Key logger and Trojan

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Page 1 of 1

You cannot start a new topic
This topic is locked

Key logger and Trojan Anti virus/spyware won't remove it help!

#1 pm2011

New Member

Group: Members
Posts: 9
Joined: 09-May 11
Gender:Female

Posted 11 May 2011 - 07:03 PM

Keep getting message from ESET antivirus Error can not delete/remove retry or cancel. I press retry and same error message. It says I have a trojan called kryptik.NDV.trojan in the files c:\Users\Owner\Appdata\local\oxeguyoyamu.dll
Somebody also dowloaded Spyboss keylogger a corrupt logger and I can not get it off. Please help!

.
DDS (Ver_11-03-05.01) - NTFS_AMD64 NETWORK
Run by Owner at 16:08:40.66 on Wed 05/11/2011
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6132.4748 [GMT -7:00]
.
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Owner\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=Z006&form=ZGAPHP
uWindow Title = Road Runner High Speed Online
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5090109
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - C:\Program Files (x86)\Dell\BAE\BAE.dll
BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: ShopAtHomeIEHelper Class: {e8daaa30-6caa-4b58-9603-8e54238219e2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: ShopAtHome.com Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
uRun: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
uRun: [Search Protection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
uRun: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Pando Media Booster] "C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"
uRun: [exqomlds] C:\Users\Owner\AppData\Local\vetpinymc\frubgixtssd.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Qheqezudanaw] rundll32.exe "C:\Users\Owner\AppData\Local\waplory.dll",Startup
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [Ghawavecazucul] rundll32.exe "C:\Users\Owner\AppData\Local\oxeguyoyamu.dll",Startup
mRun: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [PCTools FGuard] "C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe"
mRun: [SelectRebates] "C:\Program Files (x86)\SelectRebates\SelectRebates.exe"
mRun: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LIMEWI~1.LNK - C:\Program Files (x86)\LimeWire\LimeWire.exe
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RCADET~1.LNK - C:\Users\Owner\Documents\RCA Detective\RCADetective.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\Windows\system32\wpclsp.dll
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://activation.rr.com/install/downloads/tgctlcm.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {56393399-041A-4650-94C7-13DFCB1F4665} - hxxp://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} -
TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
mRun-x64: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
mRun-x64: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
mRun-x64: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
mRun-x64: [Persistence] "C:\Windows\system32\igfxpers.exe"
mRun-x64: [RtHDVCpl] "RAVCpl64.exe"
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [lxczbmgr.exe] "C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe"
mRun-x64: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xe0yjjj7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2464976&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.search-results.com/web?o=15868&l=dis&prt=PRT&chn=UN&geo=US&ver=UN&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Program Files (x86)\PC Tools Security\BDT\FireFox\platform\WINNT_x86-msvc\components\libheuristic.dll
FF - component: C:\Program Files (x86)\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xe0yjjj7.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xe0yjjj7.default\extensions\toolbar@ask.com\chrome\content\AudioService.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xe0yjjj7.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\Program Files (x86)\Real\RealPlayer\browserrecord\firefox\ext
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - C:\Program Files (x86)\PC Tools Security\BDT\FireFox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Free Realms Installer: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1} - %profile%\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
FF - Ext: Playdom Community Toolbar: {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - %profile%\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}
FF - Ext: LimeWire Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: ShopAtHome.com Intelligent Shopping Toolbar: toolbar@shopathome.com - %profile%\extensions\toolbar@shopathome.com
FF - Ext: Move Media Player: moveplayer@movenetworks.com - C:\Users\Owner\AppData\Roaming\Move Networks
FF - Ext: XULRunner: {96CA5E28-7CBF-4C97-9B58-E71DA0914A11} - C:\Users\Owner\AppData\Local\{96CA5E28-7CBF-4C97-9B58-E71DA0914A11}
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2010-11-28 254624]
R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2010-12-1 452872]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-1-9 55024]
R1 pctgntdi;pctgntdi;C:\Windows\System32\drivers\pctgntdi64.sys [2010-12-1 331368]
S0 TfFsMon;TfFsMon;C:\Windows\System32\drivers\TfFsMon.sys [2010-12-1 65072]
S0 TfSysMon;TfSysMon;C:\Windows\System32\drivers\TfSysMon.sys [2010-12-1 74312]
S1 ehdrv;ehdrv;C:\Windows\System32\drivers\ehdrv.sys [2010-2-22 139704]
S2 AERTFilters;Andrea RT Filters Service;C:\Windows\System32\AERTSr64.exe [2009-1-9 86016]
S2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2010-12-1 235472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]
S2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-2-22 163888]
S2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-2-22 810120]
S2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2010-2-22 124760]
S2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-16 136176]
S2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2010-12-1 366840]
S2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2010-12-1 1145304]
S3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2009-1-9 411136]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-26 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-16 136176]
S3 pctplsg;pctplsg;C:\Windows\System32\drivers\pctplsg64.sys [2010-12-1 92896]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 TfNetMon;TfNetMon;C:\Windows\System32\drivers\TfNetMon.sys [2010-12-1 41888]
S3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-10-16 50176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-10 89920]
S4 njgnkcyzebnueq;njgnkcyzebnueq;C:\Windows\SysWOW64\jidarmgc.exe [2010-2-3 94294]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-05-11 05:41:08 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-05-11 05:41:08 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-05-11 00:31:09 232854 --sha-w- C:\Users\Owner\AppData\Local\ehn.exe
2011-05-07 21:37:00 0 ----a-w- C:\Users\Owner\AppData\Local\Jtenig.bin
2011-05-07 21:36:58 -------- d-----w- C:\Users\Owner\AppData\Local\{96CA5E28-7CBF-4C97-9B58-E71DA0914A11}
2011-05-06 00:16:48 -------- d-----w- C:\Users\Owner\AppData\Local\{4E55333F-1AAF-476C-B93C-EE4D2E1849B9}
2011-05-06 00:16:37 -------- d-----w- C:\Users\Owner\AppData\Roaming\Windows Live Writer
2011-05-06 00:16:37 -------- d-----w- C:\Users\Owner\AppData\Local\Windows Live Writer
2011-04-30 21:38:57 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-04-26 21:09:22 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-04-26 21:09:21 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-04-26 21:09:19 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2011-04-26 21:09:18 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2011-04-26 21:09:18 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2011-04-26 21:09:18 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2011-04-23 19:58:43 466944 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
2011-04-23 19:58:43 466944 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
2011-04-23 19:58:42 -------- d-----w- C:\Users\Owner\AppData\Roaming\Catalina Marketing Corp
2011-04-23 19:58:40 525856 ----a-w- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2011-04-16 10:53:46 -------- d-----w- C:\75fd8805cad94b3a0987198ad912
2011-04-15 20:30:16 975872 ----a-w- C:\Windows\System32\inetcomm.dll
2011-04-15 20:30:16 739328 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-15 20:25:49 450560 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-15 19:10:37 117760 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-04-15 19:10:15 28672 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-04-15 19:10:04 25088 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
.
==================== Find3M ====================
.
2011-03-18 18:32:10 71072 ----a-w- C:\Windows\CouponPrinter.ocx
2011-03-10 17:18:03 1360384 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-10 17:18:02 1398784 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-10 17:03:51 1162240 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-03 15:59:37 100352 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:59:36 331776 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:59:36 284672 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 15:40:07 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- C:\Windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- C:\Windows\apppatch\AcGenral.dll
2011-03-03 13:46:31 2762240 ----a-w- C:\Windows\System32\win32k.sys
2011-02-24 16:38:07 991104 ----a-w- C:\Windows\System32\winresume.efi
2011-02-24 16:38:07 979840 ----a-w- C:\Windows\System32\winresume.exe
2011-02-24 16:37:57 1076608 ----a-w- C:\Windows\System32\winload.efi
2011-02-24 16:37:57 1063296 ----a-w- C:\Windows\System32\winload.exe
2011-02-24 16:37:53 20864 ----a-w- C:\Windows\System32\kdusb.dll
2011-02-24 16:37:53 18816 ----a-w- C:\Windows\System32\kd1394.dll
2011-02-24 16:37:53 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-02-22 14:47:08 479744 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-22 14:13:01 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-22 13:53:33 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-22 13:53:27 1149440 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-22 13:33:12 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-22 06:50:39 1147904 ----a-w- C:\Windows\System32\wininet.dll
2011-02-22 06:46:49 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2011-02-22 06:46:34 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-02-22 06:46:20 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2011-02-22 06:46:19 77312 ----a-w- C:\Windows\System32\iesetup.dll
2011-02-22 06:21:28 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-02-22 06:17:08 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-02-22 06:16:53 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-02-22 06:16:40 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2011-02-22 06:16:40 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-02-22 05:56:46 479232 ----a-w- C:\Windows\System32\html.iec
2011-02-22 05:20:39 385024 ----a-w- C:\Windows\SysWow64\html.iec
2011-02-22 05:15:51 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2011-02-22 05:14:35 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-02-22 04:43:54 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2011-02-22 04:42:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-02-18 14:17:59 176128 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-18 14:17:57 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-18 14:16:30 274432 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-18 14:16:29 135680 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-18 14:16:27 106496 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-18 14:16:16 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-02-17 07:21:33 613376 ----a-w- C:\Windows\System32\vbscript.dll
2011-02-17 06:23:50 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-02-16 16:37:47 48128 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-16 16:16:37 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-16 14:15:24 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-16 14:02:23 292864 ----a-w- C:\Windows\SysWow64\atmfd.dll
.
============= FINISH: 16:09:54.58 ===============

Attached File(s)

Attach.txt (4.19K)
Number of downloads: 0

So let's go

#2 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 17 May 2011 - 06:27 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Running OTL

We need to create a FULL OTL Report

Please download OTL from here:
- Main Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Change the "Extra Registry" option to "SafeList"
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized

NEXT:

Please provide an update on how things are running in your next reply.

This post has been edited by SweetTech: 17 May 2011 - 06:28 PM

Have I helped you? If you'd like to assist in the fight against malware, click here

The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#3 pm2011

New Member

Group: Members
Posts: 9
Joined: 09-May 11
Gender:Female

Posted 18 May 2011 - 11:24 AM

Here are the reports. The only way for me to get online is with safe mode with a network. Otherwise its incredibly slow and every page that opens 1 or 2 windows open asking to stop script. Also my ESET notifies me that I have a trojan and it can not clean or delete it.

OTL logfile created on: 5/18/2011 9:11:26 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Owner\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 55.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.95 Gb Total Space | 481.84 Gb Free Space | 70.45% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 8.15 Gb Free Space | 55.62% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/18 09:09:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2011/04/30 11:42:37 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

========== Modules (SafeList) ==========

MOD - [2011/05/18 09:09:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/22 16:52:54 | 000,042,336 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2010/02/22 16:50:16 | 000,810,120 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2008/09/23 21:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/17 21:54:02 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/07/02 00:11:34 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2007/04/19 16:43:56 | 000,566,192 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\lxczcoms.exe -- (lxcz_device)
SRV - [2010/09/29 17:00:56 | 001,145,304 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/09/24 13:19:06 | 000,235,472 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/08/26 13:39:46 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 15:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/03 22:40:44 | 000,094,294 | ---- | M] (Sver) [Disabled | Stopped] -- c:\Windows\SysWOW64\jidarmgc.exe -- (njgnkcyzebnueq)
SRV - [2009/08/19 10:09:40 | 000,451,904 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/04/19 16:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWow64\lxczcoms.exe -- (lxcz_device)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/10/05 12:09:16 | 000,331,368 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/27 10:26:40 | 000,092,896 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pctplsg64.sys -- (pctplsg)
DRV:64bit: - [2010/08/26 13:39:46 | 000,074,312 | --S- | M] (PC Tools) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
DRV:64bit: - [2010/08/26 13:39:46 | 000,065,072 | --S- | M] (PC Tools) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2010/08/26 13:39:46 | 000,041,888 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2010/08/18 14:51:18 | 000,254,624 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/06/29 11:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2010/06/03 17:50:34 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/06 20:32:34 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/02/22 16:51:46 | 000,124,760 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2010/02/22 16:50:12 | 000,139,704 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/02/22 16:47:40 | 000,163,888 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\eamonm.sys -- (eamonm)
DRV:64bit: - [2009/10/16 02:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 16:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2009/01/13 07:48:18 | 001,187,840 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/11/11 11:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 11:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 11:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/07/02 00:11:34 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2008/07/02 00:11:32 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2008/07/02 00:11:28 | 001,487,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/07/02 00:11:28 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/07/02 00:11:28 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2008/05/05 02:31:38 | 000,313,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2008/02/11 17:48:28 | 007,709,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2006/11/02 00:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/09/18 14:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5090109
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z006&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Playdom Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2464976&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-dyc"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-dyc"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}:1.0.3.84
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {69d1a568-ffdf-4ef5-8919-7003582e0ee8}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:2.0.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: toolbar@shopathome.com:5.2.0.0
FF - prefs.js..extensions.enabledItems: {96CA5E28-7CBF-4C97-9B58-E71DA0914A11}:1.9.1
FF - prefs.js..keyword.URL: "http://www.search-results.com/web?o=15868&l=dis&prt=PRT&chn=UN&geo=US&ver=UN&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin
FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\FireFox\ [2011/03/10 22:44:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/30 11:42:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/30 11:42:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/03/18 21:42:56 | 000,000,000 | ---D | M]

[2009/06/27 13:23:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2009/06/27 13:23:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/05/17 10:22:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xe0yjjj7.default\extensions
[2010/04/27 07:26:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xe0yjjj7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/07 15:39:24 | 000,000,000 | ---D | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xe0yjjj7.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
[2011/03/18 15:35:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xe0yjjj7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/09 00:20:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xe0yjjj7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(426)
[2011/04/02 11:19:10 | 000,000,000 | ---D | M] (Playdom Community Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xe0yjjj7.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}
[2009/11/07 11:24:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xe0yjjj7.default\extensions\{6f094b04-2c69-4ff3-ac74-d9716e97e296}
[2010/01/10 12:54:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xe0yjjj7.default\extensions\Access Privileges Test
[2010/03/21 11:56:49 | 000,000,000 | ---D | M] (CyberShadow's Bejeweled Blitz 3 Cheat) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xe0yjjj7.default\extensions\bejeweledblitz3cheat@thecybershadow.net
[2010/03/28 08:26:39 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xe0yjjj7.default\extensions\DTToolbar@toolbarnet.com
[2010/10/22 12:01:56 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xe0yjjj7.default\extensions\searchtoolbar@zugo.com
[2011/03/21 16:19:05 | 000,000,000 | ---D | M] (LimeWire Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xe0yjjj7.default\extensions\toolbar@ask.com
[2011/04/26 15:04:45 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xe0yjjj7.default\extensions\toolbar@shopathome.com
[2011/05/17 10:12:59 | 000,002,568 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xe0yjjj7.default\searchplugins\askcom.xml
[2010/10/22 12:01:56 | 000,001,919 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xe0yjjj7.default\searchplugins\bing-zugo.xml
[2010/06/02 09:58:56 | 000,000,917 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xe0yjjj7.default\searchplugins\conduit.xml
[2010/03/28 08:26:30 | 000,002,059 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xe0yjjj7.default\searchplugins\daemon-search.xml
[2011/02/06 10:03:50 | 000,002,689 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xe0yjjj7.default\searchplugins\search-defender.xml
[2011/05/17 10:22:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/07/27 16:07:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/31 19:28:41 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/28 14:52:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
[2011/03/10 22:44:05 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAM FILES (X86)\PC TOOLS SECURITY\BDT\FIREFOX
[2009/09/17 16:32:25 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES (X86)\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT
[2011/05/07 14:36:58 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\OWNER\APPDATA\LOCAL\{96CA5E28-7CBF-4C97-9B58-E71DA0914A11}
[2009/10/14 12:38:53 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\OWNER\APPDATA\ROAMING\MOVE NETWORKS
[2011/04/26 15:04:28 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
[2011/04/26 15:04:28 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
[2011/03/18 11:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/03/18 11:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/01/23 10:04:38 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010/10/21 15:13:07 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppopcaploader.dll
[2009/02/09 15:05:22 | 000,002,236 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\askcom.xml
[2010/02/06 22:24:25 | 000,003,803 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\MyHeritage.xml

O1 HOSTS File: ([2010/03/18 21:11:31 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - File not found
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxczbmgr.exe] C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [SelectRebates] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [exqomlds] File not found
O4 - HKCU..\Run: [Ghawavecazucul] C:\Users\Owner\AppData\Local\oxeguyoyamu.dll (Hauppauge Computer Works.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Qheqezudanaw] File not found
O4 - HKCU..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk = C:\Users\Owner\Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://activation.rr.com/install/downloads/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab (PSFormX Control)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab (WScanCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O30:64bit: - LSA: Authentication Packages - (ows\w) - File not found
O30 - LSA: Authentication Packages - (ows\w) - File not found
O30:64bit: - LSA: Security Packages - (T2㐀㠵ᘨ 協歰⹧汤l<뻯㠵ᘨ㠵ᘨ&) - File not found
O30:64bit: - LSA: Security Packages - (屛) - File not found
O30 - LSA: Security Packages - (ges - (屛) - File not found) - File not found
O30 - LSA: Security Packages - () - File) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{197ea9d5-2fc9-11df-9d15-00219b1fb77b}\Shell\AutoRun\command - "" = M:\Setup_FlipShare.exe
O33 - MountPoints2\{197ea9d5-2fc9-11df-9d15-00219b1fb77b}\Shell\Setup FlipShare\command - "" = M:\Setup_FlipShare.exe
O33 - MountPoints2\{1dea7b99-053e-11e0-acd8-00219b1fb77b}\Shell - "" = AutoRun
O33 - MountPoints2\{1dea7b99-053e-11e0-acd8-00219b1fb77b}\Shell\AutoRun\command - "" = N:\setup.exe -a
O33 - MountPoints2\{3ae4a97a-4bb4-11df-b2e3-00219b1fb77b}\Shell\AutoRun\command - "" = M:\rcasw_setup.exe
O33 - MountPoints2\{3ae4a97a-4bb4-11df-b2e3-00219b1fb77b}\Shell\Manage your videos\command - "" = RCAMemoryMgr.exe
O33 - MountPoints2\{4b437c19-299a-11df-9ec2-00219b1fb77b}\Shell - "" = AutoRun
O33 - MountPoints2\{4b437c19-299a-11df-9ec2-00219b1fb77b}\Shell\AutoRun\command - "" = L:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/12 14:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2011/05/07 14:36:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{96CA5E28-7CBF-4C97-9B58-E71DA0914A11}
[2011/05/05 17:16:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{4E55333F-1AAF-476C-B93C-EE4D2E1849B9}
[2011/05/05 17:16:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
[2011/05/05 17:16:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Windows Live Writer
[2011/04/30 14:38:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/04/26 14:09:22 | 001,653,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/04/26 14:09:21 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/04/26 14:09:19 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2011/04/26 14:09:18 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2011/04/26 14:09:18 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2011/04/26 14:09:18 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2011/04/23 12:58:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Catalina Marketing Corp
[2011/04/23 12:58:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp
[2009/08/16 23:59:15 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczserv.dll
[2009/08/16 23:59:15 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczusb1.dll
[2009/08/16 23:59:15 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpmui.dll
[2009/08/16 23:59:15 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczinpa.dll
[2009/08/16 23:59:15 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcziesc.dll
[2009/08/16 23:59:15 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczppls.exe
[2009/08/16 23:59:15 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczprox.dll
[2009/08/16 23:59:14 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczhbn3.dll
[2009/08/16 23:59:14 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomc.dll
[2009/08/16 23:59:14 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczlmpm.dll
[2009/08/16 23:59:14 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcoms.exe
[2009/08/16 23:59:14 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomm.dll
[2009/08/16 23:59:14 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczih.exe
[2009/08/16 23:59:14 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcfg.exe
[2009/08/16 23:59:14 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpplc.dll
[2009/07/10 16:00:18 | 000,376,832 | ---- | C] (Hauppauge Computer Works.) -- C:\Users\Owner\AppData\Local\oxeguyoyamu.dll
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/17 18:09:31 | 000,010,288 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2011/05/16 21:23:56 | 000,001,356 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2011/05/15 14:29:42 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/15 14:29:42 | 000,603,516 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/15 14:29:42 | 000,103,586 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/15 14:24:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/15 13:26:16 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/15 13:07:37 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/15 13:07:37 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/15 11:17:19 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F082E6A7-8B43-4E55-8B23-B0E42C6EADF0}.job
[2011/05/15 11:07:51 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/15 09:14:28 | 000,000,120 | ---- | M] () -- C:\Users\Owner\AppData\Local\Bkikocelozugec.dat
[2011/05/15 09:14:21 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\Jtenig.bin
[2011/05/14 09:47:57 | 000,014,420 | -HS- | M] () -- C:\Users\Owner\AppData\Local\l1mt4nci68jk2ni176
[2011/05/14 09:47:57 | 000,014,420 | -HS- | M] () -- C:\ProgramData\l1mt4nci68jk2ni176
[2011/05/13 19:45:48 | 407,944,806 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/11 16:25:06 | 000,000,732 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2011/05/11 06:38:33 | 000,010,406 | -HS- | M] () -- C:\ProgramData\5162qny2ob203v1p2ryg257h14
[2011/05/11 06:38:32 | 000,010,406 | -HS- | M] () -- C:\Users\Owner\AppData\Local\5162qny2ob203v1p2ryg257h14
[2011/05/10 17:31:09 | 000,232,854 | -HS- | M] () -- C:\Users\Owner\AppData\Local\ehn.exe
[2011/05/10 17:30:30 | 000,000,502 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Owner.job
[2011/05/10 12:54:06 | 000,000,020 | ---- | M] () -- C:\Users\Owner\defogger_reenable
[2011/05/05 07:08:56 | 000,000,278 | ---- | M] () -- C:\Windows\Lexstat.ini
[2011/04/29 16:42:38 | 000,019,968 | ---- | M] () -- C:\Users\Owner\Documents\jonathans resume.wps
[2011/04/26 14:45:37 | 000,010,752 | ---- | M] () -- C:\Users\Owner\Documents\COUPONS FOR APRIL- MAY.xlr
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/13 17:22:12 | 000,014,420 | -HS- | C] () -- C:\Users\Owner\AppData\Local\l1mt4nci68jk2ni176
[2011/05/13 17:22:12 | 000,014,420 | -HS- | C] () -- C:\ProgramData\l1mt4nci68jk2ni176
[2011/05/10 17:31:46 | 000,010,406 | -HS- | C] () -- C:\Users\Owner\AppData\Local\5162qny2ob203v1p2ryg257h14
[2011/05/10 17:31:46 | 000,010,406 | -HS- | C] () -- C:\ProgramData\5162qny2ob203v1p2ryg257h14
[2011/05/10 17:31:09 | 000,232,854 | -HS- | C] () -- C:\Users\Owner\AppData\Local\ehn.exe
[2011/05/10 12:54:06 | 000,000,020 | ---- | C] () -- C:\Users\Owner\defogger_reenable
[2011/05/07 14:37:00 | 000,000,120 | ---- | C] () -- C:\Users\Owner\AppData\Local\Bkikocelozugec.dat
[2011/05/07 14:37:00 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\Jtenig.bin
[2011/04/29 16:27:46 | 000,019,968 | ---- | C] () -- C:\Users\Owner\Documents\jonathans resume.wps
[2011/04/26 14:45:37 | 000,010,752 | ---- | C] () -- C:\Users\Owner\Documents\COUPONS FOR APRIL- MAY.xlr
[2011/04/07 04:05:13 | 000,000,000 | ---- | C] () -- C:\Windows\YAHELITE_IGNORE.INI
[2011/04/07 02:49:23 | 000,000,012 | ---- | C] () -- C:\Windows\YAHVOX_ignore.ini
[2011/04/07 00:09:48 | 000,000,000 | ---- | C] () -- C:\Windows\YAHELITE_cookie.INI
[2011/04/07 00:03:58 | 000,000,000 | ---- | C] () -- C:\Windows\YAHELITE.INI
[2010/12/01 13:21:04 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/11/30 10:34:34 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2010/11/15 17:51:08 | 000,165,429 | ---- | C] () -- C:\Windows\Zac Browser - English Uninstaller.exe
[2010/07/31 19:30:26 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/25 09:00:57 | 000,001,356 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/02/22 16:42:43 | 000,000,278 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009/09/17 16:34:20 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/08/16 23:59:15 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxczutil.dll
[2009/08/16 23:59:15 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCZinst.dll
[2009/07/23 13:44:57 | 000,010,288 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/07/10 16:00:29 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/07/10 15:59:57 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/07/10 15:59:31 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/28 20:16:15 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2009/06/16 16:47:05 | 000,008,248 | ---- | C] () -- C:\Users\Owner\AppData\Local\en.ini
[2009/06/03 18:53:03 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2009/03/31 16:26:55 | 000,069,632 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/16 22:26:59 | 000,009,851 | ---- | C] () -- C:\Windows\SysWow64\mswen-oce.dll
[2009/01/09 11:30:25 | 001,953,696 | ---- | C] () -- C:\Windows\SysWow64\igklg400.dll
[2009/01/09 11:30:25 | 001,533,360 | ---- | C] () -- C:\Windows\SysWow64\igklg450.dll
[2009/01/09 11:30:25 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2009/01/09 11:26:47 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/11/22 11:58:33 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\msnec-ocd.dll
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\SysWow64\OpenQuicktimeLib.dll
[2008/02/11 17:46:56 | 002,215,364 | ---- | C] () -- C:\Windows\SysWow64\igklg400.bin
[2008/02/11 17:46:56 | 001,971,732 | ---- | C] () -- C:\Windows\SysWow64\igklg450.bin
[2008/02/11 17:46:56 | 000,029,932 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.bin
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 08:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 05:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 05:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 02:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:8927A071
@Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:148B621E
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:FA35989F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0D786AE3

< End of report >

OTL Extras logfile created on: 5/18/2011 9:11:26 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Owner\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 55.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.95 Gb Total Space | 481.84 Gb Free Space | 70.45% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 8.15 Gb Free Space | 55.62% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = A6 40 80 32 BD 01 CA 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033C6419-0735-4F54-8B57-FF072F15FE4B}" = lport=139 | protocol=6 | dir=in | app=system |
"{0570A57B-BBB6-4FD5-95EB-91A82321C3D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{102F434E-A441-4449-84B6-0BC1C974B6D0}" = rport=1701 | protocol=17 | dir=out | app=system |
"{12F04FDE-A50E-4D9D-94CA-2595DEDE8E40}" = rport=10243 | protocol=6 | dir=out | app=system |
"{14114F12-D22C-4F7A-828F-B6FC71ED7928}" = lport=2869 | protocol=6 | dir=in | app=system |
"{15CED1F6-8667-4016-8036-D9B27AB091A9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{202F13B8-6C5A-4E91-ABE2-54EACF1AF910}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{21632817-5F6E-4B24-99FC-45821D79B13F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3094E841-EA25-413D-8054-C980679E7F19}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{3334383F-5B73-4AB5-A35D-AEF88BBF3BC6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{42ABA89B-D1E9-4625-AC3A-79E0C08469C6}" = rport=138 | protocol=17 | dir=out | app=system |
"{4B8BAF9B-749C-4CD0-9183-227981C055CF}" = lport=138 | protocol=17 | dir=in | app=system |
"{4D6C31EF-E187-49FD-89EA-F1A38A1BD36C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{55088E1D-146A-4FE9-9D92-7273EF81FC93}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5DB7EFF2-0F9E-488B-A1B9-271898CE1A93}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{62440FE0-4BA2-40FB-A8A7-A0D2BAFC1364}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{630ED809-B788-48E9-8594-0FE81FD7700C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{670B2092-2BCD-43F7-8AC7-ABC41E46C8A2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6EC361AB-4D34-43F1-A9C6-49B9202429AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{6F471448-2336-4896-98C4-48D0D160113D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7385ADDC-AC03-49F2-8C83-8997916C6178}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{74CFD532-6FBE-4E8B-9052-6A3536D1B812}" = lport=2869 | protocol=6 | dir=in | app=system |
"{80F82E99-F436-4CF1-9C90-303F27F350D5}" = rport=1723 | protocol=6 | dir=out | app=system |
"{8B092C30-8931-4228-B8BF-5F7079E5B3B8}" = lport=1723 | protocol=6 | dir=in | app=system |
"{8C12D69E-CA88-4DAB-AC5F-E7036B22989F}" = rport=139 | protocol=6 | dir=out | app=system |
"{8C454B85-5F45-4759-A37E-68125FBCCE28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{94692822-E30C-4E85-8476-E23DD3C6A86B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{949A9364-EDF1-4D4F-A71D-4E987BF3FD4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{967666BE-4A2F-4546-9A41-F26BB5A5B061}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9689622C-F480-493A-B002-A4B7794B9A09}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{9711CA14-D944-4B9F-B15F-4E3EABD35929}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9879708A-DEFB-43F4-8206-AEB0CDCF6CD8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9A325EF0-FF8A-43A8-B61F-68D13CAAD562}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{9FFC7194-2724-42FD-B4D7-CFD4A1B7C6C8}" = lport=445 | protocol=6 | dir=in | app=system |
"{A3F45BE9-49D9-4ED1-AF4F-D758F8CAF5A7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A8A4375F-0371-4230-BD56-D37A0969ABB4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A9B81CE7-337B-4B69-AFD3-76760CDC6923}" = rport=445 | protocol=6 | dir=out | app=system |
"{BBF823B8-FE04-46A1-AE0C-DC352B2DBC74}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |
"{BFFF9A20-4EB0-4D7A-B61D-522AC8CA97D9}" = lport=80 | protocol=6 | dir=in | name=@wsmres.dll,-50 |
"{C5B392A6-0070-499F-95DD-B28E3F8C3BCC}" = lport=137 | protocol=17 | dir=in | app=system |
"{C5EECF14-3427-4CCE-B8C3-664B56599E2B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C8D2FAD6-201B-44D5-A2B1-E478E6CDFDAE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CB337CDF-7C12-48FE-87ED-88075C10AA03}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D5D29BF4-E673-46F2-B0B8-5D10ADEBF268}" = lport=1701 | protocol=17 | dir=in | app=system |
"{E383D4F4-BB7B-49F4-AD9E-156244142423}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{EEB99D0D-1E75-4908-9D25-E12C9A3801F0}" = lport=5985 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0074543C-5DE4-4A31-B118-36B427AE37B9}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{18928E8C-961E-4D66-A34C-2B39B4CA0A66}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{1C9DC467-1A76-4C8E-879A-EF74D6BD05DE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{20CF47B4-737A-4FB2-B0D2-6BCBADBD6048}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2213C9F1-856F-4534-B61F-89CC2D10F352}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{23D3ABC0-0D1A-48F0-80DF-12CD7CDCB7E0}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{27817186-712A-44F8-93F3-20650A2200D1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2A5E9236-27E8-46D1-B1CC-EFEA24A76423}" = protocol=6 | dir=out | app=system |
"{33169F5F-B224-4F2A-AFF1-2D8877DB4F35}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{3589F2E5-47C1-4CAF-8FFA-989E8896A9D9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{390C769B-7CCC-442C-8643-82B37FF72980}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"{396F4FCB-2201-4145-8D2B-B14DB408397E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{39E00053-6C32-410C-99C8-B41F02FAF74E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3AD45B6C-9167-406C-B582-9F07AD90A062}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3CC5F8E9-391E-428C-9482-5F3F34BB0CEC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E427A08-3D50-4C97-8866-D54F40633924}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{433DC22A-BDFB-4301-9548-0B9AAB99EA27}" = protocol=6 | dir=in | app=c:\windows\system32\windowsanytimeupgrade.exe |
"{4B0A6195-0A09-41AD-BA3E-63E659EB7BCE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4D9DB8CB-0D95-4BE1-BE64-105322002E44}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4EB58C58-3981-4055-8557-9BB52CC02B34}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{53DCFFE1-9FB9-4E48-868A-83EA45380A12}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{5554F52C-6337-4FA8-995B-15053B7BC219}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{5DEBDD8C-9580-45CB-9F71-41E949C7A87E}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe |
"{64ED0A23-B0C1-44C4-BEFC-D458BFA5D144}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe |
"{68456120-9993-45F3-833D-AEA5C42DA39E}" = protocol=6 | dir=out | app=system |
"{689BF966-CF1A-4093-A1DD-72F33AFCB189}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A682989-F991-4E76-A026-800165437434}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6DF051D1-500D-46A3-885C-D6FE523BA4A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6FABECC4-F25B-4992-BF7C-984257BE2B37}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{721AEF51-7164-47BD-8F36-D3901B83F0B3}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxczcoms.exe |
"{73B0AF46-8560-48A7-BD4C-34BF95800891}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7598EECB-3295-4B6E-A101-CF90C111A82F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{85B8402C-4C80-4D50-A68C-EB03F2654B2F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8E64CE44-8CE4-4AF8-8489-277E86C99814}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{95BCFD69-6F6B-4C32-8B2F-E2595D083717}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A00D37F2-3863-4CA7-A056-715E5D2C3634}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A056D7A1-3DD1-4693-A1C9-B0DFC8E81399}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{A1BE3EB2-4D62-4373-B29D-AE3B6D6A4086}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A323877B-6325-4E98-AB35-B1F238E4C185}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A6ACD7F2-10E5-4167-A4C1-2D07D902A185}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxczpswx.exe |
"{AC123C34-557D-4BE1-B5B8-C902FFCC306A}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{AE19F3FB-CC77-47C9-BDD3-24893E3AD9C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1E43421-99BF-43BE-B48D-EF10AC927EC2}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxczpswx.exe |
"{B3DB1923-4099-4F1C-99EA-EC3F8BA5D2A5}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{B6E4A42C-65D9-4AE3-8721-0A3C3EE75A1E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B73FB965-F27F-444A-9B1E-C86B879D1A82}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B8E9842C-3D94-49E1-BCC6-475EF40FAE3F}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{C47AC72B-E6D5-45C5-BE0D-0AC53579F8C4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C7BBE7B7-9233-493F-95DC-BCDD66C40609}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C84D684D-3322-42E2-8ECD-A37BC1F672BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C95AFEDF-1C6D-4288-8490-FF336D1DF21D}" = protocol=17 | dir=in | app=c:\windows\system32\windowsanytimeupgrade.exe |
"{C993616D-4002-4D2D-A30B-9FF9AE36FAC8}" = protocol=17 | dir=in | app=c:\program files (x86)\webroot\webrootsecurity\spysweeperui.exe |
"{CA48F898-3A8F-4A60-B22D-2473D73897B7}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{CB30E33F-AA52-4F8D-8C31-BBD80D223EFC}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{CEC564B1-5EBD-44C3-8805-091AFD28C8A7}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"{D24E3E8C-2B8A-4019-846B-B82D03B6BAB8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D26324B2-5593-402E-ADBE-967173CD2300}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{D4F1E313-5887-4B43-A664-4C982BFFA8C5}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{D9830543-D6AC-4D49-A891-F0BB1D68D003}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{DE77F8C0-BBB0-4C5E-A0B1-1559317D61DF}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxczcoms.exe |
"{DFD6BB54-008F-4928-AD17-D0727B8C218F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E866C8A6-F02A-446B-A349-F9B164C1A6A6}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{F145C4A2-1C02-42E8-982D-C808FC7F9813}" = protocol=6 | dir=in | app=c:\program files (x86)\webroot\webrootsecurity\spysweeperui.exe |
"{FA79CC34-8C3F-4059-8762-45B9BEFA8710}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{0CDE4773-ECC5-42F9-A979-885F24FA94CC}C:\program files (x86)\starcraft ii beta\versions\base14593\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base14593\sc2.exe |
"TCP Query User{20337CB5-AC5D-4993-8338-5731BB8C2209}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{2958038D-0C6B-44BC-BF1F-335D1B0C66C4}C:\program files (x86)\starcraft ii beta\versions\base14621\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base14621\sc2.exe |
"TCP Query User{41BF0471-65B0-40BC-A438-9DB021CE0852}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{49D578C6-4E7F-4390-9627-13031E6F7C2D}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{4DD53229-2F41-437F-AB77-3C67277F6DA4}C:\users\owner\downloads\starcraft_2_beta_enus.exe" = protocol=6 | dir=in | app=c:\users\owner\downloads\starcraft_2_beta_enus.exe |
"TCP Query User{4EE0AE55-DECC-4205-9584-D47D9D15569C}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{5CF64ED8-B331-449E-A104-099625668507}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{6E724A8B-7408-4E46-A657-18826CA7A0E8}C:\program files (x86)\starcraft ii beta\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\support\blizzarddownloader.exe |
"TCP Query User{7578A160-9214-489F-A66B-1E34561E6574}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{A6828D90-237C-4583-ADA8-FFD40BB83338}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{DEBFB646-9E4F-4388-88CC-D115727858E0}C:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"TCP Query User{F07BADED-B614-4056-AA50-767E064ED46D}C:\program files (x86)\starcraft ii beta\versions\base14803\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base14803\sc2.exe |
"UDP Query User{03453C93-1784-45F1-B3C9-AA2BA020D0DB}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{46D240CB-1C65-4B4A-B8B0-11B8371EE11F}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{5BB9DB11-3666-4022-9975-A00BA117626B}C:\program files (x86)\starcraft ii beta\versions\base14621\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base14621\sc2.exe |
"UDP Query User{6FD7C4C9-6B8C-4687-B969-5D14DE0EAAFD}C:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"UDP Query User{712A97CE-10EE-49E2-849B-893B7EF87DE8}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{7481CF8C-FCC1-41CB-8939-304B04D2C9C1}C:\program files (x86)\starcraft ii beta\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\support\blizzarddownloader.exe |
"UDP Query User{780257D5-46BE-4EFB-8710-5C6D844B7B31}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{8AC1E979-17A7-4D7E-A9E2-072D5D683103}C:\users\owner\downloads\starcraft_2_beta_enus.exe" = protocol=17 | dir=in | app=c:\users\owner\downloads\starcraft_2_beta_enus.exe |
"UDP Query User{B60C8BC1-A420-43B0-AE3D-7B6FB7F29C7C}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{B670FDD8-0D96-4450-81F1-239EC5E04469}C:\program files (x86)\starcraft ii beta\versions\base14593\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base14593\sc2.exe |
"UDP Query User{CF262553-B1AC-4612-8A75-E83B1B2FA8B2}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"UDP Query User{DB710D97-F320-4B4D-8AE7-AAFDC33B3C7E}C:\program files (x86)\starcraft ii beta\versions\base14803\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base14803\sc2.exe |
"UDP Query User{EDC7C327-B5A0-4359-B54D-70D122423052}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0335701D-8E28-4A7F-B0EF-312974755BB2}" = Modem Diagnostic Tool
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{82ED9FB2-55AF-4A61-A6F3-506CEE112779}" = Motorola Mobile Drivers Installation 4.7.1
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B35D33C7-3BFA-4943-8090-AFC05A4725DD}" = ESET NOD32 Antivirus
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem
"HDMI" = Intel® Graphics Media Accelerator Driver
"Lexmark 1200 Series" = Lexmark 1200 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{186A63A2-4256-43C6-8061-95EF77A5CDB6}" = Sid Meier's Civilization 4
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{298395ED-0FF8-4B50-8B65-0CE5D9909536}" = ColorClix
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B307310-53C1-8F80-465E-E2A96FA5EA5D}" = FlipShare
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7DE736C9-D452-4075-B449-82F585525E57}" = ImageShack Uploader 2.0
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E96AC7C-F1FB-4A82-933D-ED2A367C207A}" = Cozi
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BF1EC9C0-9C10-11DF-BBC7-005056C00008}" = Google Earth
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BitTorrent" = BitTorrent
"Browser Defender_is1" = Browser Defender 3.0
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"GameSpy Arcade" = GameSpy Arcade
"Hax264 Codec_is1" = Hax264 Codec 2.1.0.8
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"Jane's Zoo" = Jane's Zoo
"Lexmark 1200 Series" = Lexmark 1200 Series
"LimeWire" = LimeWire 5.5.13
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"NSS" = Norton Security Scan
"PC Tools File and Registry Tool_is1" = PC Tools Registry Tool
"Pony Luv" = Pony Luv
"PopCap Browser Plugin" = PopCap Browser Plugin
"QuickTime Converter_is1" = QuickTime Converter 2.1
"RCA Detective™_is1" = RCA Detective™ 2.0.0.99
"RCA Memory Manager_is1" = RCA Memory Manager 2.2.3.0
"RCA Updater_is1" = RCA Updater 1.0.2.0
"RealPlayer 12.0" = RealPlayer
"Road Runner Install_is1" = Road Runner Install
"SelectRebatesUninstall" = ShopAtHome.com Toolbar
"Spyware Doctor" = Spyware Doctor 8.0
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"YahELite" = YahELite 330.1
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"Zac Browser - English" = Zac Browser - English

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player
"SOE-Clone Wars" = Clone Wars
"SOE-Free Realms" = Free Realms
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/15/2010 10:02:58 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.

Error - 6/15/2010 10:02:59 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.

Error - 6/16/2010 12:01:04 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/16/2010 12:01:04 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = 416: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/16/2010 12:01:04 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = 412: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/16/2010 12:01:04 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = 420: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/16/2010 12:01:04 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = 424: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/16/2010 1:33:18 AM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application mcupdate.EXE, version 6.0.6002.18005, time stamp
0x49e03158, faulting module KERNEL32.dll, version 6.0.6002.18005, time stamp 0x49e041d1,
exception code 0xe0434f4d, fault offset 0x00000000000176fd, process id 0x520, application
start time 0x01cb0d15050b148a.

Error - 6/16/2010 9:44:51 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application mcupdate.EXE, version 6.0.6002.18005, time stamp
0x49e03158, faulting module KERNEL32.dll, version 6.0.6002.18005, time stamp 0x49e041d1,
exception code 0xe0434f4d, fault offset 0x00000000000176fd, process id 0xf58, application
start time 0x01cb0dbea44499aa.

Error - 6/17/2010 9:44:54 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application mcupdate.EXE, version 6.0.6002.18005, time stamp
0x49e03158, faulting module KERNEL32.dll, version 6.0.6002.18005, time stamp 0x49e041d1,
exception code 0xe0434f4d, fault offset 0x00000000000176fd, process id 0xedc, application
start time 0x01cb0e87ceac5dda.

[ Media Center Events ]
Error - 10/7/2009 2:04:54 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 5/15/2011 2:12:12 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
Description =

Error - 5/15/2011 4:13:00 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
Description =

Error - 5/15/2011 4:40:56 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
Description =

Error - 5/15/2011 5:24:27 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:22:20 PM on 5/15/2011 was unexpected.

Error - 5/15/2011 5:25:03 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
Description =

Error - 5/15/2011 5:25:10 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
Description =

Error - 5/15/2011 5:25:20 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
Description =

Error - 5/15/2011 5:25:20 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
Description =

Error - 5/16/2011 5:25:17 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
Description =

Error - 5/17/2011 5:25:32 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
Description =

< End of report >

So let's go

#4 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 18 May 2011 - 11:39 AM

Hi!

GooredFix
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

NEXT:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:OTL
SRV - [2010/02/03 22:40:44 | 000,094,294 | ---- | M] (Sver) [Disabled | Stopped] -- c:\Windows\SysWOW64\jidarmgc.exe -- (njgnkcyzebnueq)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
FF - prefs.js..keyword.URL: "http://www.search-results.com/web?o=15868&l=dis&prt=PRT&chn=UN&geo=US&ver=UN&q="
[2011/05/07 14:36:58 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\OWNER\APPDATA\LOCAL\{96CA5E28-7CBF-4C97-9B58-E71DA0914A11}
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - File not found
O4:64bit: - HKLM..\Run: [Skytel] File not found
O4 - HKLM..\Run: [SelectRebates] File not found
O4 - HKCU..\Run: [exqomlds] File not found
O4 - HKCU..\Run: [Ghawavecazucul] C:\Users\Owner\AppData\Local\oxeguyoyamu.dll (Hauppauge Computer Works.)
O4 - HKCU..\Run: [Qheqezudanaw] File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O30:64bit: - LSA: Authentication Packages - (ows\w) - File not found
O30 - LSA: Authentication Packages - (ows\w) - File not found
O30:64bit: - LSA: Security Packages - (T2㐀㠵ᘨ 協歰⹧汤l<뻯㠵ᘨ㠵ᘨ&) - File not found
O30:64bit: - LSA: Security Packages - (屛) - File not found
O30 - LSA: Security Packages - (ges - (屛) - File not found) - File not found
O30 - LSA: Security Packages - () - File) - File not found
O33 - MountPoints2\{197ea9d5-2fc9-11df-9d15-00219b1fb77b}\Shell\AutoRun\command - "" = M:\Setup_FlipShare.exe
O33 - MountPoints2\{197ea9d5-2fc9-11df-9d15-00219b1fb77b}\Shell\Setup FlipShare\command - "" = M:\Setup_FlipShare.exe
O33 - MountPoints2\{1dea7b99-053e-11e0-acd8-00219b1fb77b}\Shell - "" = AutoRun
O33 - MountPoints2\{1dea7b99-053e-11e0-acd8-00219b1fb77b}\Shell\AutoRun\command - "" = N:\setup.exe -a
O33 - MountPoints2\{3ae4a97a-4bb4-11df-b2e3-00219b1fb77b}\Shell\AutoRun\command - "" = M:\rcasw_setup.exe
O33 - MountPoints2\{3ae4a97a-4bb4-11df-b2e3-00219b1fb77b}\Shell\Manage your videos\command - "" = RCAMemoryMgr.exe
O33 - MountPoints2\{4b437c19-299a-11df-9ec2-00219b1fb77b}\Shell - "" = AutoRun
O33 - MountPoints2\{4b437c19-299a-11df-9ec2-00219b1fb77b}\Shell\AutoRun\command - "" = L:\autorun.exe
[2011/05/07 14:36:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{96CA5E28-7CBF-4C97-9B58-E71DA0914A11}
[2011/05/05 17:16:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{4E55333F-1AAF-476C-B93C-EE4D2E1849B9}
[2009/07/10 16:00:18 | 000,376,832 | ---- | C] (Hauppauge Computer Works.) -- C:\Users\Owner\AppData\Local\oxeguyoyamu.dll
[2011/05/15 09:14:28 | 000,000,120 | ---- | M] () -- C:\Users\Owner\AppData\Local\Bkikocelozugec.dat
[2011/05/15 09:14:21 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\Jtenig.bin
[2011/05/14 09:47:57 | 000,014,420 | -HS- | M] () -- C:\Users\Owner\AppData\Local\l1mt4nci68jk2ni176
[2011/05/14 09:47:57 | 000,014,420 | -HS- | M] () -- C:\ProgramData\l1mt4nci68jk2ni176
[2011/05/11 06:38:33 | 000,010,406 | -HS- | M] () -- C:\ProgramData\5162qny2ob203v1p2ryg257h14
[2011/05/11 06:38:32 | 000,010,406 | -HS- | M] () -- C:\Users\Owner\AppData\Local\5162qny2ob203v1p2ryg257h14
[2011/05/10 17:31:09 | 000,232,854 | -HS- | M] () -- C:\Users\Owner\AppData\Local\ehn.exe
[2011/05/13 17:22:12 | 000,014,420 | -HS- | C] () -- C:\Users\Owner\AppData\Local\l1mt4nci68jk2ni176
[2011/05/13 17:22:12 | 000,014,420 | -HS- | C] () -- C:\ProgramData\l1mt4nci68jk2ni176
[2011/05/10 17:31:46 | 000,010,406 | -HS- | C] () -- C:\Users\Owner\AppData\Local\5162qny2ob203v1p2ryg257h14
[2011/05/10 17:31:46 | 000,010,406 | -HS- | C] () -- C:\ProgramData\5162qny2ob203v1p2ryg257h14
[2011/05/10 17:31:09 | 000,232,854 | -HS- | C] () -- C:\Users\Owner\AppData\Local\ehn.exe
[2011/05/07 14:37:00 | 000,000,120 | ---- | C] () -- C:\Users\Owner\AppData\Local\Bkikocelozugec.dat
[2011/05/07 14:37:00 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\Jtenig.bin
:Reg

:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform quick scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT:

What issues are you currently experiencing with your computer?

#5 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 20 May 2011 - 02:32 PM

Still with me?

#6 pm2011

New Member

Group: Members
Posts: 9
Joined: 09-May 11
Gender:Female

Posted 23 May 2011 - 10:43 AM

I've been locked out of my computer for days now and it won't let me sign into windows. After inputing the info to log on to windows I get a message that says "invalid handle". I'm highly suspicious.

So let's go

#7 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 23 May 2011 - 11:34 AM

Have you tried to log in with Safe Mode? or Last Known Good Configuration?

Entering Safe Mode

Restart your computer.
As the computer starts to boot-up, Tap the F8 KEY repeatedly,
This will bring up a menu.
Use the Up and Down Arrow Keys to scroll to Safe Mode
Then press the Enter Key on your Keyboard
Go into your usual account

Last Known Good Configuration

Start the computer by using the last known good configuration. To start the computer by using the last known good configuration, follow these steps:

Restart your computer.
As the computer starts to boot-up, Tap the F8 KEY repeatedly,
This will bring up a menu.
Use the Up and Down Arrow Keys to scroll to Last Known Good Configuration
Then press the Enter Key on your Keyboard
Go into your usual account

#8 pm2011

New Member

Group: Members
Posts: 9
Joined: 09-May 11
Gender:Female

Posted 23 May 2011 - 09:14 PM

That was the first thing I checked. Safe mode, DOS mode requires you to sign in and same message. "handle not found" or invalid handle. I'm worse off now than before.

So let's go

#9 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 24 May 2011 - 01:06 PM

Do you happen to have your Windows Vista disc?

#10 pm2011

New Member

Group: Members
Posts: 9
Joined: 09-May 11
Gender:Female

Posted 25 May 2011 - 02:25 AM

I don't think so. We bought our computer at best buy. Do they usually give you the disc?

So let's go

#11 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 25 May 2011 - 11:10 AM

Hi!

I'm not sure if they'd give you Windows discs or not.

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetboot...dows-latest.exe to the desktop of your clean computer

Insert your USB drive
Press Start > My Computer > right click your USB drive > choose Format > Quick format
Double click the unetbootin-xpud-windows-387.exe that you just downloaded
Press Run then OK
It will install a little bootable OS on your USB
After it has completed do not choose to reboot the clean computer simply close the installer
Next download http://noahdfear.net/downloads/xPUD_userinit_fix to your USB
Remove the USB and insert it in the sick computer
Boot the Sick computer
Press F12 and choose to boot from the USB
Follow the prompts
A Welcome to xPUD screen will appear
Press File
Expand mnt
sda1,2...usually corresponds to your HDD
sdb1 is likely your USB
Click on the folder that represents your USB drive (sdb1 ?)
Confirm that you see xPUD_userinit_fix that you downloaded there
Press Tool at the top
Choose Open Terminal
Type bash xPUD_userinit_fix
Press Enter
After it has finished a report will be located on your USB drive named UserinetReport.txt
Remove the USB drive and insert back in your working computer and navigate to UserinetReport.txt

Please note - all text entries are case sensitive

Copy and paste the UserinetReport.txt for my review

#12 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 30 May 2011 - 11:41 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.