAIO Content Metadata XML Interface Library
    "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
    "{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype&#8482; 4.1
    "{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
    "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
    "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
    "{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant
    "{E1D25278-B51A-4163-BC3D-20A4D2D09F98}" = VAIO My Memory Center
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
    "{EE59BBF9-415C-45DB-8C4B-EE43CF635FEA}" = VAIO Content Metadata XML Interface Library
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1362843-0E0E-4F74-8662-724CF101ADCE}" = Skype web features
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
    "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
    "{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
    "{FE697886-F392-4E0D-A0C0-47587BF60992}" = VAIO Content Metadata Manager Setting
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7-Zip" = 7-Zip 9.20
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AIM_6" = AIM 6
    "Amazon Kindle For PC" = Amazon Kindle For PC v1.1
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
    "Any Video Converter_is1" = Any Video Converter 3.3.0
    "AOL Toolbar" = AOL Toolbar 5.0
    "AviSynth" = AviSynth 2.5
    "BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
    "CCleaner" = CCleaner
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Coupon Printer for Windows4.0" = Coupon Printer for Windows
    "FlashGet" = FlashGet 1.9.6.1073
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
    "InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
    "InstallShield_{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
    "InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
    "IrfanView" = IrfanView (remove only)
    "Isohunt-vuze Toolbar" = Isohunt-vuze Toolbar
    "iWisoft Free Video Converter_is1" = iWisoft Free Video Converter 1.2
    "LastFM_is1" = Last.fm 1.5.4.27091
    "Media Player Classic" = Media Player Classic
    "MediaCoder" = MediaCoder 0.7.3.4616
    "MediaCoder 3GP Edition" = MediaCoder 3GP Edition 0.6.0
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
    "ProInst" = Intel PROSet Wireless
    "PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
    "RealPlayer 6.0" = RealPlayer
    "Rhapsody" = Rhapsody
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "SystemRequirementsLab" = System Requirements Lab
    "The Weather Channel Desktop 6" = The Weather Channel Desktop 6
    "TiVo Desktop 2.7" = TiVo Desktop 2.7
    "TomTom HOME" = TomTom HOME 2.7.5.2014
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.1.4
    "WinRAR archiver" = WinRAR archiver
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "Google Chrome" = Google Chrome
    "GoToMeeting" = GoToMeeting 4.8.0.723
    "magicJack" = magicJack
    "Move Media Player" = Move Media Player
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/18/2011 9:22:12 PM | Computer Name = Prince-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 11/18/2011 9:22:12 PM | Computer Name = Prince-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 11/18/2011 9:44:55 PM | Computer Name = Prince-PC | Source = VzCdbSvc | ID = 7
    Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
    code = 0x80042019)

    Error - 11/18/2011 9:44:59 PM | Computer Name = Prince-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 11/18/2011 10:31:07 PM | Computer Name = Prince-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 11/18/2011 10:53:28 PM | Computer Name = Prince-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 11/18/2011 10:55:01 PM | Computer Name = Prince-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 11/18/2011 10:55:05 PM | Computer Name = Prince-PC | Source = MsiInstaller | ID = 10005
    Description =

    Error - 11/18/2011 10:55:06 PM | Computer Name = Prince-PC | Source = MsiInstaller | ID = 10005
    Description =

    Error - 11/18/2011 11:39:22 PM | Computer Name = Prince-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    [ System Events ]
    Error - 11/18/2011 9:15:57 PM | Computer Name = Prince-PC | Source = DCOM | ID = 10005
    Description =

    Error - 11/18/2011 9:16:01 PM | Computer Name = Prince-PC | Source = DCOM | ID = 10005
    Description =

    Error - 11/18/2011 9:16:05 PM | Computer Name = Prince-PC | Source = DCOM | ID = 10005
    Description =

    Error - 11/18/2011 9:16:06 PM | Computer Name = Prince-PC | Source = DCOM | ID = 10005
    Description =

    Error - 11/18/2011 9:16:05 PM | Computer Name = Prince-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
    Description =

    Error - 11/18/2011 9:16:51 PM | Computer Name = Prince-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 11/18/2011 9:16:51 PM | Computer Name = Prince-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 11/18/2011 9:20:47 PM | Computer Name = Prince-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 11/18/2011 9:44:26 PM | Computer Name = Prince-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
    Description =

    Error - 11/18/2011 9:44:59 PM | Computer Name = Prince-PC | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >
     
  8. oldman960

    oldman960

    Joined:
    Apr 7, 2010
    Messages:
    166
    Hi brothasoul,

    No one AV is perfect. We see infected computer with AVs of all flavors. Kaspersky does have pretty a good detection rate.

    Please read through the instructions to familarize youself with what to expect when the tool runs.

    It is vitally important that combofix is renamed before it is even started to download


    Download ComboFix from one of these locations:
    Link 1
    Link 2

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • If you are using Firefox, make sure that your download settings are as follows:
      -Tools->Options->Main tab
      -Set to "Always ask me where to Save the files".
    • During the download, before you save it to your desktop, rename Combofix to jgh.exe

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
    • Right click on ComboFix.exe, (jgh.exe in your case) click Run as Administrator & follow the prompts.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Notes:
    1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Please post back with the combofix log.

    How's the computer?
    Thanks
     
  9. brothasoul

    brothasoul Thread Starter

    Joined:
    Aug 12, 2003
    Messages:
    51
    Re: How's the computer?

    After you had me remove the AV Protection entry using HijackThis, I've been able to use the computer as before. I was able to delete the related icon from my desktop, and at present, see that it has thankfully been removed from my start menu folder. Each post seems to make things better. d:)

    [combofix]

    ComboFix 11-11-19.02 - Prince 11/19/2011 2:52.1.2 - x86
    Microsoft® Windows Vista&#8482; Home Premium 6.0.6002.2.1252.1.1033.18.2938.1658 [GMT -6:00]
    Running from: c:\users\Prince\Desktop\jgh.exe
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\program files\LP
    c:\program files\LP\3AEB\15D.exe
    c:\program files\LP\3AEB\44EB.tmp
    c:\program files\LP\CEFB\104F.tmp
    c:\program files\LP\CEFB\76CD.tmp
    c:\program files\LP\CEFB\879F.tmp
    c:\program files\LP\CEFB\DBA.exe
    c:\programdata\Roaming
    c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
    c:\users\Prince\AppData\Roaming\dwme.exe
    c:\users\Prince\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
    c:\users\Prince\AppData\Roaming\ldr.ini
    c:\users\Prince\g2mdlhlpx.exe
    c:\windows\$NtUninstallKB34446$
    c:\windows\$NtUninstallKB34446$\2504283863
    c:\windows\$NtUninstallKB34446$\3483781416\@
    c:\windows\$NtUninstallKB34446$\3483781416\bckfg.tmp
    c:\windows\$NtUninstallKB34446$\3483781416\cfg.ini
    c:\windows\$NtUninstallKB34446$\3483781416\Desktop.ini
    c:\windows\$NtUninstallKB34446$\3483781416\keywords
    c:\windows\$NtUninstallKB34446$\3483781416\kwrd.dll
    c:\windows\$NtUninstallKB34446$\3483781416\L\qnbwvoto
    c:\windows\$NtUninstallKB34446$\3483781416\lsflt7.ver
    c:\windows\$NtUninstallKB34446$\3483781416\U\[email protected]
    c:\windows\$NtUninstallKB34446$\3483781416\U\[email protected]
    c:\windows\$NtUninstallKB34446$\3483781416\U\[email protected]
    c:\windows\$NtUninstallKB34446$\3483781416\U\[email protected]
    c:\windows\$NtUninstallKB34446$\3483781416\U\[email protected]
    c:\windows\$NtUninstallKB34446$\3483781416\U\[email protected]
    c:\windows\system32\AV Protection 2011v121.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-19 09:01 . 2011-11-19 09:03 -------- d-----w- c:\users\Prince\AppData\Local\temp
    2011-11-19 09:01 . 2011-11-19 09:01 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-19 02:55 . 2011-11-19 02:55 -------- d-----w- C:\kleaner.tmp
    2011-11-18 21:42 . 2011-11-18 21:42 -------- d-----w- c:\users\Prince\AppData\Roaming\IRZZ99hYXwUVlBz
    2011-11-18 21:42 . 2011-11-18 21:42 -------- d-----w- c:\users\Prince\AppData\Roaming\agggllOBtzPcA1v
    2011-11-18 19:34 . 2011-11-18 19:34 -------- d-----w- c:\users\Prince\AppData\Roaming\sGGG5aaQJ6d
    2011-11-18 19:34 . 2011-11-18 19:34 -------- d-----w- c:\users\Prince\AppData\Roaming\ZUUUCeelIBrP
    2011-11-18 19:25 . 2011-11-18 19:26 -------- d-----w- c:\users\Prince\AppData\Roaming\JXqjYCekIrOtAuS
    2011-11-18 19:25 . 2011-11-18 19:25 -------- d-----w- c:\users\Prince\AppData\Roaming\iH6dWK7fR9
    2011-11-18 18:27 . 2011-11-18 18:27 -------- d-----w- c:\users\Prince\AppData\Roaming\Malwarebytes
    2011-11-18 18:27 . 2011-11-19 08:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-18 12:34 . 2011-11-18 12:34 -------- d-----w- c:\users\Prince\AppData\Roaming\ZQJ6dEK8fZhXjCl
    2011-11-18 12:34 . 2011-11-18 12:34 -------- d-----w- c:\users\Prince\AppData\Roaming\oBtzPNycAuDoFpG
    2011-11-18 07:41 . 2011-11-18 07:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-11-18 07:41 . 2011-11-18 07:42 -------- d-----w- c:\program files\Spybot Search & Destroy
    2011-11-18 07:37 . 2011-11-18 07:37 -------- d-----w- c:\program files\80FCC
    2011-11-18 07:36 . 2011-11-19 08:28 -------- d-----w- c:\users\Prince\AppData\Roaming\BE080
    2011-11-18 07:36 . 2011-11-18 07:36 -------- d-----w- c:\users\Prince\AppData\Roaming\qrrrzPNNyA1uv2b
    2011-11-18 07:36 . 2011-11-18 07:36 -------- d-----w- c:\users\Prince\AppData\Roaming\VTTXXwjUCelI
    2011-11-18 07:36 . 2011-11-18 07:36 -------- d-----w- c:\users\Prince\AppData\Roaming\A000uuvS2ibF
    2011-11-18 07:36 . 2011-11-18 07:36 -------- d-----w- c:\users\Prince\AppData\Roaming\ZCCeelIBB
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-18 19:30 . 2009-08-18 19:39 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
    2011-11-06 17:20 . 2011-06-06 16:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-06 13:30 . 2011-10-15 06:06 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-09-01 02:35 . 2011-10-15 06:08 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-09-01 02:28 . 2011-10-15 06:08 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-09-01 02:22 . 2011-10-15 06:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-08-25 16:15 . 2011-10-15 06:06 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-08-25 16:14 . 2011-10-15 06:06 238080 ----a-w- c:\windows\system32\oleacc.dll
    2011-08-25 16:14 . 2011-10-15 06:06 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-08-25 13:31 . 2011-10-15 06:06 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-10-02 21:39 . 2011-08-17 20:59 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c3a1de1-94ca-4ad6-acdf-c1324adc487b}]
    2008-09-15 12:47 1784856 ----a-w- c:\program files\Isohunt-vuze\tbIsoh.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-02-04 22:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{6c3a1de1-94ca-4ad6-acdf-c1324adc487b}"= "c:\program files\Isohunt-vuze\tbIsoh.dll" [2008-09-15 1784856]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
    .
    [HKEY_CLASSES_ROOT\clsid\{6c3a1de1-94ca-4ad6-acdf-c1324adc487b}]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{6C3A1DE1-94CA-4AD6-ACDF-C1324ADC487B}"= "c:\program files\Isohunt-vuze\tbIsoh.dll" [2008-09-15 1784856]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
    .
    [HKEY_CLASSES_ROOT\clsid\{6c3a1de1-94ca-4ad6-acdf-c1324adc487b}]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
    @="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
    [HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
    2008-06-14 00:07 303104 ------w- c:\ddi\OverIcon.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2011-06-08 822456]
    "googletalk"="c:\users\Prince\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "TranscodingService"="c:\program files\TiVo\Desktop\TranscodingService.exe" [2009-01-27 520192]
    "TivoNotify"="c:\program files\TiVo\Desktop\TiVoNotify.exe" [2009-01-27 425472]
    "TivoServer"="c:\program files\TiVo\Desktop\TiVoServer.exe" [2009-01-27 2143232]
    "cdloader"="c:\users\Prince\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-04 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-04 170520]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-04 145944]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
    "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
    "SmartWiHelper"="c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" [2008-06-27 77824]
    "VAIOMyMemCenter"="c:\program files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" [2008-02-29 679936]
    "VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480]
    "VAIOSurvey"="c:\program files\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024]
    "VWLASU"="c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-05-20 24576]
    "LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNDg5OTE3NTU2LUZQOSs2LVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMS1MSUMrNy1GTDEwKzEtU1AxKzEtU1AxVEIrMS1TVVArNC1TUDFTMisxLUREVCsyMzU2Mi1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQU4rMS1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEJOKzEtRjEwTTEyQisx&prod=90&ver=10.0.1411" [?]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AOLDDI.LNK - c:\ddi\AOLICON.exe [N/A]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-9-3 813584]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-12 972064]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2008-07-16 01:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2964417686-3802623456-3068059845-1000]
    "EnableNotifications"=dword:00000001
    "EnableNotificationsRef"=dword:0000000b
    .
    R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-05-21 103712]
    R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-05-21 353568]
    R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-05-21 62752]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-12 337184]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-12 83232]
    S2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe [2007-06-26 537840]
    S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-04-18 204800]
    S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-11-03 299008]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
    S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-07-03 104992]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
    S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2008-03-25 104960]
    S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-06-20 411488]
    S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]
    S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-01-31 17408]
    S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-03-10 9344]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2011-06-06 09:29 114176 ----a-w- c:\windows\System32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2964417686-3802623456-3068059845-1000Core.job
    - c:\users\Prince\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-30 05:05]
    .
    2011-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2964417686-3802623456-3068059845-1000UA.job
    - c:\users\Prince\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-30 05:05]
    .
    .
    ------- Supplementary Scan -------
    .
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
    IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
    Trusted Zone: real.com\rhap-app-4-0
    Trusted Zone: real.com\rhapreg
    Trusted Zone: rhapsody.com\rhap-app-4-0
    Trusted Zone: rhapsody.com\rhapreg
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    FF - ProfilePath - c:\users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\
    FF - prefs.js: browser.startup.homepage - hxxp://advocate.com/
    FF - prefs.js: keyword.URL - hxxp://www.search.yahoo.com/search?p=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-Aim6 - (no file)
    HKLM-Run-npppnGG5aQHdW7f - c:\users\Prince\AppData\Roaming\dwme.exe
    HKLM-Run-DBA.exe - c:\program files\LP\CEFB\DBA.exe
    HKLM-Run-15D.exe - c:\program files\LP\3AEB\15D.exe
    SafeBoot-98733879.sys
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-19 03:04
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(5416)
    c:\program files\Logitech\SetPoint\lgscroll.dll
    c:\ddi\overicon.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\windows\system32\java.exe
    c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\program files\Sony\VAIO Event Service\VESMgr.exe
    c:\windows\system32\DllHost.exe
    c:\windows\system32\conime.exe
    c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Sony Corporation\SmartWi Connection Utility\CCP.exe
    c:\program files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
    c:\program files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
    c:\program files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
    c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-19 03:11:53 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-19 09:11
    .
    Pre-Run: 29,013,188,608 bytes free
    Post-Run: 29,264,121,856 bytes free
    .
    - - End Of File - - 0D7660BE20D6E1031DA501E7C7555545
     
  10. oldman960

    oldman960

    Joined:
    Apr 7, 2010
    Messages:
    166
    Hi brothasoul,

    Looks like you used Symantec (Norton) in the past. Are you finished using all Symantec products?

    AVG also looks to have been uninstalled. Since you do not have an AV installed please limit your internet activity to downloading tools and posting in this thread. You can install one when we are finished (shouldn't be long).

    Please follow all previous instructions regarding security programs.


    Open a new Notepad session
    • Click the Start button, click run
    • in the run box type notepad
    • click ok
    • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
    • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE
    Code:
    Folder::
    c:\users\Prince\AppData\Roaming\IRZZ99hYXwUVlBz
    c:\users\Prince\AppData\Roaming\agggllOBtzPcA1v
    c:\users\Prince\AppData\Roaming\sGGG5aaQJ6d
    c:\users\Prince\AppData\Roaming\ZUUUCeelIBrP
    c:\users\Prince\AppData\Roaming\JXqjYCekIrOtAuS
    c:\users\Prince\AppData\Roaming\iH6dWK7fR9
    c:\users\Prince\AppData\Roaming\ZQJ6dEK8fZhXjCl
    c:\users\Prince\AppData\Roaming\oBtzPNycAuDoFpG
    c:\program files\80FCC
    c:\users\Prince\AppData\Roaming\BE080
    c:\users\Prince\AppData\Roaming\qrrrzPNNyA1uv2b
    c:\users\Prince\AppData\Roaming\VTTXXwjUCelI
    c:\users\Prince\AppData\Roaming\A000uuvS2ibF
    c:\users\Prince\AppData\Roaming\ZCCeelIBB
    

    In the notepad
    • Click File, Save as..., and set the Save in to your Desktop
    • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
    • Click save
    Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.
    This will start ComboFix again.Close all browser/windows first.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    [​IMG]


    Please post back with the combofix log.

    Still ok?

    Thanks
     
  11. brothasoul

    brothasoul Thread Starter

    Joined:
    Aug 12, 2003
    Messages:
    51
    I thought I had replaced Symantec with AVG a few months back, because I was done using the software back then. I may have been in the process of replacing AVG with Kaspersky when that uninstall was noted.

    The computer is still running well. Still haven't seen an AV Protection 2011 pop up since HijackThis, which makes me d:)

    [cfscript/combofix]

    ComboFix 11-11-19.02 - Prince 11/19/2011 12:22:09.2.2 - x86
    Microsoft® Windows Vista&#8482; Home Premium 6.0.6002.2.1252.1.1033.18.2938.1526 [GMT -6:00]
    Running from: c:\users\Prince\Desktop\jgh.exe
    Command switches used :: c:\users\Prince\Desktop\CFScript.txt
    AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
    SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\80FCC
    c:\users\Prince\AppData\Roaming\A000uuvS2ibF
    c:\users\Prince\AppData\Roaming\agggllOBtzPcA1v
    c:\users\Prince\AppData\Roaming\BE080
    c:\users\Prince\AppData\Roaming\BE080\0FCC.E08
    c:\users\Prince\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
    c:\users\Prince\AppData\Roaming\iH6dWK7fR9
    c:\users\Prince\AppData\Roaming\IRZZ99hYXwUVlBz
    c:\users\Prince\AppData\Roaming\IRZZ99hYXwUVlBz\AV Protection 2011.ico
    c:\users\Prince\AppData\Roaming\JXqjYCekIrOtAuS
    c:\users\Prince\AppData\Roaming\JXqjYCekIrOtAuS\AV Protection 2011.ico
    c:\users\Prince\AppData\Roaming\oBtzPNycAuDoFpG
    c:\users\Prince\AppData\Roaming\qrrrzPNNyA1uv2b
    c:\users\Prince\AppData\Roaming\qrrrzPNNyA1uv2b\AV Protection 2011.ico
    c:\users\Prince\AppData\Roaming\sGGG5aaQJ6d
    c:\users\Prince\AppData\Roaming\sGGG5aaQJ6d\AV Protection 2011.ico
    c:\users\Prince\AppData\Roaming\VTTXXwjUCelI
    c:\users\Prince\AppData\Roaming\ZCCeelIBB
    c:\users\Prince\AppData\Roaming\ZQJ6dEK8fZhXjCl
    c:\users\Prince\AppData\Roaming\ZQJ6dEK8fZhXjCl\AV Protection 2011.ico
    c:\users\Prince\AppData\Roaming\ZUUUCeelIBrP
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-19 18:57 . 2011-11-19 18:59 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2011-11-19 18:57 . 2011-11-19 18:57 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-19 09:36 . 2011-11-19 15:51 97961 ----a-w- c:\windows\system32\drivers\klick.dat
    2011-11-19 09:36 . 2011-11-19 15:51 115369 ----a-w- c:\windows\system32\drivers\klin.dat
    2011-11-19 09:35 . 2011-11-19 19:02 -------- d-----w- c:\programdata\Kaspersky Lab
    2011-11-19 09:35 . 2011-11-19 09:35 -------- d-----w- c:\program files\Kaspersky Lab
    2011-11-19 09:11 . 2011-11-19 19:01 -------- d-----w- c:\users\Prince\AppData\Local\temp
    2011-11-19 08:41 . 2011-11-19 09:11 -------- d-----w- C:\jgh
    2011-11-19 02:55 . 2011-11-19 02:55 -------- d-----w- C:\kleaner.tmp
    2011-11-18 18:27 . 2011-11-18 18:27 -------- d-----w- c:\users\Prince\AppData\Roaming\Malwarebytes
    2011-11-18 18:27 . 2011-11-19 08:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-18 07:41 . 2011-11-18 07:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-11-18 07:41 . 2011-11-18 07:42 -------- d-----w- c:\program files\Spybot Search & Destroy
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-18 19:30 . 2009-08-18 19:39 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
    2011-11-06 17:20 . 2011-06-06 16:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-06 13:30 . 2011-10-15 06:06 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-09-01 02:35 . 2011-10-15 06:08 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-09-01 02:28 . 2011-10-15 06:08 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-09-01 02:22 . 2011-10-15 06:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-08-25 16:15 . 2011-10-15 06:06 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-08-25 16:14 . 2011-10-15 06:06 238080 ----a-w- c:\windows\system32\oleacc.dll
    2011-08-25 16:14 . 2011-10-15 06:06 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-08-25 13:31 . 2011-10-15 06:06 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-10-02 21:39 . 2011-08-17 20:59 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c3a1de1-94ca-4ad6-acdf-c1324adc487b}]
    2008-09-15 12:47 1784856 ----a-w- c:\program files\Isohunt-vuze\tbIsoh.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-02-04 22:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{6c3a1de1-94ca-4ad6-acdf-c1324adc487b}"= "c:\program files\Isohunt-vuze\tbIsoh.dll" [2008-09-15 1784856]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
    .
    [HKEY_CLASSES_ROOT\clsid\{6c3a1de1-94ca-4ad6-acdf-c1324adc487b}]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{6C3A1DE1-94CA-4AD6-ACDF-C1324ADC487B}"= "c:\program files\Isohunt-vuze\tbIsoh.dll" [2008-09-15 1784856]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
    .
    [HKEY_CLASSES_ROOT\clsid\{6c3a1de1-94ca-4ad6-acdf-c1324adc487b}]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
    @="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
    [HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
    2008-06-14 00:07 303104 ------w- c:\ddi\OverIcon.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2011-06-08 822456]
    "googletalk"="c:\users\Prince\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "TranscodingService"="c:\program files\TiVo\Desktop\TranscodingService.exe" [2009-01-27 520192]
    "TivoNotify"="c:\program files\TiVo\Desktop\TiVoNotify.exe" [2009-01-27 425472]
    "TivoServer"="c:\program files\TiVo\Desktop\TiVoServer.exe" [2009-01-27 2143232]
    "cdloader"="c:\users\Prince\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-04 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-04 170520]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-04 145944]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
    "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
    "SmartWiHelper"="c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" [2008-06-27 77824]
    "VAIOMyMemCenter"="c:\program files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" [2008-02-29 679936]
    "VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480]
    "VAIOSurvey"="c:\program files\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024]
    "VWLASU"="c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-05-20 24576]
    "LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-25 202296]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNDg5OTE3NTU2LUZQOSs2LVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMS1MSUMrNy1GTDEwKzEtU1AxKzEtU1AxVEIrMS1TVVArNC1TUDFTMisxLUREVCsyMzU2Mi1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQU4rMS1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEJOKzEtRjEwTTEyQisx&prod=90&ver=10.0.1411" [?]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AOLDDI.LNK - c:\ddi\AOLICON.exe [N/A]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-9-3 813584]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-12 972064]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2008-07-16 01:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2964417686-3802623456-3068059845-1000]
    "EnableNotifications"=dword:00000001
    "EnableNotificationsRef"=dword:0000000b
    .
    R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-04-18 204800]
    R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-05-21 103712]
    R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-05-21 353568]
    R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-05-21 62752]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-12 337184]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-12 83232]
    S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-11 23856]
    S2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe [2007-06-26 537840]
    S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-11-03 299008]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
    S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-07-03 104992]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
    S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2008-03-25 104960]
    S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-06-20 411488]
    S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]
    S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-01-31 17408]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 19984]
    S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-03-10 9344]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2011-06-06 09:29 114176 ----a-w- c:\windows\System32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2964417686-3802623456-3068059845-1000Core.job
    - c:\users\Prince\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-30 05:05]
    .
    2011-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2964417686-3802623456-3068059845-1000UA.job
    - c:\users\Prince\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-30 05:05]
    .
    .
    ------- Supplementary Scan -------
    .
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
    IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
    Trusted Zone: real.com\rhap-app-4-0
    Trusted Zone: real.com\rhapreg
    Trusted Zone: rhapsody.com\rhap-app-4-0
    Trusted Zone: rhapsody.com\rhapreg
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    FF - ProfilePath - c:\users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\
    FF - prefs.js: browser.startup.homepage - hxxp://advocate.com/
    FF - prefs.js: keyword.URL - hxxp://www.search.yahoo.com/search?p=
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-19 13:01
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(4556)
    c:\program files\Logitech\SetPoint\lgscroll.dll
    c:\ddi\overicon.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\WLANExt.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\windows\system32\java.exe
    c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\program files\Sony\VAIO Event Service\VESMgr.exe
    c:\windows\system32\DllHost.exe
    c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Sony Corporation\SmartWi Connection Utility\CCP.exe
    c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
    c:\program files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
    c:\program files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
    c:\program files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-19 13:17:26 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-19 19:17
    ComboFix2.txt 2011-11-19 09:11
    .
    Pre-Run: 29,375,479,808 bytes free
    Post-Run: 29,510,762,496 bytes free
    .
    - - End Of File - - BF248331A66C788AAFC4B81410CB620B
     
  12. oldman960

    oldman960

    Joined:
    Apr 7, 2010
    Messages:
    166
    Hi brothasoul,

    Looks better.

    You have a questionable Toolbar installed, Ask Toolbar. Did you install it, do you use it? If not you can uninstall it via Uninstall a program while removing the Symantec remnanats.

    Click on the Start button > Control Panel


    Depending on your setings, either
    • click on the Uninstall a program option under the Programs category.
    • If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
    Uninstall the following program


    LiveUpdate (Symantec Corporation)


    Next

    You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.


    Open MBAM
    • Click the Update tab
    • Click Check for Updates
    • If an update is found, it will download and install the latest version.
    • The program will close to update and reopen.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



    Please post back with
    • MBAM log
    Still ok?
     
  13. brothasoul

    brothasoul Thread Starter

    Joined:
    Aug 12, 2003
    Messages:
    51
    Re: Still ok?

    Yessir d:)

    [MBAM]

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8198

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    11/19/2011 9:31:42 PM
    mbam-log-2011-11-19 (21-31-42).txt

    Scan type: Quick scan
    Objects scanned: 172256
    Time elapsed: 7 minute(s), 8 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  14. oldman960

    oldman960

    Joined:
    Apr 7, 2010
    Messages:
    166
    Hi brothasoul,


    Your java is out of date. Go to Start > Control Panel , switch to Classic View if it isn't already.
    • Locate the Java icon (it looks like a coffee cup)
    • double click it to open it
    • click the Update tab
    • Click update now


    Next, Right click on OTL.exe and chose Run as Administrator to run it
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    • Do Not copy the word CODE
    • please note the fix starts with the :
    Code:
    :Files
     
    :Commands
    [emptytemp]
    [createrestorepoint]
    

    Then click the Run Fix button at the top
    • Let the program run unhindered

    One more scan to check our handiwork.


    As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.
    • Do not use this instance of your browser for anything besides doing this scan
    • When the scan is complete and the results saved, close that instance of your browser
    • Open a new one the usual way and post the results in this topic.
    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


    Go here to run an online scannner from
    ESET

    (Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
    • Click Scan.
    • Wait for the scan to finish.
    • When the scan completes, click List of found threats
    • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
    • Include the contents of this report in your next reply
      Note - when ESET doesn't find any threats, no report will be created.
    • Push the back button.
    • Push Finish
    • Re-enable your Antivirus software.

    Next


    Open OTL
    • When the window appears, underneath Output at the top change it to Minimal Output
    • UNCheck the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    When the scan completes, it will open a notepad window, OTL.Txt no Extras.Txt this time.



    Please post back with
    • ESET log if there is one
    • OTL.txt
    Thanks
     
  15. brothasoul

    brothasoul Thread Starter

    Joined:
    Aug 12, 2003
    Messages:
    51
    No threats were found with ESET :)

    [OTL]

    OTL logfile created on: 11/20/2011 6:10:03 AM - Run 2
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Prince\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.87 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 54.60% Memory free
    5.94 Gb Paging File | 4.35 Gb Available in Paging File | 73.15% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 223.93 Gb Total Space | 28.71 Gb Free Space | 12.82% Space Free | Partition Type: NTFS

    Computer Name: PRINCE-PC | User Name: Prince | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Prince\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Windows\System32\java.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
    PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
    PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
    PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
    PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
    PRC - C:\Program Files\TiVo\Desktop\TiVoNotify.exe (TiVo Inc.)
    PRC - C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe (TiVo Inc.)
    PRC - C:\Program Files\TiVo\Desktop\TranscodingService.exe (TiVo Inc.)
    PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
    PRC - C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
    PRC - C:\Program Files\Sony\VAIO Care\VCsystray.exe (Sony Electronics, Inc.)
    PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
    PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
    PRC - C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
    PRC - C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe ()
    PRC - C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe ()
    PRC - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
    PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
    PRC - C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
    PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
    PRC - C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
    PRC - C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe ()
    PRC - C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe (Sony Electronics, Inc.)
    PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
    PRC - C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
    PRC - C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
    PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
    PRC - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
    PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
    PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
    PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
    PRC - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe (ArcSoft, Inc.)
    PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
    PRC - C:\Windows\System32\dlbkcoms.exe ( )
    PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
    PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
    MOD - C:\Program Files\Yahoo!\Messenger\yui.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
    MOD - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll ()
    MOD - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll ()
    MOD - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll ()
    MOD - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll ()
    MOD - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll ()
    MOD - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll ()
    MOD - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
    MOD - C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll ()
    MOD - C:\Program Files\Logitech\SetPoint\khalwrapper.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
    MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll ()
    MOD - C:\Program Files\TiVo\Desktop\libmatroska.dll ()
    MOD - C:\Program Files\TiVo\Desktop\libebml.dll ()
    MOD - C:\Program Files\WinRAR\RarExt.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll ()
    MOD - C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\SharedInterfaces.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\DebugMsg.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\SonyCommonLib.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWGadgetInterface.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\MessageXML.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\Resources.dll ()
    MOD - C:\Program Files\Sony Corporation\SmartWi Connection Utility\DictionaryLookup.dll ()
    MOD - C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll ()
    MOD - C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll ()
    MOD - C:\Program Files\TiVo\Desktop\StlpMt45.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
    SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
    SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
    SRV - (NSUService) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
    SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
    SRV - (RtkAudioService) -- C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
    SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
    SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
    SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
    SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
    SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
    SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
    SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
    SRV - (SOHDms) -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe (Sony Corporation)
    SRV - (SOHCImp) -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe (Sony Corporation)
    SRV - (SOHDs) -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe (Sony Corporation)
    SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
    SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
    SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
    SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
    SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
    SRV - (LinksysUpdater) -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
    SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
    SRV - (uCamMonitor) -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe (ArcSoft, Inc.)
    SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
    SRV - (dlbk_device) -- C:\Windows\System32\dlbkcoms.exe ( )
    SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
    SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
    SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
    DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
    DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
    DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
    DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
    DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
    DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
    DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
    DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
    DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
    DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
    DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
    DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
    DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
    DRV - (pnarp) -- C:\Windows\System32\drivers\pnarp.sys (Pure Networks, Inc.)
    DRV - (purendis) -- C:\Windows\System32\drivers\purendis.sys (Pure Networks, Inc.)
    DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
    DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
    DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
    DRV - (CrystalSysInfo) -- C:\Program Files\MediaCoder\SysInfo.sys ()
    DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
    DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
    DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
    DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\..\URLSearchHook: {6c3a1de1-94ca-4ad6-acdf-c1324adc487b} - C:\Program Files\Isohunt-vuze\tbIsoh.dll (Conduit Ltd.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ed.msnbc.msn.com/
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://advocate.com/"
    FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: [email protected]:7
    FF - prefs.js..extensions.enabledItems: [email protected]:1.2.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5
    FF - prefs.js..extensions.enabledItems: {D9A7CBEC-DE1A-444f-A092-844461596C4D}:4.5
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: [email protected]:1.1
    FF - prefs.js..extensions.enabledItems: [email protected]:2.3.0
    FF - prefs.js..extensions.enabledItems: [email protected]:1.4.4
    FF - prefs.js..extensions.enabledItems: [email protected]:0.51
    FF - prefs.js..keyword.URL: "http://www.search.yahoo.com/search?p="

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Prince\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Prince\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Prince\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Prince\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2011/11/19 09:51:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2011/11/19 09:51:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/02 15:39:21 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/17 14:59:04 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Prince\AppData\Roaming\Move Networks [2010/02/16 21:37:23 | 000,000,000 | ---D | M]

    [2010/08/12 13:11:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Prince\AppData\Roaming\Mozilla\Extensions
    [2010/08/12 13:11:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Prince\AppData\Roaming\Mozilla\Extensions\[email protected]
    [2011/11/19 21:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\extensions
    [2011/02/07 09:55:36 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(46)
    [2010/08/07 20:33:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/03/25 00:27:46 | 000,000,000 | ---D | M] (MTV Direct Community Toolbar) -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\extensions\{4215af89-e516-4ba5-bbfa-a85490a73c21}(86)
    [2011/11/12 18:28:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
    [2011/10/27 11:37:31 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
    [2011/02/20 22:38:25 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}(91)
    [2011/11/12 00:51:26 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(32)
    [2011/07/09 01:39:42 | 000,000,000 | ---D | M] ("Blackout") -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\extensions\[email protected]
    [2011/02/07 09:55:37 | 000,000,000 | ---D | M] (Dictionary.com) -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\extensions\[email protected](45).com
    [2011/08/01 08:17:55 | 000,000,000 | ---D | M] (CineMeter) -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\extensions\[email protected]
    [2011/02/21 18:53:54 | 000,000,000 | ---D | M] (Paste and Go 3) -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\extensions\[email protected]
    [2010/03/08 10:50:41 | 000,000,000 | ---D | M] (SearchIMDB) -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\extensions\[email protected]
    [2011/07/09 01:45:12 | 000,000,000 | ---D | M] (Tabs on top) -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\extensions\[email protected]
    [2010/09/30 11:17:49 | 000,000,939 | ---- | M] () -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\searchplugins\dictionary.xml
    [2010/04/26 11:41:38 | 000,001,928 | ---- | M] () -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\searchplugins\epguidescom.xml
    [2011/10/22 22:13:03 | 000,002,567 | ---- | M] () -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\searchplugins\hulu.xml
    [2010/03/22 12:30:35 | 000,001,512 | ---- | M] () -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\searchplugins\imdb.xml
    [2009/08/09 20:32:16 | 000,002,298 | ---- | M] () -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\searchplugins\lastfm.xml
    [2010/03/22 12:31:33 | 000,001,729 | ---- | M] () -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\searchplugins\rotten-tomatoes.xml
    [2011/02/04 02:16:30 | 000,001,632 | ---- | M] () -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\searchplugins\weathercom.xml
    [2009/08/09 20:32:42 | 000,000,945 | ---- | M] () -- C:\Users\Prince\AppData\Roaming\Mozilla\Firefox\Profiles\n9a0y7as.default\searchplugins\youtube-video-search.xml
    [2011/11/19 22:56:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/05/08 23:29:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/05 22:45:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/12/07 19:55:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/04/04 06:59:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/11/19 22:56:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    [2011/11/19 09:51:57 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\[email protected]
    [2011/11/19 09:51:58 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\[email protected]
    () (No name found) -- C:\USERS\PRINCE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N9A0Y7AS.DEFAULT\EXTENSIONS\{6E84150A-D526-41F1-A480-A67D3FED910D}.XPI
    () (No name found) -- C:\USERS\PRINCE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N9A0Y7AS.DEFAULT\EXTENSIONS\[email protected]
    () (No name found) -- C:\USERS\PRINCE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N9A0Y7AS.DEFAULT\EXTENSIONS\[email protected]
    () (No name found) -- C:\USERS\PRINCE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N9A0Y7AS.DEFAULT\EXTENSIONS\[email protected]
    () (No name found) -- C:\USERS\PRINCE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N9A0Y7AS.DEFAULT\EXTENSIONS\[email protected]
    [2011/10/02 15:39:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/10/02 15:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    ========== Chrome ==========

    CHR - default_search_provider: Yahoo! (Enabled)
    CHR - default_search_provider: search_url = http://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
    CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Prince\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Prince\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Prince\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Prince\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Prince\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Prince\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Kaspersky URL Advisor = C:\Users\Prince\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\
    CHR - Extension: Tabs to the front! = C:\Users\Prince\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjaooagfdhdhmbfchnkhggjmacjlacla\0.2.4_0\
    CHR - Extension: Virtual Keyboard = C:\Users\Prince\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\
    CHR - Extension: HuffingtonPost NewsGlide = C:\Users\Prince\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjialelnkjdomiblmnpcpjongleegef\0.3.2_0\
    CHR - Extension: Anti-Banner = C:\Users\Prince\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

    O1 HOSTS File: ([2011/11/19 12:59:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
    O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
    O2 - BHO: (Isohunt-vuze Toolbar) - {6c3a1de1-94ca-4ad6-acdf-c1324adc487b} - C:\Program Files\Isohunt-vuze\tbIsoh.dll (Conduit Ltd.)
    O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
    O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Isohunt-vuze Toolbar) - {6c3a1de1-94ca-4ad6-acdf-c1324adc487b} - C:\Program Files\Isohunt-vuze\tbIsoh.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Isohunt-vuze Toolbar) - {6C3A1DE1-94CA-4AD6-ACDF-C1324ADC487B} - C:\Program Files\Isohunt-vuze\tbIsoh.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
    O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
    O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
    O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
    O4 - HKLM..\Run: [VAIOMyMemCenter] C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe ()
    O4 - HKLM..\Run: [VAIORegistration] C:\Program Files\Sony\First Experience\WelcomeLauncher.exe (Sony Electronics, Inc.)
    O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\VAIO Sat Survey.exe ()
    O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
    O4 - HKCU..\Run: [cdloader] C:\Users\Prince\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
    O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
    O4 - HKCU..\Run: [googletalk] C:\Users\Prince\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKCU..\Run: [TivoNotify] C:\Program Files\TiVo\Desktop\TiVoNotify.exe (TiVo Inc.)
    O4 - HKCU..\Run: [TivoServer] C:\Program Files\TiVo\Desktop\TiVoServer.exe (TiVo Inc.)
    O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O4 - HKCU..\Run: [TranscodingService] C:\Program Files\TiVo\Desktop\TranscodingService.exe (TiVo Inc.)
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
    O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
    O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://ptproxy04na.societylink.org/iNotes6W.cab (iNotes6 Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CB7D6CF-F024-47B7-ADCD-397DC7796FB5}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2E7F870-1ABE-4A21-B434-7F7028A3F5B9}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
    O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/20 03:22:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/11/20 02:50:19 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/11/20 02:46:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Prince\Desktop\OTL.exe
    [2011/11/19 22:55:57 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
    [2011/11/19 22:55:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
    [2011/11/19 22:55:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
    [2011/11/19 21:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/11/19 21:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/11/19 21:23:27 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/11/19 21:21:59 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Prince\Desktop\mbam-setup-1.51.2.1300.exe
    [2011/11/19 21:13:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2011/11/19 13:17:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/11/19 13:00:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/11/19 03:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2012
    [2011/11/19 03:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2011/11/19 03:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
    [2011/11/19 03:33:39 | 000,570,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
    [2011/11/19 03:11:55 | 000,000,000 | ---D | C] -- C:\Users\Prince\AppData\Local\temp
    [2011/11/19 02:41:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/11/19 02:41:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/11/19 02:41:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/11/19 02:41:06 | 000,000,000 | ---D | C] -- C:\jgh
    [2011/11/19 02:41:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/11/19 02:41:03 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/11/19 02:22:55 | 004,302,245 | R--- | C] (Swearware) -- C:\Users\Prince\Desktop\jgh.exe
    [2011/11/18 20:44:51 | 161,350,808 | ---- | C] (Kaspersky Lab) -- C:\Users\Prince\Desktop\kav2012_12.0.0.374-2441en_us.exe
    [2011/11/18 19:37:46 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Prince\Desktop\aswMBR.exe
    [2011/11/18 19:10:13 | 000,000,000 | ---D | C] -- C:\Users\Prince\Desktop\backups
    [2011/11/18 16:28:20 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Prince\Desktop\HijackThis.exe
    [2011/11/18 12:27:44 | 000,000,000 | ---D | C] -- C:\Users\Prince\AppData\Roaming\Malwarebytes
    [2011/11/18 12:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/11/18 12:26:37 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Prince\Desktop\mbam-setup.exe
    [2011/11/18 12:01:11 | 001,564,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Prince\Desktop\digitalblack.com.exe
    [2011/11/18 01:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot Search & Destroy
    [2011/11/18 01:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot Search & Destroy
    [2011/11/18 01:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011/11/18 01:36:39 | 000,000,000 | ---D | C] -- C:\Users\Prince\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Protection 2011
    [2007/06/25 21:17:06 | 000,386,288 | ---- | C] ( ) -- C:\Windows\System32\dlbkih.exe
    [2007/06/25 21:17:04 | 000,537,840 | ---- | C] ( ) -- C:\Windows\System32\dlbkcoms.exe
    [2007/06/25 21:17:00 | 000,382,192 | ---- | C] ( ) -- C:\Windows\System32\dlbkcfg.exe
    [2007/03/21 13:41:30 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System32\dlbkcu.dll
    [2007/01/30 14:47:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbkpmui.dll
    [2007/01/30 14:46:00 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbkserv.dll
    [2007/01/30 14:38:18 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbkcomm.dll
    [2007/01/30 14:36:30 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbklmpm.dll
    [2007/01/30 14:35:00 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbkiesc.dll
    [2007/01/30 14:32:06 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbkpplc.dll
    [2007/01/30 14:31:08 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbkcomc.dll
    [2007/01/30 14:30:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbkprox.dll
    [2007/01/30 14:22:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbkinpa.dll
    [2007/01/30 14:21:46 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbkusb1.dll
    [2007/01/30 14:17:02 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbkhbn3.dll

    ========== Files - Modified Within 30 Days ==========

    [2011/11/20 05:30:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2964417686-3802623456-3068059845-1000UA.job
    [2011/11/20 04:52:43 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/11/20 04:52:43 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/11/20 02:52:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/11/20 02:52:37 | 3081,801,728 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/20 02:46:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Prince\Desktop\OTL.exe
    [2011/11/20 00:03:22 | 000,213,504 | ---- | M] () -- C:\Users\Prince\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/11/19 23:41:12 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2011/11/19 22:30:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2964417686-3802623456-3068059845-1000Core.job
    [2011/11/19 21:40:05 | 000,002,255 | ---- | M] () -- C:\Users\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
    [2011/11/19 21:23:31 | 000,000,930 | ---- | M] () -- C:\Users\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2011/11/19 21:22:00 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Prince\Desktop\mbam-setup-1.51.2.1300.exe
    [2011/11/19 13:07:29 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/11/19 13:07:29 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/11/19 12:59:56 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/11/19 09:53:10 | 004,177,876 | ---- | M] () -- C:\Users\Prince\Desktop\Mary J Blige - Miss Me With That (Prod. by Harvey Mason).mp3
    [2011/11/19 09:51:45 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
    [2011/11/19 09:51:45 | 000,097,961 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
    [2011/11/19 03:38:08 | 000,017,408 | ---- | M] () -- C:\Users\Prince\AppData\Local\WebpageIcons.db
    [2011/11/19 03:33:39 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
    [2011/11/19 02:22:56 | 004,302,245 | R--- | M] (Swearware) -- C:\Users\Prince\Desktop\jgh.exe
    [2011/11/19 00:26:50 | 000,000,554 | ---- | M] () -- C:\Users\Prince\Desktop\MBR.zip
    [2011/11/19 00:20:31 | 004,105,233 | ---- | M] () -- C:\Users\Prince\Desktop\Mary_J_Blige-Miss_Me_With_That_1307132211.zip
    [2011/11/18 20:46:57 | 161,350,808 | ---- | M] (Kaspersky Lab) -- C:\Users\Prince\Desktop\kav2012_12.0.0.374-2441en_us.exe
    [2011/11/18 19:06:36 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Prince\Desktop\aswMBR.exe
    [2011/11/18 16:21:54 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Prince\Desktop\HijackThis.exe
    [2011/11/18 15:56:24 | 000,302,592 | ---- | M] () -- C:\Users\Prince\Desktop\gmer.exe
    [2011/11/18 12:34:06 | 001,008,092 | ---- | M] () -- C:\Users\Prince\Desktop\rkill.scr
    [2011/11/18 12:23:22 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Prince\Desktop\mbam-setup.exe
    [2011/11/18 11:55:26 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Prince\Desktop\digitalblack.com.exe
    [2011/11/17 01:10:07 | 000,000,477 | ---- | M] () -- C:\Users\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\Rachel Maddow Show.website
    [2011/11/17 00:33:38 | 000,010,562 | ---- | M] () -- C:\Users\Prince\AppData\Roaming\wklnhst.dat
    [2011/11/15 18:57:56 | 000,005,972 | ---- | M] () -- C:\Users\Prince\AppData\Local\d3d9caps.dat
    [2011/11/14 14:13:48 | 000,019,282 | ---- | M] () -- C:\Users\Prince\Desktop\mjb.jpg
    [2011/11/14 03:57:33 | 000,057,798 | ---- | M] () -- C:\Users\Prince\Desktop\Rihanna.jpg
    [2011/11/14 00:07:13 | 000,000,543 | ---- | M] () -- C:\Users\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\AfterElton.com The pop culture site that plays for your team..website
    [2011/11/13 21:25:52 | 000,000,372 | ---- | M] () -- C:\Users\Prince\Documents - Shortcut.lnk
    [2011/11/09 15:04:10 | 000,000,503 | ---- | M] () -- C:\Users\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Mail The best web-based email!.website
    [2011/11/08 01:05:47 | 000,000,604 | ---- | M] () -- C:\Users\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\Netflix - Member Login Sign In To Your Account.website

    ========== Files Created - No Company Name ==========

    [2011/11/19 21:23:31 | 000,000,930 | ---- | C] () -- C:\Users\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2011/11/19 03:38:06 | 000,017,408 | ---- | C] () -- C:\Users\Prince\AppData\Local\WebpageIcons.db
    [2011/11/19 03:36:57 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
    [2011/11/19 03:36:57 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
    [2011/11/19 02:41:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/11/19 02:41:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/11/19 02:41:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/11/19 02:41:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/11/19 02:41:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/11/19 00:27:10 | 000,000,554 | ---- | C] () -- C:\Users\Prince\Desktop\MBR.zip
    [2011/11/19 00:20:38 | 004,177,876 | ---- | C] () -- C:\Users\Prince\Desktop\Mary J Blige - Miss Me With That (Prod. by Harvey Mason).mp3
    [2011/11/19 00:20:30 | 004,105,233 | ---- | C] () -- C:\Users\Prince\Desktop\Mary_J_Blige-Miss_Me_With_That_1307132211.zip
    [2011/11/18 19:20:02 | 3081,801,728 | -HS- | C] () -- C:\hiberfil.sys
    [2011/11/18 15:57:08 | 000,302,592 | ---- | C] () -- C:\Users\Prince\Desktop\gmer.exe
    [2011/11/18 14:21:03 | 001,008,092 | ---- | C] () -- C:\Users\Prince\Desktop\rkill.scr
    [2011/11/14 14:13:46 | 000,019,282 | ---- | C] () -- C:\Users\Prince\Desktop\mjb.jpg
    [2011/11/14 03:57:33 | 000,057,798 | ---- | C] () -- C:\Users\Prince\Desktop\Rihanna.jpg
    [2011/11/13 21:25:52 | 000,000,372 | ---- | C] () -- C:\Users\Prince\Documents - Shortcut.lnk
    [2011/03/11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
    [2011/01/14 10:31:36 | 000,004,608 | ---- | C] () -- C:\Windows\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/21 12:08:20 | 000,007,263 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
    [2010/02/20 13:51:38 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/01/28 02:09:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2009/08/18 13:40:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/18 13:40:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/08/18 13:39:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2009/08/13 09:24:02 | 000,004,096 | -H-- | C] () -- C:\Users\Prince\AppData\Local\keyfile3.drm
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/07/15 14:30:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/05/30 01:37:40 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009/05/30 01:31:52 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2009/02/08 11:37:04 | 000,000,102 | ---- | C] () -- C:\Windows\dellstat.ini
    [2008/12/24 07:26:30 | 000,005,972 | ---- | C] () -- C:\Users\Prince\AppData\Local\d3d9caps.dat
    [2008/12/23 22:33:21 | 000,213,504 | ---- | C] () -- C:\Users\Prince\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/12/23 09:19:35 | 000,010,562 | ---- | C] () -- C:\Users\Prince\AppData\Roaming\wklnhst.dat
    [2008/08/21 01:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
    [2008/08/01 12:11:00 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
    [2008/08/01 12:11:00 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
    [2008/08/01 12:11:00 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1511.dll
    [2008/08/01 12:11:00 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
    [2008/08/01 12:10:05 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2007/09/04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2007/03/21 13:53:26 | 000,462,848 | ---- | C] () -- C:\Windows\System32\dlbkjswr.dll
    [2007/03/21 13:53:16 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dlbkcur.dll
    [2007/03/21 13:41:20 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlbkutil.dll
    [2007/02/22 22:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbkcoin.dll
    [2007/02/07 22:58:00 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
    [2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
    [2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 06:47:37 | 000,340,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 04:33:01 | 000,595,684 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 04:33:01 | 000,101,350 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2005/12/16 19:15:44 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbkvs.dll
    [2005/09/13 21:27:08 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbkcnv5.dll
    [2005/09/13 21:27:08 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbkcnv4.dll

    < End of report >
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1027440

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice