Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Coupon Printer, should I remove?

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
Danfun64
Junior Member


Joined: 27 Jul 2010
Last Visit: 15 Apr 2013
Posts: 16

PostPosted: Sun Mar 04, 2012 3:19 pm    Post subject: Coupon Printer, should I remove? Reply with quote

Hello, a few days ago a program called Coupon Printer for Windows was installed on this computer. It seemed that ever since the computer slowed down a little, but I'm not sure if the program is legit or not. Nonetheless, I hope you can help me, if necessary, remove this issue.

DDS Logs follows:

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.2.0
Run by Lisa Oakley at 18:12:57 on 2012-03-04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.387 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
svchost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bsecure\InetCtrl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Bsecure\BsecAV.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Bsecure\BSecAMX.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Lisa Oakley\My Documents\Downloads\HijackThis.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=Z4xdm037YYus&ptb=87C8DAD9-9D98-400A-8C06-5A2EB89CFC48&si=XXXXXXXXXX
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [Voobly]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [CloudCare] c:\program files\bsecure\BsecTray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
LSP: %ProgramFiles%\Bsecure\InetCtrl57.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250105583375
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{76F00CF9-7BFF-438E-A6E2-4E77FBB9A1A3} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E3CDD3A4-9D84-4B97-BFEF-1411CD48B998} : DhcpNameServer = 192.168.1.1
IFEO: taskmgr.exe - "c:\documents and settings\lisa oakley\my documents\procexp\PROCEXP.EXE"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\lisa oakley\application data\mozilla\firefox\profiles\ztcl7rcw.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.ixquick.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\lisa oakley\application data\mozilla\firefox\profiles\ztcl7rcw.default\extensions\coralietab@mozdev.org\plugins\npCoralIETab.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165648]
R1 MpKsldc1d4fc8;MpKsldc1d4fc8;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c6958c11-065e-4167-8686-4c074746f43b}\MpKsldc1d4fc8.sys [2012-3-4 29904]
R2 Bsecure;CloudCare;c:\program files\bsecure\InetCtrl.exe [2011-8-10 66344]
R2 BsecureAV;CloudCare AntiVirus;c:\program files\bsecure\BsecAV.exe [2011-8-10 161776]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-8-19 21992]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2009-12-5 135320]
R3 BSecACFltr;BSecACFltr;c:\windows\system32\drivers\BSecACFltr.sys [2012-1-18 21624]
R3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\drivers\PPJoyBus.sys [2009-11-3 15936]
R3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\drivers\PPortJoy.sys [2009-11-3 31808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ISLNDIS5;ISLNDIS5 Protocol Driver;\??\c:\docume~1\lisaoa~1\locals~1\temp\msbndo~1\islndis5.sys --> c:\docume~1\lisaoa~1\locals~1\temp\msbndo~1\ISLNDIS5.SYS [?]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2011-11-4 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]
S3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\drivers\vsc.sys --> c:\windows\system32\drivers\vsc.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\drivers\wusb54gscv2.sys --> c:\windows\system32\drivers\WUSB54GSCV2.sys [?]
.
=============== Created Last 30 ================
.
2012-03-04 17:41:09 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c6958c11-065e-4167-8686-4c074746f43b}\MpKsldc1d4fc8.sys
2012-03-04 16:41:10 6552120 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c6958c11-065e-4167-8686-4c074746f43b}\mpengine.dll
2012-02-29 23:03:45 -------- d-----w- C:\temp
2012-02-26 00:46:32 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2012-02-26 00:46:21 -------- d-----w- c:\program files\Coupons
2012-02-25 18:21:11 -------- d-----w- c:\documents and settings\lisa oakley\Synfig
2012-02-25 18:15:25 -------- d-----w- c:\program files\Synfig
2012-02-16 22:43:01 -------- d-----w- c:\documents and settings\lisa oakley\local settings\application data\wuaschtbrot
2012-02-10 22:21:27 -------- d-----w- c:\program files\WinHTTrack
.
==================== Find3M ====================
.
2012-01-31 19:39:38 237568 ----a-w- c:\windows\system32\BtwRSupport.dll
2012-01-31 19:39:35 93736 ----a-w- c:\windows\system32\drivers\btwsecfl.sys
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-02 22:15:05 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-01-02 22:06:25 840264 ----a-w- c:\windows\system32\pbsvc.exe
2011-12-19 16:38:42 141312 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-19 16:38:40 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-19 16:38:39 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-17 17:54:13 47104 ----a-w- c:\windows\system32\KMVIDC32.DLL
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-12-11 23:48:14 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-11 23:48:13 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-12-09 20:54:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2006-05-03 16:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 17:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 19:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 04:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
============= FINISH: 18:14:46.59 ===============

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/10/2009 12:08:21 PM
System Uptime: 3/4/2012 11:29:28 AM (7 hours ago)
.
Motherboard: Dell Computer Corp. | | 0F5949
Processor: Intel(R) Celeron(R) CPU 2.40GHz | Microprocessor | 2392/400mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 13.925 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP600: 2/3/2012 11:13:15 PM - Software Distribution Service 3.0
RP601: 2/4/2012 10:53:06 PM - Software Distribution Service 3.0
RP602: 2/5/2012 11:50:46 AM - Installed Strawberry Perl
RP603: 2/5/2012 1:21:12 PM - Removed Strawberry Perl
RP604: 2/5/2012 11:42:57 PM - Software Distribution Service 3.0
RP605: 2/7/2012 12:24:47 AM - Software Distribution Service 3.0
RP606: 2/7/2012 12:55:36 AM - Software Distribution Service 3.0
RP607: 2/7/2012 1:35:28 AM - Software Distribution Service 3.0
RP608: 2/7/2012 11:32:25 PM - Software Distribution Service 3.0
RP609: 2/8/2012 11:51:40 AM - Software Distribution Service 3.0
RP610: 2/8/2012 11:39:47 PM - Software Distribution Service 3.0
RP611: 2/9/2012 1:05:33 AM - Software Distribution Service 3.0
RP612: 2/9/2012 11:21:40 PM - Software Distribution Service 3.0
RP613: 2/10/2012 11:42:15 AM - Software Distribution Service 3.0
RP614: 2/10/2012 11:31:48 PM - Software Distribution Service 3.0
RP615: 2/11/2012 1:32:39 AM - Software Distribution Service 3.0
RP616: 2/11/2012 11:44:09 PM - Software Distribution Service 3.0
RP617: 2/12/2012 9:12:08 AM - Software Distribution Service 3.0
RP618: 2/12/2012 11:23:48 PM - Software Distribution Service 3.0
RP619: 2/13/2012 11:20:49 AM - Software Distribution Service 3.0
RP620: 2/13/2012 11:22:47 PM - Software Distribution Service 3.0
RP621: 2/14/2012 1:59:57 PM - Software Distribution Service 3.0
RP622: 2/15/2012 4:36:21 PM - System Checkpoint
RP623: 2/15/2012 11:39:31 PM - Software Distribution Service 3.0
RP624: 2/16/2012 10:03:35 AM - Software Distribution Service 3.0
RP625: 2/16/2012 11:35:44 PM - Software Distribution Service 3.0
RP626: 2/17/2012 6:23:38 AM - Software Distribution Service 3.0
RP627: 2/17/2012 12:00:25 PM - Software Distribution Service 3.0
RP628: 2/18/2012 12:06:59 AM - Software Distribution Service 3.0
RP629: 2/18/2012 11:33:35 PM - Software Distribution Service 3.0
RP630: 2/19/2012 12:08:35 PM - Software Distribution Service 3.0
RP631: 2/20/2012 12:03:44 AM - Software Distribution Service 3.0
RP632: 2/20/2012 11:56:56 PM - Software Distribution Service 3.0
RP633: 2/21/2012 10:27:48 AM - Software Distribution Service 3.0
RP634: 2/22/2012 2:02:37 AM - Software Distribution Service 3.0
RP635: 2/22/2012 11:37:25 PM - Software Distribution Service 3.0
RP636: 2/23/2012 10:30:43 AM - Software Distribution Service 3.0
RP637: 2/23/2012 11:49:43 PM - Software Distribution Service 3.0
RP638: 2/24/2012 7:36:57 PM - Software Distribution Service 3.0
RP639: 2/24/2012 11:46:48 PM - Software Distribution Service 3.0
RP640: 2/25/2012 11:20:05 PM - Software Distribution Service 3.0
RP641: 2/26/2012 12:24:48 PM - Software Distribution Service 3.0
RP642: 2/26/2012 11:32:41 PM - Software Distribution Service 3.0
RP643: 2/27/2012 11:54:53 PM - System Checkpoint
RP644: 2/28/2012 12:05:43 AM - Software Distribution Service 3.0
RP645: 2/28/2012 10:15:27 AM - Software Distribution Service 3.0
RP646: 2/28/2012 11:40:10 PM - Software Distribution Service 3.0
RP647: 3/1/2012 12:00:22 AM - Software Distribution Service 3.0
RP648: 3/1/2012 10:20:51 AM - Software Distribution Service 3.0
RP649: 3/1/2012 11:53:00 PM - Software Distribution Service 3.0
RP650: 3/2/2012 11:38:23 PM - Software Distribution Service 3.0
RP651: 3/3/2012 10:48:25 AM - Software Distribution Service 3.0
RP652: 3/3/2012 11:57:56 PM - Software Distribution Service 3.0
RP653: 3/4/2012 11:41:00 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
µTorrent
7-Zip 9.22beta
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.6
AnyToISO
Audacity 1.3.13 (Unicode)
AviSynth 2.5
Broadcom 440x 10/100 Integrated Controller
Canon Easy-PhotoPrint EX
Canon MP Navigator EX 4.1
Canon MX410 series MP Drivers
Canon MX410 series User Registration
Canon My Printer
Canon Speed Dial Utility
CCleaner
Chromium
CloudCare
Coupon Printer for Windows
CPUID CPU-Z 1.58
Defraggler
Dell ResourceCD
DivXLand Media Subtitler
DVD Decrypter (Remove Only)
e-Sword
ffdshow [rev 3154] [2009-12-09]
FFmpeg v0.6.2 for Audacity
Fraps (remove only)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HyperCam 2
ImgBurn
InfraRecorder
Java Auto Updater
Java(TM) 7 Update 2
LAME v3.98.3 for Audacity
Lernout & Hauspie TruVoice American English TTS Engine
LibreOffice 3.4
LibreOffice 3.4 Help Pack (English)
M3 GAME Manager Uninstall
MASH
Media Player Classic - Home Cinema v1.5.2.3456
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Mike and Mary TTS Engines 5.1
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows Media Video 9 VCM
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Mission Pack
Mozilla Firefox 10.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NDS GBM GBA Movie Player(M3) Converter Crystal Ver1.21
Notepad++
NVIDIA Drivers
OpenAL
OpenMPT 1.19
Paint.NET v3.5.10
Photo Story 3 for Windows
Pinnacle Studio 15
Pinnacle Studio Bonus Content
Pinnacle Video Driver
PPJoy Joystick Driver 0.8.4.5
QT Lite 2.9.0
RAD Video Tools
Secret Maryo Chronicles
Secret Maryo Chronicles Music Pack
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
sfArk
Sound Club
SoundMAX
Speakonia
SUPER © v2012.build.50 (February 21st, 2012) version v2012.buil
swMSM
Synfig Studio
System Requirements Lab
TI Connect 1.6
Universal Extractor 1.6.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VOB2MPG v3
WebFldrs XP
WIDCOMM Bluetooth Software
Winamp
Winamp Detector Plug-in
WinCDEmu
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinHTTrack Website Copier 3.44-4
Xvid Video Codec
YULS -- YUVsoft's lossless video codec (Remove Only)
Zip Motion Block Video codec (Remove Only)
.
==== Event Viewer Messages From Past Week ========
.
2/28/2012 11:40:17 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800f0102: Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP3 (KB978695).
2/28/2012 11:40:16 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800f0102: Security Update for Windows XP Service Pack 3 (KB952069).
.
==== End Of File ===========================

I'm not sure if you want this, but I have also used hijackthis to create a report.

Hijackthis report follows:

hijackthis.log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:15:33 PM, on 3/4/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bsecure\InetCtrl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Bsecure\BsecAV.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Bsecure\BSecAMX.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Lisa Oakley\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=Z4xdm037YYus&ptb=87C8DAD9-9D98-400A-8C06-5A2EB89CFC48&si=69426942
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [CloudCare] C:\Program Files\Bsecure\BsecTray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Broken Internet access because of LSP provider '%programfiles%\bsecure\inetctrl57.dll' missing
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250105583375
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: CloudCare (Bsecure) - Bsecure Technologies, Inc. - C:\Program Files\Bsecure\InetCtrl.exe
O23 - Service: CloudCare AntiVirus (BsecureAV) - Bsecure Technologies, Inc. - C:\Program Files\Bsecure\BsecAV.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6942 bytes
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Sep 2014
Posts: 9979
Location: Yorkshire

PostPosted: Sun Mar 04, 2012 10:44 pm    Post subject: Reply with quote

Looking over your logs, back soon.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Sep 2014
Posts: 9979
Location: Yorkshire

PostPosted: Sun Mar 04, 2012 10:59 pm    Post subject: Reply with quote

Quote:
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Help with spyware removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi Danfun64

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please observe these rules while we work:

  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.

If you can do these things, everything should go smoothly.

  • If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
  • If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

Important As I said earlier removing Malware is a potentially hazardous thing to do, so to increase our chances of recovery in the event of something unexpected happening, I'd like you to make a backup of your Registry before we start to clean your computer.

  • Download ERUNT to your desktop
  • Alternate Download
  • Double-click on erunt_setup.exe to install the program
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt.
  • Accept the default options for running a backup.
  • Erunt will then backup your registry.
  • Click OK to finish.
  • If you are unable to back up your Registry with ERUNT ....

    • Let me know.
    • Do not follow any further instructions until I tell you to.


Quote:
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


There are a number of minor signs that suggest you may have picked up an infection, or that you have had one and it has not been fully removed.

As a consequence I'd like to run some further scans on your machine so we can ascertain what needs to be taken care of.

First

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.


  • Double click OTL.exe to launch the programme.
  • Check the following.

    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.

  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.

    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)

  • Please post me both logs.


Next

Download TDSSKiller.zip and extract it to your Desktop.

  • Double click on TDSSKiller.exe to launch it.

    • If using Vista or Windows7, when prompted by UAC allow the prompt.

  • Click on Change parameters

    • Check Detect TDLFS file system
    • Click OK

  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT


Summary of the logs I need from you in your next post:

  • OTL.txt
  • Extras.txt
  • TDSSKiller log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Danfun64
Junior Member


Joined: 27 Jul 2010
Last Visit: 15 Apr 2013
Posts: 16

PostPosted: Mon Mar 05, 2012 11:02 am    Post subject: Reply with quote

I successfully ran ERUNT.

OTL.txt

OTL logfile created on: 3/5/2012 1:52:57 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\Lisa Oakley\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.00 Mb Total Physical Memory | 372.93 Mb Available Physical Memory | 36.49% Memory free
2.40 Gb Paging File | 1.91 Gb Available in Paging File | 79.49% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 13.82 Gb Free Space | 37.10% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 361.86 Gb Free Space | 77.69% Space Free | Partition Type: NTFS

Computer Name: OAKLEY05 | User Name: Lisa Oakley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/05 13:51:48 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisa Oakley\My Documents\Downloads\OTL.exe
PRC - [2012/02/18 10:50:53 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/19 11:38:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/07/11 16:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011/06/25 11:59:55 | 000,161,776 | ---- | M] (Bsecure Technologies, Inc.) -- C:\Program Files\Bsecure\BsecAV.exe
PRC - [2011/06/25 11:59:34 | 000,066,344 | ---- | M] (Bsecure Technologies, Inc.) -- C:\Program Files\Bsecure\InetCtrl.exe
PRC - [2011/06/25 11:59:34 | 000,022,824 | ---- | M] () -- C:\Program Files\Bsecure\BsecAMX.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/07/25 21:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/29 15:11:56 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/02/20 10:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/18 10:50:46 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/12/09 15:54:41 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/25 11:59:37 | 000,057,128 | ---- | M] () -- C:\Program Files\Bsecure\BsecZlib.dll
MOD - [2011/06/25 11:59:34 | 000,022,824 | ---- | M] () -- C:\Program Files\Bsecure\BsecAMX.exe
MOD - [2008/12/05 16:22:48 | 000,839,680 | ---- | M] () -- C:\WINDOWS\system32\timiditydrv.dll
MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/01/29 15:05:48 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2008/01/29 15:03:28 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/12/19 11:38:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/06/25 11:59:55 | 000,161,776 | ---- | M] (Bsecure Technologies, Inc.) [Auto | Running] -- C:\Program Files\Bsecure\BsecAV.exe -- (BsecureAV)
SRV - [2011/06/25 11:59:34 | 000,066,344 | ---- | M] (Bsecure Technologies, Inc.) [Auto | Running] -- C:\Program Files\Bsecure\InetCtrl.exe -- (Bsecure)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2005/10/24 08:33:04 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcjcoms.exe -- (lxcj_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WUSB54GSCV2)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (vsc32)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (VBoxNetFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (ISLNDIS5)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/11/04 13:42:02 | 000,104,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/04/26 14:23:50 | 000,049,088 | ---- | M] (BSafe Online) [File_System | Boot | Unknown] -- C:\WINDOWS\system32\drivers\BsecFltr.sys -- (BsecureFilter)
DRV - [2010/02/05 12:40:12 | 000,021,624 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BSecACFltr.sys -- (BSecACFltr)
DRV - [2009/12/06 05:24:21 | 000,135,320 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV - [2009/11/03 22:03:56 | 000,031,808 | ---- | M] (Deon van der Westhuysen) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PPortJoy.sys -- (PPortJoystick)
DRV - [2009/11/03 22:03:56 | 000,015,936 | ---- | M] (Deon van der Westhuysen) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PPJoyBus.sys -- (PPJoyBus)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/04/13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/12/10 20:21:26 | 000,539,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/11/27 23:40:38 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/11/21 18:51:30 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/10/02 04:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/06/29 19:38:30 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/03/31 20:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007/03/23 17:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005/09/23 21:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004/02/04 09:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2003/07/16 15:40:09 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/07/16 15:40:08 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/06/30 18:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-842925246-436374069-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=Z4xdm037YYus&ptb=87C8DAD9-9D98-400A-8C06-5A2EB89CFC48&si=XXXXXXXXXX
IE - HKU\S-1-5-21-842925246-436374069-725345543-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-842925246-436374069-725345543-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-842925246-436374069-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.ixquick.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/18 10:50:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/25 19:46:26 | 000,000,000 | ---D | M]

[2011/03/12 22:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lisa Oakley\Application Data\Mozilla\Extensions
[2012/03/02 09:42:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lisa Oakley\Application Data\Mozilla\Firefox\Profiles\ztcl7rcw.default\extensions
[2011/05/26 20:28:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lisa Oakley\Application Data\Mozilla\Firefox\Profiles\ztcl7rcw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/23 22:01:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Lisa Oakley\Application Data\Mozilla\Firefox\Profiles\ztcl7rcw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/03/02 09:42:03 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Lisa Oakley\Application Data\Mozilla\Firefox\Profiles\ztcl7rcw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/09/01 18:10:47 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Documents and Settings\Lisa Oakley\Application Data\Mozilla\Firefox\Profiles\ztcl7rcw.default\extensions\coralietab@mozdev.org
[2012/03/03 10:46:55 | 000,001,590 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\Application Data\Mozilla\Firefox\Profiles\ztcl7rcw.default\searchplugins\ixquick-https.xml
[2012/03/01 14:16:58 | 000,009,634 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\Application Data\Mozilla\Firefox\Profiles\ztcl7rcw.default\searchplugins\my-web-search.xml
[2011/12/19 11:34:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\LISA OAKLEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ZTCL7RCW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\LISA OAKLEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ZTCL7RCW.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012/02/18 10:50:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/07/11 16:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/02/14 16:12:52 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/14 16:12:52 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2003/07/16 15:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CloudCare] C:\Program Files\Bsecure\BsecTray.exe (Bsecure Technologies, Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-842925246-436374069-725345543-1005..\Run: [Voobly] File not found
O4 - HKU\S-1-5-21-842925246-436374069-725345543-1005..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-436374069-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250105583375 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76F00CF9-7BFF-438E-A6E2-4E77FBB9A1A3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3CDD3A4-9D84-4B97-BFEF-1411CD48B998}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\DOCUMENTS AND SETTINGS\LISA OAKLEY\MY DOCUMENTS\PROCEXP\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009/08/10 11:03:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0c087642-4be8-11df-9d82-bb75fe3114b6}\Shell - "" = AutoRun
O33 - MountPoints2\{0c087642-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c087642-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun\command - "" = F:\alliance.exe
O33 - MountPoints2\{0c087646-4be8-11df-9d82-bb75fe3114b6}\Shell - "" = AutoRun
O33 - MountPoints2\{0c087646-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c087646-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{0c087648-4be8-11df-9d82-bb75fe3114b6}\Shell - "" = AutoRun
O33 - MountPoints2\{0c087648-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c087648-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{12b162bd-280e-11e1-9eec-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{12b162bd-280e-11e1-9eec-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{12b162bd-280e-11e1-9eec-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{170a0c22-fc19-11e0-9e9d-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{170a0c22-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{170a0c22-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\autorun\autorun.exe
O33 - MountPoints2\{170a0c26-fc19-11e0-9e9d-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{170a0c26-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{170a0c26-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\autorun\autorun.exe
O33 - MountPoints2\{170a0c27-fc19-11e0-9e9d-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{170a0c27-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{170a0c27-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\autorun\autorun.exe
O33 - MountPoints2\{1db79530-49a5-11df-9d7e-aceeac55215f}\Shell - "" = AutoRun
O33 - MountPoints2\{1db79530-49a5-11df-9d7e-aceeac55215f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1db79530-49a5-11df-9d7e-aceeac55215f}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{2a6cc000-f81d-11e0-9e96-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{2a6cc000-f81d-11e0-9e96-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a6cc000-f81d-11e0-9e96-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{393fd8dc-9d8a-11df-9dde-e7ef8e258bc1}\Shell - "" = AutoRun
O33 - MountPoints2\{393fd8dc-9d8a-11df-9dde-e7ef8e258bc1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{393fd8dc-9d8a-11df-9dde-e7ef8e258bc1}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{393fd8dd-9d8a-11df-9dde-e7ef8e258bc1}\Shell - "" = AutoRun
O33 - MountPoints2\{393fd8dd-9d8a-11df-9dde-e7ef8e258bc1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{393fd8dd-9d8a-11df-9dde-e7ef8e258bc1}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{3dc0e9ca-413e-11e1-9f10-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{3dc0e9ca-413e-11e1-9f10-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3dc0e9ca-413e-11e1-9f10-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\outlaws.exe
O33 - MountPoints2\{3dc0e9d0-413e-11e1-9f10-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{3dc0e9d0-413e-11e1-9f10-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3dc0e9d0-413e-11e1-9f10-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\outlaws.exe
O33 - MountPoints2\{3e6b2c2c-e5fd-11e0-9e7e-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{3e6b2c2c-e5fd-11e0-9e7e-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3e6b2c2c-e5fd-11e0-9e7e-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{42ad5eaa-d19d-11e0-9e63-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{42ad5eaa-d19d-11e0-9e63-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{42ad5eaa-d19d-11e0-9e63-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{45bcddcf-e6b2-11e0-9e7f-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{45bcddcf-e6b2-11e0-9e7f-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45bcddcf-e6b2-11e0-9e7f-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{45f3800c-d49c-11e0-9e67-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{45f3800c-d49c-11e0-9e67-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45f3800c-d49c-11e0-9e67-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{45f38020-d49c-11e0-9e67-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{45f38020-d49c-11e0-9e67-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45f38020-d49c-11e0-9e67-000f1f57cdbd}\Shell\AutoRun\command - "" = H:\Setup.now.exe
O33 - MountPoints2\{75081fdd-39c0-11df-9d65-a7a0cb42c7e7}\Shell - "" = AutoRun
O33 - MountPoints2\{75081fdd-39c0-11df-9d65-a7a0cb42c7e7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{75081fdd-39c0-11df-9d65-a7a0cb42c7e7}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{7b87d44c-d349-11e0-9e65-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{7b87d44c-d349-11e0-9e65-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7b87d44c-d349-11e0-9e65-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{7d7d0cc6-10e1-11df-9d2c-d06a6bfb46e9}\Shell - "" = AutoRun
O33 - MountPoints2\{7d7d0cc6-10e1-11df-9d2c-d06a6bfb46e9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7d7d0cc6-10e1-11df-9d2c-d06a6bfb46e9}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{7ddba500-4a2b-11df-9d80-a6d525802ae5}\Shell - "" = AutoRun
O33 - MountPoints2\{7ddba500-4a2b-11df-9d80-a6d525802ae5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7ddba500-4a2b-11df-9d80-a6d525802ae5}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{822c7712-12ac-11df-9d2f-881aeaa2d6f0}\Shell - "" = AutoRun
O33 - MountPoints2\{822c7712-12ac-11df-9d2f-881aeaa2d6f0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{822c7712-12ac-11df-9d2f-881aeaa2d6f0}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{86169b70-d275-11e0-9e64-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{86169b70-d275-11e0-9e64-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{86169b70-d275-11e0-9e64-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{8a11d0f0-4cb1-11df-9d83-cfe0f9edcec6}\Shell - "" = AutoRun
O33 - MountPoints2\{8a11d0f0-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a11d0f0-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{8a11d0f1-4cb1-11df-9d83-cfe0f9edcec6}\Shell - "" = AutoRun
O33 - MountPoints2\{8a11d0f1-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a11d0f1-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun\command - "" = F:\alliance.exe
O33 - MountPoints2\{8a11d0f2-4cb1-11df-9d83-cfe0f9edcec6}\Shell - "" = AutoRun
O33 - MountPoints2\{8a11d0f2-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a11d0f2-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{8a11d0f4-4cb1-11df-9d83-cfe0f9edcec6}\Shell - "" = AutoRun
O33 - MountPoints2\{8a11d0f4-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a11d0f4-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{99357521-28b3-11e1-9eee-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{99357521-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{99357521-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{99357526-28b3-11e1-9eee-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{99357526-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{99357526-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\Setup.now.exe
O33 - MountPoints2\{99357538-28b3-11e1-9eee-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{99357538-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{99357538-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\Setup.now.exe
O33 - MountPoints2\{9bdf5702-c2a2-11df-9deb-af0ff51858cc}\Shell - "" = AutoRun
O33 - MountPoints2\{9bdf5702-c2a2-11df-9deb-af0ff51858cc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9bdf5702-c2a2-11df-9deb-af0ff51858cc}\Shell\AutoRun\command - "" = F:\alliance.exe
O33 - MountPoints2\{9bdf570b-c2a2-11df-9deb-c3dcb8120470}\Shell - "" = AutoRun
O33 - MountPoints2\{9bdf570b-c2a2-11df-9deb-c3dcb8120470}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9bdf570b-c2a2-11df-9deb-c3dcb8120470}\Shell\AutoRun\command - "" = F:\tiestart.exe
O33 - MountPoints2\{9bdf570c-c2a2-11df-9deb-c3dcb8120470}\Shell - "" = AutoRun
O33 - MountPoints2\{9bdf570c-c2a2-11df-9deb-c3dcb8120470}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9bdf570c-c2a2-11df-9deb-c3dcb8120470}\Shell\AutoRun\command - "" = F:\alliance.exe
O33 - MountPoints2\{aa498b04-cf1d-11e0-9e55-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{aa498b04-cf1d-11e0-9e55-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aa498b04-cf1d-11e0-9e55-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell - "" = AutoRun
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\AutoRun\command - "" = F:\aoesetup.exe /autorun
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\directx\command - "" = F:\DirectX\dxsetup.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\dplay\command - "" = F:\DirectX\dplay61a.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\dxdiag\command - "" = F:\goodies\ar40eng.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\dxinfo\command - "" = F:\goodies\DirectX\dxinfo.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\dxtest\command - "" = F:\DirectX\dxdiag.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\dxtool\command - "" = F:\goodies\DirectX\dxtool.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\log\command - "" = F:\goodies\machine\machine.exe -l
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\machine\command - "" = F:\goodies\machine\machine.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\setup\command - "" = F:\aoesetup.exe /autorun
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\zone\command - "" = F:\goodies\mszone\zoneA600.exe
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell - "" = AutoRun
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\adobe\command - "" = F:\goodies\ar405eng.exe
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\AutoRun\command - "" = F:\aocsetup.exe /autorun
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\log\command - "" = F:\goodies\machine\machine.exe -l
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\machine\command - "" = F:\goodies\machine\machine.exe
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\setup\command - "" = F:\aocsetup.exe /autorun
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\zone\command - "" = F:\goodies\mszone\zonea660.exe
O33 - MountPoints2\{b69dee5a-d0ff-11e0-9e60-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{b69dee5a-d0ff-11e0-9e60-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b69dee5a-d0ff-11e0-9e60-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\xwingtie.exe
O33 - MountPoints2\{ce4fbdbc-cfe6-11e0-9e56-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{ce4fbdbc-cfe6-11e0-9e56-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ce4fbdbc-cfe6-11e0-9e56-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun\command - "" = H:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\directx\command - "" = H:\DirectX\dxsetup.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dplay\command - "" = H:\DirectX\dplay61a.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxdiag\command - "" = H:\goodies\ar40eng.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxinfo\command - "" = H:\goodies\DirectX\dxinfo.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtest\command - "" = H:\DirectX\dxdiag.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtool\command - "" = H:\goodies\DirectX\dxtool.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\log\command - "" = H:\goodies\machine\machine.exe -l
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\machine\command - "" = H:\goodies\machine\machine.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\setup\command - "" = H:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\zone\command - "" = H:\goodies\mszone\zoneA600.exe
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\adobe\command - "" = H:\goodies\ar405eng.exe
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun\command - "" = H:\aocsetup.exe /autorun
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\log\command - "" = H:\goodies\machine\machine.exe -l
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\machine\command - "" = H:\goodies\machine\machine.exe
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\setup\command - "" = H:\aocsetup.exe /autorun
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\zone\command - "" = H:\goodies\mszone\zonea660.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun\command - "" = H:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\directx\command - "" = H:\DirectX\dxsetup.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dplay\command - "" = H:\DirectX\dplay61a.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxdiag\command - "" = H:\goodies\ar40eng.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxinfo\command - "" = H:\goodies\DirectX\dxinfo.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtest\command - "" = H:\DirectX\dxdiag.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtool\command - "" = H:\goodies\DirectX\dxtool.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\log\command - "" = H:\goodies\machine\machine.exe -l
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\machine\command - "" = H:\goodies\machine\machine.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\setup\command - "" = H:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\zone\command - "" = H:\goodies\mszone\zoneA600.exe
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\adobe\command - "" = H:\goodies\ar405eng.exe
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun\command - "" = H:\aocsetup.exe /autorun
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\log\command - "" = H:\goodies\machine\machine.exe -l
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\machine\command - "" = H:\goodies\machine\machine.exe
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\setup\command - "" = H:\aocsetup.exe /autorun
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\zone\command - "" = H:\goodies\mszone\zonea660.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun\command - "" = I:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\directx\command - "" = I:\DirectX\dxsetup.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dplay\command - "" = I:\DirectX\dplay61a.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxdiag\command - "" = I:\goodies\ar40eng.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxinfo\command - "" = I:\goodies\DirectX\dxinfo.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtest\command - "" = I:\DirectX\dxdiag.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtool\command - "" = I:\goodies\DirectX\dxtool.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\log\command - "" = I:\goodies\machine\machine.exe -l
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\machine\command - "" = I:\goodies\machine\machine.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\setup\command - "" = I:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\zone\command - "" = I:\goodies\mszone\zoneA600.exe
O33 - MountPoints2\{d31e09ba-d0aa-11e0-9e5a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{d31e09ba-d0aa-11e0-9e5a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d31e09ba-d0aa-11e0-9e5a-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tieauto.exe
O33 - MountPoints2\{f192614c-d016-11e0-9e58-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{f192614c-d016-11e0-9e58-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f192614c-d016-11e0-9e58-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tieauto.exe
O33 - MountPoints2\{f192614e-d016-11e0-9e58-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{f192614e-d016-11e0-9e58-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f192614e-d016-11e0-9e58-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tieauto.exe
O33 - MountPoints2\{f6423be0-4b10-11df-9d81-a99f9362871e}\Shell - "" = AutoRun
O33 - MountPoints2\{f6423be0-4b10-11df-9d81-a99f9362871e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f6423be0-4b10-11df-9d81-a99f9362871e}\Shell\AutoRun\command - "" = F:\alliance.exe
O33 - MountPoints2\{fe8092ce-d0ac-11e0-9e5b-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8092ce-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe8092ce-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tiestart.exe
O33 - MountPoints2\{fe8092d1-d0ac-11e0-9e5b-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8092d1-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe8092d1-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tiestart.exe
O33 - MountPoints2\{fe8092d3-d0ac-11e0-9e5b-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8092d3-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe8092d3-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tiestart.exe
O33 - MountPoints2\{fe8092d8-d0ac-11e0-9e5b-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8092d8-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe8092d8-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\xwingtie.exe
O33 - MountPoints2\{fe8092db-d0ac-11e0-9e5b-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8092db-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe8092db-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\xwingtie.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Setup.now.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/05 13:51:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/05 13:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/03/05 13:50:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/03/04 18:05:53 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drvc.dll
[2012/03/04 18:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPER © - by eRightSoft
[2012/03/04 18:05:52 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2012/03/04 18:05:52 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2012/03/04 18:05:51 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2012/03/04 18:05:50 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2012/03/04 18:05:50 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2012/03/04 18:05:50 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2012/03/04 18:05:49 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2012/03/04 18:05:48 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2012/03/04 18:05:46 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2012/03/04 18:05:43 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2012/03/04 18:05:42 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2012/03/04 18:05:41 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2012/02/29 18:03:45 | 000,000,000 | ---D | C] -- C:\temp
[2012/02/25 19:46:32 | 000,398,760 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2012/02/25 19:46:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[2012/02/25 19:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2012/02/25 13:21:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa Oakley\Synfig
[2012/02/25 13:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Synfig
[2012/02/25 13:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\Synfig
[2012/02/21 14:39:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa Oakley\Start Menu\Programs\KDE Release
[2012/02/16 17:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa Oakley\Local Settings\Application Data\wuaschtbrot
[2012/02/14 14:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa Oakley\My Documents\ofmiceandmenphotostory pictures
[2012/02/10 17:21:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinHTTrack
[2012/02/10 17:21:27 | 000,000,000 | ---D | C] -- C:\Program Files\WinHTTrack
[2012/02/09 12:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa Oakley\My Documents\AppSelfService.aspx_files
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/05 13:51:01 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\Desktop\ERUNT.lnk
[2012/03/05 06:41:49 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/05 06:36:31 | 000,186,910 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/03/05 06:36:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/04 16:56:49 | 000,204,288 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/04 16:02:11 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2012/02/28 12:32:43 | 000,016,007 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\My Documents\STEVE'S RESUME.odt
[2012/02/25 19:46:39 | 000,398,760 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2012/02/25 13:15:36 | 000,000,051 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\.gtkrc-2.0
[2012/02/17 14:09:51 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\.recently-used.xbel
[2012/02/16 09:51:18 | 000,252,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/16 00:04:15 | 000,494,058 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/16 00:04:15 | 000,084,602 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/15 23:52:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/14 14:46:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/12 11:15:02 | 000,021,000 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\My Documents\CORVEL CORP TRIAGE NURSE.odt
[2012/02/10 17:21:46 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\Desktop\HTTrack Website Copier.lnk
[2012/02/10 14:38:11 | 000,020,477 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\My Documents\AMERICAN SENIOR CARE.odt
[2012/02/09 14:40:42 | 000,000,158 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\My Documents\My Videos.scn
[2012/02/09 12:23:38 | 000,048,596 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\My Documents\AppSelfService.aspx.htm
[2012/02/06 13:36:54 | 000,013,868 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\My Documents\W2 problem Glenburnie Rehab.odt
[2012/02/05 13:11:05 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/05 13:51:01 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\Desktop\ERUNT.lnk
[2012/03/04 18:05:50 | 000,121,344 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.ax
[2012/03/04 18:05:50 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2012/03/04 18:05:49 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2012/03/04 18:05:47 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2012/03/04 18:05:47 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2012/03/04 18:05:44 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2012/03/04 18:05:43 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2012/03/04 18:05:42 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2012/03/04 18:05:41 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2012/03/04 18:05:41 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2012/02/28 12:32:43 | 000,016,007 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\My Documents\STEVE'S RESUME.odt
[2012/02/25 13:15:36 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\.gtkrc-2.0
[2012/02/17 14:09:51 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\.recently-used.xbel
[2012/02/12 11:15:02 | 000,021,000 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\My Documents\CORVEL CORP TRIAGE NURSE.odt
[2012/02/10 17:21:46 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\Desktop\HTTrack Website Copier.lnk
[2012/02/10 14:38:09 | 000,020,477 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\My Documents\AMERICAN SENIOR CARE.odt
[2012/02/09 14:26:31 | 000,000,158 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\My Documents\My Videos.scn
[2012/02/09 12:23:34 | 000,048,596 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\My Documents\AppSelfService.aspx.htm
[2012/02/06 13:36:54 | 000,013,868 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\My Documents\W2 problem Glenburnie Rehab.odt
[2012/01/18 21:20:44 | 000,021,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\BSecACFltr.sys
[2012/01/13 11:51:46 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\Application Data\.backup.dm
[2012/01/02 17:15:04 | 000,076,888 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/12/25 23:54:20 | 000,252,334 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/12/21 08:28:20 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/12/09 17:11:36 | 000,000,579 | ---- | C] () -- C:\WINDOWS\qtracker.INI
[2011/11/15 14:46:23 | 000,001,044 | ---- | C] () -- C:\WINDOWS\Sidplay2w.ini
[2011/11/14 18:13:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2011/11/14 14:58:51 | 000,710,374 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\Application Data\OS.8xu
[2011/11/01 15:42:07 | 000,000,734 | ---- | C] () -- C:\WINDOWS\HEGames.ini
[2011/10/29 13:41:09 | 000,065,536 | ---- | C] () -- C:\WINDOWS\TADSUINS.EXE
[2011/10/24 18:55:23 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011/10/16 18:08:05 | 000,003,244 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\Application Data\glide_wrapper.zbag.ini
[2011/10/06 21:58:44 | 000,903,888 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/10/04 14:45:11 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\Application Data\PnkBstrK.sys
[2011/10/04 14:44:44 | 000,840,264 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2011/09/24 10:50:43 | 000,000,088 | ---- | C] () -- C:\WINDOWS\EFPM.INI
[2011/09/01 12:41:19 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2011/08/26 15:02:23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/08/26 13:49:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\portaudio.dll
[2011/08/19 13:58:48 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/08/19 13:58:48 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/08/19 13:49:45 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/08/15 09:02:25 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjserv.dll
[2011/08/15 09:02:25 | 001,122,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjusb1.dll
[2011/08/15 09:02:25 | 000,630,784 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjpmui.dll
[2011/08/15 09:02:25 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjprox.dll
[2011/08/15 09:02:25 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjpplc.dll
[2011/08/15 09:02:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcjvs.dll
[2011/08/15 09:02:24 | 000,770,048 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjhbn3.dll
[2011/08/15 09:02:24 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjcomc.dll
[2011/08/15 09:02:24 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjcoms.exe
[2011/08/15 09:02:24 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjcomm.dll
[2011/08/15 09:02:24 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjih.exe
[2011/08/15 09:02:24 | 000,368,640 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjcfg.exe
[2011/08/15 09:02:23 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjlmpm.dll
[2010/06/03 17:55:06 | 000,000,042 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/02 18:43:39 | 000,000,464 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010/04/09 14:08:26 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\zmbv.dll

========== LOP Check ==========

[2011/09/25 11:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Armagetron
[2012/01/02 19:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/12/05 14:35:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/12/30 12:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2011/12/05 15:03:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/12/05 15:15:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJFAX
[2011/12/06 08:11:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2012/03/05 13:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2011/12/05 14:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup000
[2012/01/02 15:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2012/01/13 11:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2011/10/26 17:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2011/10/26 17:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio HD
[2011/10/26 17:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2011/10/26 17:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 15
[2012/01/07 19:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/19 20:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\.doomseeker
[2012/01/07 16:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\.kde
[2011/09/01 18:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Advanced Mario Sequencer
[2012/01/02 18:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Allume Systems
[2011/09/25 11:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Armagetron
[2012/01/13 18:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Audacity
[2011/08/10 19:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\bsnes
[2011/12/30 11:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Canon
[2011/10/28 13:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Enigma
[2012/01/28 15:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\gtk-2.0
[2011/08/31 09:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\id Software
[2010/09/02 12:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\ImgBurn
[2010/02/03 16:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\InfraRecorder
[2012/01/07 16:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\KDE
[2011/08/11 15:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\LibreOffice
[2011/08/22 17:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\LucasArts
[2011/05/26 19:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Mumble
[2011/09/18 17:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Mupen64Plus
[2011/08/20 10:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Neverball
[2011/12/10 18:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Nuncabola
[2011/08/19 15:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\OpenArena
[2011/10/15 19:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\OpenMPT
[2010/02/05 20:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\OpenOffice.org
[2012/01/06 19:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Pingus
[2011/08/19 17:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Quake3
[2011/12/21 09:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\RadiantSettings
[2011/10/29 19:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\ScummVM
[2011/11/24 16:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\SLADE3
[2012/01/22 18:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\smc
[2011/12/22 18:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Stella
[2011/09/23 17:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\STVEF
[2012/01/04 16:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\supertuxkart
[2012/01/02 18:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Tremulous
[2012/02/14 23:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\uTorrent
[2012/01/16 16:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\WarZone
[2011/08/19 15:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\wolfcamql
[2011/10/21 19:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\yang
[2012/03/05 06:41:49 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E9A1B25
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0888F409

< End of report >
Back to top
View user's profile Send private message
Danfun64
Junior Member


Joined: 27 Jul 2010
Last Visit: 15 Apr 2013
Posts: 16

PostPosted: Mon Mar 05, 2012 11:03 am    Post subject: Reply with quote

I successfully ran ERUNT.

OTL.txt

OTL logfile created on: 3/5/2012 1:52:57 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\Lisa Oakley\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.00 Mb Total Physical Memory | 372.93 Mb Available Physical Memory | 36.49% Memory free
2.40 Gb Paging File | 1.91 Gb Available in Paging File | 79.49% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 13.82 Gb Free Space | 37.10% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 361.86 Gb Free Space | 77.69% Space Free | Partition Type: NTFS

Computer Name: OAKLEY05 | User Name: Lisa Oakley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/05 13:51:48 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisa Oakley\My Documents\Downloads\OTL.exe
PRC - [2012/02/18 10:50:53 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/19 11:38:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/07/11 16:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011/06/25 11:59:55 | 000,161,776 | ---- | M] (Bsecure Technologies, Inc.) -- C:\Program Files\Bsecure\BsecAV.exe
PRC - [2011/06/25 11:59:34 | 000,066,344 | ---- | M] (Bsecure Technologies, Inc.) -- C:\Program Files\Bsecure\InetCtrl.exe
PRC - [2011/06/25 11:59:34 | 000,022,824 | ---- | M] () -- C:\Program Files\Bsecure\BsecAMX.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/07/25 21:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/29 15:11:56 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/02/20 10:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/18 10:50:46 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/12/09 15:54:41 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/25 11:59:37 | 000,057,128 | ---- | M] () -- C:\Program Files\Bsecure\BsecZlib.dll
MOD - [2011/06/25 11:59:34 | 000,022,824 | ---- | M] () -- C:\Program Files\Bsecure\BsecAMX.exe
MOD - [2008/12/05 16:22:48 | 000,839,680 | ---- | M] () -- C:\WINDOWS\system32\timiditydrv.dll
MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/01/29 15:05:48 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2008/01/29 15:03:28 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/12/19 11:38:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/06/25 11:59:55 | 000,161,776 | ---- | M] (Bsecure Technologies, Inc.) [Auto | Running] -- C:\Program Files\Bsecure\BsecAV.exe -- (BsecureAV)
SRV - [2011/06/25 11:59:34 | 000,066,344 | ---- | M] (Bsecure Technologies, Inc.) [Auto | Running] -- C:\Program Files\Bsecure\InetCtrl.exe -- (Bsecure)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2005/10/24 08:33:04 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcjcoms.exe -- (lxcj_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WUSB54GSCV2)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (vsc32)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (VBoxNetFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (ISLNDIS5)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/11/04 13:42:02 | 000,104,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/04/26 14:23:50 | 000,049,088 | ---- | M] (BSafe Online) [File_System | Boot | Unknown] -- C:\WINDOWS\system32\drivers\BsecFltr.sys -- (BsecureFilter)
DRV - [2010/02/05 12:40:12 | 000,021,624 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BSecACFltr.sys -- (BSecACFltr)
DRV - [2009/12/06 05:24:21 | 000,135,320 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV - [2009/11/03 22:03:56 | 000,031,808 | ---- | M] (Deon van der Westhuysen) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PPortJoy.sys -- (PPortJoystick)
DRV - [2009/11/03 22:03:56 | 000,015,936 | ---- | M] (Deon van der Westhuysen) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PPJoyBus.sys -- (PPJoyBus)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/04/13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/12/10 20:21:26 | 000,539,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/11/27 23:40:38 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/11/21 18:51:30 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/10/02 04:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/06/29 19:38:30 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/03/31 20:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007/03/23 17:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005/09/23 21:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004/02/04 09:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2003/07/16 15:40:09 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/07/16 15:40:08 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/06/30 18:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-842925246-436374069-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=Z4xdm037YYus&ptb=87C8DAD9-9D98-400A-8C06-5A2EB89CFC48&si=XXXXXXXXXX
IE - HKU\S-1-5-21-842925246-436374069-725345543-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-842925246-436374069-725345543-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-842925246-436374069-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.ixquick.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/18 10:50:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/25 19:46:26 | 000,000,000 | ---D | M]

[2011/03/12 22:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lisa Oakley\Application Data\Mozilla\Extensions
[2012/03/02 09:42:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lisa Oakley\Application Data\Mozilla\Firefox\Profiles\ztcl7rcw.default\extensions
[2011/05/26 20:28:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lisa Oakley\Application Data\Mozilla\Firefox\Profiles\ztcl7rcw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/23 22:01:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Lisa Oakley\Application Data\Mozilla\Firefox\Profiles\ztcl7rcw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/03/02 09:42:03 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Lisa Oakley\Application Data\Mozilla\Firefox\Profiles\ztcl7rcw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/09/01 18:10:47 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Documents and Settings\Lisa Oakley\Application Data\Mozilla\Firefox\Profiles\ztcl7rcw.default\extensions\coralietab@mozdev.org
[2012/03/03 10:46:55 | 000,001,590 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\Application Data\Mozilla\Firefox\Profiles\ztcl7rcw.default\searchplugins\ixquick-https.xml
[2012/03/01 14:16:58 | 000,009,634 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\Application Data\Mozilla\Firefox\Profiles\ztcl7rcw.default\searchplugins\my-web-search.xml
[2011/12/19 11:34:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\LISA OAKLEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ZTCL7RCW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\LISA OAKLEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ZTCL7RCW.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012/02/18 10:50:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/07/11 16:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/02/14 16:12:52 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/14 16:12:52 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2003/07/16 15:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CloudCare] C:\Program Files\Bsecure\BsecTray.exe (Bsecure Technologies, Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-842925246-436374069-725345543-1005..\Run: [Voobly] File not found
O4 - HKU\S-1-5-21-842925246-436374069-725345543-1005..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-436374069-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250105583375 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76F00CF9-7BFF-438E-A6E2-4E77FBB9A1A3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3CDD3A4-9D84-4B97-BFEF-1411CD48B998}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\DOCUMENTS AND SETTINGS\LISA OAKLEY\MY DOCUMENTS\PROCEXP\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009/08/10 11:03:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0c087642-4be8-11df-9d82-bb75fe3114b6}\Shell - "" = AutoRun
O33 - MountPoints2\{0c087642-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c087642-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun\command - "" = F:\alliance.exe
O33 - MountPoints2\{0c087646-4be8-11df-9d82-bb75fe3114b6}\Shell - "" = AutoRun
O33 - MountPoints2\{0c087646-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c087646-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{0c087648-4be8-11df-9d82-bb75fe3114b6}\Shell - "" = AutoRun
O33 - MountPoints2\{0c087648-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c087648-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{12b162bd-280e-11e1-9eec-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{12b162bd-280e-11e1-9eec-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{12b162bd-280e-11e1-9eec-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{170a0c22-fc19-11e0-9e9d-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{170a0c22-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{170a0c22-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\autorun\autorun.exe
O33 - MountPoints2\{170a0c26-fc19-11e0-9e9d-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{170a0c26-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{170a0c26-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\autorun\autorun.exe
O33 - MountPoints2\{170a0c27-fc19-11e0-9e9d-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{170a0c27-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{170a0c27-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\autorun\autorun.exe
O33 - MountPoints2\{1db79530-49a5-11df-9d7e-aceeac55215f}\Shell - "" = AutoRun
O33 - MountPoints2\{1db79530-49a5-11df-9d7e-aceeac55215f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1db79530-49a5-11df-9d7e-aceeac55215f}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{2a6cc000-f81d-11e0-9e96-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{2a6cc000-f81d-11e0-9e96-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a6cc000-f81d-11e0-9e96-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{393fd8dc-9d8a-11df-9dde-e7ef8e258bc1}\Shell - "" = AutoRun
O33 - MountPoints2\{393fd8dc-9d8a-11df-9dde-e7ef8e258bc1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{393fd8dc-9d8a-11df-9dde-e7ef8e258bc1}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{393fd8dd-9d8a-11df-9dde-e7ef8e258bc1}\Shell - "" = AutoRun
O33 - MountPoints2\{393fd8dd-9d8a-11df-9dde-e7ef8e258bc1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{393fd8dd-9d8a-11df-9dde-e7ef8e258bc1}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{3dc0e9ca-413e-11e1-9f10-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{3dc0e9ca-413e-11e1-9f10-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3dc0e9ca-413e-11e1-9f10-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\outlaws.exe
O33 - MountPoints2\{3dc0e9d0-413e-11e1-9f10-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{3dc0e9d0-413e-11e1-9f10-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3dc0e9d0-413e-11e1-9f10-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\outlaws.exe
O33 - MountPoints2\{3e6b2c2c-e5fd-11e0-9e7e-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{3e6b2c2c-e5fd-11e0-9e7e-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3e6b2c2c-e5fd-11e0-9e7e-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{42ad5eaa-d19d-11e0-9e63-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{42ad5eaa-d19d-11e0-9e63-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{42ad5eaa-d19d-11e0-9e63-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{45bcddcf-e6b2-11e0-9e7f-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{45bcddcf-e6b2-11e0-9e7f-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45bcddcf-e6b2-11e0-9e7f-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{45f3800c-d49c-11e0-9e67-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{45f3800c-d49c-11e0-9e67-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45f3800c-d49c-11e0-9e67-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{45f38020-d49c-11e0-9e67-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{45f38020-d49c-11e0-9e67-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45f38020-d49c-11e0-9e67-000f1f57cdbd}\Shell\AutoRun\command - "" = H:\Setup.now.exe
O33 - MountPoints2\{75081fdd-39c0-11df-9d65-a7a0cb42c7e7}\Shell - "" = AutoRun
O33 - MountPoints2\{75081fdd-39c0-11df-9d65-a7a0cb42c7e7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{75081fdd-39c0-11df-9d65-a7a0cb42c7e7}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{7b87d44c-d349-11e0-9e65-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{7b87d44c-d349-11e0-9e65-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7b87d44c-d349-11e0-9e65-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{7d7d0cc6-10e1-11df-9d2c-d06a6bfb46e9}\Shell - "" = AutoRun
O33 - MountPoints2\{7d7d0cc6-10e1-11df-9d2c-d06a6bfb46e9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7d7d0cc6-10e1-11df-9d2c-d06a6bfb46e9}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{7ddba500-4a2b-11df-9d80-a6d525802ae5}\Shell - "" = AutoRun
O33 - MountPoints2\{7ddba500-4a2b-11df-9d80-a6d525802ae5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7ddba500-4a2b-11df-9d80-a6d525802ae5}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{822c7712-12ac-11df-9d2f-881aeaa2d6f0}\Shell - "" = AutoRun
O33 - MountPoints2\{822c7712-12ac-11df-9d2f-881aeaa2d6f0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{822c7712-12ac-11df-9d2f-881aeaa2d6f0}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{86169b70-d275-11e0-9e64-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{86169b70-d275-11e0-9e64-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{86169b70-d275-11e0-9e64-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{8a11d0f0-4cb1-11df-9d83-cfe0f9edcec6}\Shell - "" = AutoRun
O33 - MountPoints2\{8a11d0f0-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a11d0f0-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{8a11d0f1-4cb1-11df-9d83-cfe0f9edcec6}\Shell - "" = AutoRun
O33 - MountPoints2\{8a11d0f1-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a11d0f1-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun\command - "" = F:\alliance.exe
O33 - MountPoints2\{8a11d0f2-4cb1-11df-9d83-cfe0f9edcec6}\Shell - "" = AutoRun
O33 - MountPoints2\{8a11d0f2-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a11d0f2-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{8a11d0f4-4cb1-11df-9d83-cfe0f9edcec6}\Shell - "" = AutoRun
O33 - MountPoints2\{8a11d0f4-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a11d0f4-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{99357521-28b3-11e1-9eee-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{99357521-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{99357521-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{99357526-28b3-11e1-9eee-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{99357526-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{99357526-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\Setup.now.exe
O33 - MountPoints2\{99357538-28b3-11e1-9eee-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{99357538-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{99357538-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\Setup.now.exe
O33 - MountPoints2\{9bdf5702-c2a2-11df-9deb-af0ff51858cc}\Shell - "" = AutoRun
O33 - MountPoints2\{9bdf5702-c2a2-11df-9deb-af0ff51858cc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9bdf5702-c2a2-11df-9deb-af0ff51858cc}\Shell\AutoRun\command - "" = F:\alliance.exe
O33 - MountPoints2\{9bdf570b-c2a2-11df-9deb-c3dcb8120470}\Shell - "" = AutoRun
O33 - MountPoints2\{9bdf570b-c2a2-11df-9deb-c3dcb8120470}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9bdf570b-c2a2-11df-9deb-c3dcb8120470}\Shell\AutoRun\command - "" = F:\tiestart.exe
O33 - MountPoints2\{9bdf570c-c2a2-11df-9deb-c3dcb8120470}\Shell - "" = AutoRun
O33 - MountPoints2\{9bdf570c-c2a2-11df-9deb-c3dcb8120470}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9bdf570c-c2a2-11df-9deb-c3dcb8120470}\Shell\AutoRun\command - "" = F:\alliance.exe
O33 - MountPoints2\{aa498b04-cf1d-11e0-9e55-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{aa498b04-cf1d-11e0-9e55-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aa498b04-cf1d-11e0-9e55-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell - "" = AutoRun
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\AutoRun\command - "" = F:\aoesetup.exe /autorun
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\directx\command - "" = F:\DirectX\dxsetup.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\dplay\command - "" = F:\DirectX\dplay61a.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\dxdiag\command - "" = F:\goodies\ar40eng.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\dxinfo\command - "" = F:\goodies\DirectX\dxinfo.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\dxtest\command - "" = F:\DirectX\dxdiag.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\dxtool\command - "" = F:\goodies\DirectX\dxtool.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\log\command - "" = F:\goodies\machine\machine.exe -l
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\machine\command - "" = F:\goodies\machine\machine.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\setup\command - "" = F:\aoesetup.exe /autorun
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\zone\command - "" = F:\goodies\mszone\zoneA600.exe
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell - "" = AutoRun
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\adobe\command - "" = F:\goodies\ar405eng.exe
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\AutoRun\command - "" = F:\aocsetup.exe /autorun
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\log\command - "" = F:\goodies\machine\machine.exe -l
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\machine\command - "" = F:\goodies\machine\machine.exe
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\setup\command - "" = F:\aocsetup.exe /autorun
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\zone\command - "" = F:\goodies\mszone\zonea660.exe
O33 - MountPoints2\{b69dee5a-d0ff-11e0-9e60-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{b69dee5a-d0ff-11e0-9e60-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b69dee5a-d0ff-11e0-9e60-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\xwingtie.exe
O33 - MountPoints2\{ce4fbdbc-cfe6-11e0-9e56-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{ce4fbdbc-cfe6-11e0-9e56-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ce4fbdbc-cfe6-11e0-9e56-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun\command - "" = H:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\directx\command - "" = H:\DirectX\dxsetup.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dplay\command - "" = H:\DirectX\dplay61a.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxdiag\command - "" = H:\goodies\ar40eng.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxinfo\command - "" = H:\goodies\DirectX\dxinfo.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtest\command - "" = H:\DirectX\dxdiag.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtool\command - "" = H:\goodies\DirectX\dxtool.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\log\command - "" = H:\goodies\machine\machine.exe -l
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\machine\command - "" = H:\goodies\machine\machine.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\setup\command - "" = H:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\zone\command - "" = H:\goodies\mszone\zoneA600.exe
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\adobe\command - "" = H:\goodies\ar405eng.exe
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun\command - "" = H:\aocsetup.exe /autorun
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\log\command - "" = H:\goodies\machine\machine.exe -l
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\machine\command - "" = H:\goodies\machine\machine.exe
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\setup\command - "" = H:\aocsetup.exe /autorun
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\zone\command - "" = H:\goodies\mszone\zonea660.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun\command - "" = H:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\directx\command - "" = H:\DirectX\dxsetup.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dplay\command - "" = H:\DirectX\dplay61a.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxdiag\command - "" = H:\goodies\ar40eng.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxinfo\command - "" = H:\goodies\DirectX\dxinfo.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtest\command - "" = H:\DirectX\dxdiag.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtool\command - "" = H:\goodies\DirectX\dxtool.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\log\command - "" = H:\goodies\machine\machine.exe -l
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\machine\command - "" = H:\goodies\machine\machine.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\setup\command - "" = H:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\zone\command - "" = H:\goodies\mszone\zoneA600.exe
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\adobe\command - "" = H:\goodies\ar405eng.exe
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun\command - "" = H:\aocsetup.exe /autorun
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\log\command - "" = H:\goodies\machine\machine.exe -l
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\machine\command - "" = H:\goodies\machine\machine.exe
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\setup\command - "" = H:\aocsetup.exe /autorun
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\zone\command - "" = H:\goodies\mszone\zonea660.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun\command - "" = I:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\directx\command - "" = I:\DirectX\dxsetup.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dplay\command - "" = I:\DirectX\dplay61a.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxdiag\command - "" = I:\goodies\ar40eng.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxinfo\command - "" = I:\goodies\DirectX\dxinfo.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtest\command - "" = I:\DirectX\dxdiag.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtool\command - "" = I:\goodies\DirectX\dxtool.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\log\command - "" = I:\goodies\machine\machine.exe -l
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\machine\command - "" = I:\goodies\machine\machine.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\setup\command - "" = I:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\zone\command - "" = I:\goodies\mszone\zoneA600.exe
O33 - MountPoints2\{d31e09ba-d0aa-11e0-9e5a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{d31e09ba-d0aa-11e0-9e5a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d31e09ba-d0aa-11e0-9e5a-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tieauto.exe
O33 - MountPoints2\{f192614c-d016-11e0-9e58-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{f192614c-d016-11e0-9e58-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f192614c-d016-11e0-9e58-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tieauto.exe
O33 - MountPoints2\{f192614e-d016-11e0-9e58-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{f192614e-d016-11e0-9e58-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f192614e-d016-11e0-9e58-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tieauto.exe
O33 - MountPoints2\{f6423be0-4b10-11df-9d81-a99f9362871e}\Shell - "" = AutoRun
O33 - MountPoints2\{f6423be0-4b10-11df-9d81-a99f9362871e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f6423be0-4b10-11df-9d81-a99f9362871e}\Shell\AutoRun\command - "" = F:\alliance.exe
O33 - MountPoints2\{fe8092ce-d0ac-11e0-9e5b-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8092ce-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe8092ce-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tiestart.exe
O33 - MountPoints2\{fe8092d1-d0ac-11e0-9e5b-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8092d1-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe8092d1-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tiestart.exe
O33 - MountPoints2\{fe8092d3-d0ac-11e0-9e5b-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8092d3-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe8092d3-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tiestart.exe
O33 - MountPoints2\{fe8092d8-d0ac-11e0-9e5b-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8092d8-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe8092d8-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\xwingtie.exe
O33 - MountPoints2\{fe8092db-d0ac-11e0-9e5b-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8092db-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe8092db-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\xwingtie.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Setup.now.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/05 13:51:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/05 13:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/03/05 13:50:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/03/04 18:05:53 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drvc.dll
[2012/03/04 18:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPER © - by eRightSoft
[2012/03/04 18:05:52 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2012/03/04 18:05:52 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2012/03/04 18:05:51 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2012/03/04 18:05:50 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2012/03/04 18:05:50 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2012/03/04 18:05:50 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2012/03/04 18:05:49 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2012/03/04 18:05:48 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2012/03/04 18:05:46 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2012/03/04 18:05:43 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2012/03/04 18:05:42 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2012/03/04 18:05:41 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2012/02/29 18:03:45 | 000,000,000 | ---D | C] -- C:\temp
[2012/02/25 19:46:32 | 000,398,760 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2012/02/25 19:46:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[2012/02/25 19:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2012/02/25 13:21:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa Oakley\Synfig
[2012/02/25 13:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Synfig
[2012/02/25 13:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\Synfig
[2012/02/21 14:39:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa Oakley\Start Menu\Programs\KDE Release
[2012/02/16 17:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa Oakley\Local Settings\Application Data\wuaschtbrot
[2012/02/14 14:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa Oakley\My Documents\ofmiceandmenphotostory pictures
[2012/02/10 17:21:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinHTTrack
[2012/02/10 17:21:27 | 000,000,000 | ---D | C] -- C:\Program Files\WinHTTrack
[2012/02/09 12:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa Oakley\My Documents\AppSelfService.aspx_files
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/05 13:51:01 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\Desktop\ERUNT.lnk
[2012/03/05 06:41:49 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/05 06:36:31 | 000,186,910 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/03/05 06:36:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/04 16:56:49 | 000,204,288 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/04 16:02:11 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2012/02/28 12:32:43 | 000,016,007 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\My Documents\STEVE'S RESUME.odt
[2012/02/25 19:46:39 | 000,398,760 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2012/02/25 13:15:36 | 000,000,051 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\.gtkrc-2.0
[2012/02/17 14:09:51 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\.recently-used.xbel
[2012/02/16 09:51:18 | 000,252,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/16 00:04:15 | 000,494,058 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/16 00:04:15 | 000,084,602 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/15 23:52:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/14 14:46:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/12 11:15:02 | 000,021,000 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\My Documents\CORVEL CORP TRIAGE NURSE.odt
[2012/02/10 17:21:46 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\Desktop\HTTrack Website Copier.lnk
[2012/02/10 14:38:11 | 000,020,477 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\My Documents\AMERICAN SENIOR CARE.odt
[2012/02/09 14:40:42 | 000,000,158 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\My Documents\My Videos.scn
[2012/02/09 12:23:38 | 000,048,596 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\My Documents\AppSelfService.aspx.htm
[2012/02/06 13:36:54 | 000,013,868 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\My Documents\W2 problem Glenburnie Rehab.odt
[2012/02/05 13:11:05 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/05 13:51:01 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\Desktop\ERUNT.lnk
[2012/03/04 18:05:50 | 000,121,344 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.ax
[2012/03/04 18:05:50 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2012/03/04 18:05:49 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2012/03/04 18:05:47 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2012/03/04 18:05:47 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2012/03/04 18:05:44 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2012/03/04 18:05:43 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2012/03/04 18:05:42 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2012/03/04 18:05:41 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2012/03/04 18:05:41 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2012/02/28 12:32:43 | 000,016,007 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\My Documents\STEVE'S RESUME.odt
[2012/02/25 13:15:36 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\.gtkrc-2.0
[2012/02/17 14:09:51 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\.recently-used.xbel
[2012/02/12 11:15:02 | 000,021,000 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\My Documents\CORVEL CORP TRIAGE NURSE.odt
[2012/02/10 17:21:46 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\Desktop\HTTrack Website Copier.lnk
[2012/02/10 14:38:09 | 000,020,477 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\My Documents\AMERICAN SENIOR CARE.odt
[2012/02/09 14:26:31 | 000,000,158 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\My Documents\My Videos.scn
[2012/02/09 12:23:34 | 000,048,596 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\My Documents\AppSelfService.aspx.htm
[2012/02/06 13:36:54 | 000,013,868 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\My Documents\W2 problem Glenburnie Rehab.odt
[2012/01/18 21:20:44 | 000,021,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\BSecACFltr.sys
[2012/01/13 11:51:46 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\Application Data\.backup.dm
[2012/01/02 17:15:04 | 000,076,888 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/12/25 23:54:20 | 000,252,334 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/12/21 08:28:20 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/12/09 17:11:36 | 000,000,579 | ---- | C] () -- C:\WINDOWS\qtracker.INI
[2011/11/15 14:46:23 | 000,001,044 | ---- | C] () -- C:\WINDOWS\Sidplay2w.ini
[2011/11/14 18:13:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2011/11/14 14:58:51 | 000,710,374 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\Application Data\OS.8xu
[2011/11/01 15:42:07 | 000,000,734 | ---- | C] () -- C:\WINDOWS\HEGames.ini
[2011/10/29 13:41:09 | 000,065,536 | ---- | C] () -- C:\WINDOWS\TADSUINS.EXE
[2011/10/24 18:55:23 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011/10/16 18:08:05 | 000,003,244 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\Application Data\glide_wrapper.zbag.ini
[2011/10/06 21:58:44 | 000,903,888 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/10/04 14:45:11 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\Application Data\PnkBstrK.sys
[2011/10/04 14:44:44 | 000,840,264 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2011/09/24 10:50:43 | 000,000,088 | ---- | C] () -- C:\WINDOWS\EFPM.INI
[2011/09/01 12:41:19 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2011/08/26 15:02:23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/08/26 13:49:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\portaudio.dll
[2011/08/19 13:58:48 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/08/19 13:58:48 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/08/19 13:49:45 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/08/15 09:02:25 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjserv.dll
[2011/08/15 09:02:25 | 001,122,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjusb1.dll
[2011/08/15 09:02:25 | 000,630,784 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjpmui.dll
[2011/08/15 09:02:25 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjprox.dll
[2011/08/15 09:02:25 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjpplc.dll
[2011/08/15 09:02:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcjvs.dll
[2011/08/15 09:02:24 | 000,770,048 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjhbn3.dll
[2011/08/15 09:02:24 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjcomc.dll
[2011/08/15 09:02:24 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjcoms.exe
[2011/08/15 09:02:24 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjcomm.dll
[2011/08/15 09:02:24 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjih.exe
[2011/08/15 09:02:24 | 000,368,640 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjcfg.exe
[2011/08/15 09:02:23 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjlmpm.dll
[2010/06/03 17:55:06 | 000,000,042 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/02 18:43:39 | 000,000,464 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010/04/09 14:08:26 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\zmbv.dll

========== LOP Check ==========

[2011/09/25 11:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Armagetron
[2012/01/02 19:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/12/05 14:35:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/12/30 12:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2011/12/05 15:03:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/12/05 15:15:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJFAX
[2011/12/06 08:11:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2012/03/05 13:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2011/12/05 14:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup000
[2012/01/02 15:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2012/01/13 11:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2011/10/26 17:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2011/10/26 17:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio HD
[2011/10/26 17:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2011/10/26 17:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 15
[2012/01/07 19:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/19 20:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\.doomseeker
[2012/01/07 16:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\.kde
[2011/09/01 18:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Advanced Mario Sequencer
[2012/01/02 18:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Allume Systems
[2011/09/25 11:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Armagetron
[2012/01/13 18:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Audacity
[2011/08/10 19:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\bsnes
[2011/12/30 11:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Canon
[2011/10/28 13:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Enigma
[2012/01/28 15:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\gtk-2.0
[2011/08/31 09:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\id Software
[2010/09/02 12:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\ImgBurn
[2010/02/03 16:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\InfraRecorder
[2012/01/07 16:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\KDE
[2011/08/11 15:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\LibreOffice
[2011/08/22 17:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\LucasArts
[2011/05/26 19:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Mumble
[2011/09/18 17:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Mupen64Plus
[2011/08/20 10:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Neverball
[2011/12/10 18:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Nuncabola
[2011/08/19 15:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\OpenArena
[2011/10/15 19:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\OpenMPT
[2010/02/05 20:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\OpenOffice.org
[2012/01/06 19:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Pingus
[2011/08/19 17:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Quake3
[2011/12/21 09:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\RadiantSettings
[2011/10/29 19:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\ScummVM
[2011/11/24 16:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\SLADE3
[2012/01/22 18:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\smc
[2011/12/22 18:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Stella
[2011/09/23 17:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\STVEF
[2012/01/04 16:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\supertuxkart
[2012/01/02 18:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Tremulous
[2012/02/14 23:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\uTorrent
[2012/01/16 16:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\WarZone
[2011/08/19 15:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\wolfcamql
[2011/10/21 19:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\yang
[2012/03/05 06:41:49 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E9A1B25
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0888F409

< End of report >
Back to top
View user's profile Send private message
Danfun64
Junior Member


Joined: 27 Jul 2010
Last Visit: 15 Apr 2013
Posts: 16

PostPosted: Mon Mar 05, 2012 11:04 am    Post subject: Reply with quote

extras.txt

OTL Extras logfile created on: 3/5/2012 1:52:57 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\Lisa Oakley\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.00 Mb Total Physical Memory | 372.93 Mb Available Physical Memory | 36.49% Memory free
2.40 Gb Paging File | 1.91 Gb Available in Paging File | 79.49% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 13.82 Gb Free Space | 37.10% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 361.86 Gb Free Space | 77.69% Space Free | Partition Type: NTFS

Computer Name: OAKLEY05 | User Name: Lisa Oakley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-842925246-436374069-725345543-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
InternetShortcut [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Open File Location] -- "explorer.exe" /select,"%1" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"27960:UDP" = 27960:UDP:*:Enabled:urban terror udp
"27960:TCP" = 27960:TCP:*:Enabled:Urban terror tcp

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Qtracker\Applications\QtUplink.exe" = C:\Program Files\Qtracker\Applications\QtUplink.exe:*:Enabled:QtUplink
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary
"C:\Program Files\Croteam\Serious Sam\Bin\SeriousSam.exe" = C:\Program Files\Croteam\Serious Sam\Bin\SeriousSam.exe:*:Enabled:SeriousSam
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:dplaysvr.exe -- (Microsoft Corporation)
"C:\Games\Descent3\main.exe" = C:\Games\Descent3\main.exe:*:Enabled:main
"C:\Documents and Settings\Lisa Oakley\My Documents\emulation\snes9x\snes9x.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\emulation\snes9x\snes9x.exe:*:Enabled:Snes9XW
"C:\Documents and Settings\Lisa Oakley\My Documents\UrbanTerror\ioq3-urt.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\UrbanTerror\ioq3-urt.exe:*:Enabled:ioq3-urt
"C:\Documents and Settings\Lisa Oakley\My Documents\wolfcamql8.3\wolfcamql.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\wolfcamql8.3\wolfcamql.exe:*:Enabled:wolfcamql
"C:\Documents and Settings\Lisa Oakley\My Documents\openarena-0.8.1\openarena.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\openarena-0.8.1\openarena.exe:*:Enabled:openarena
"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server
"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld
"C:\Games\Paintball2\paintball2.exe" = C:\Games\Paintball2\paintball2.exe:*:Enabled:Digital Paint: Paintball 2
"C:\Games\Keygrip2\quake2.exe" = C:\Games\Keygrip2\quake2.exe:*:Enabled:Digital Paint: Paintball 2
"C:\Documents and Settings\Lisa Oakley\My Documents\laser arena\LA_GL.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\laser arena\LA_GL.exe:*:Enabled:LA_GL
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Atari\Nerf\System\Nerf.exe" = C:\Program Files\Atari\Nerf\System\Nerf.exe:*:Enabled:Nerf
"C:\Documents and Settings\Lisa Oakley\My Documents\Laser Arena\LA.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\Laser Arena\LA.exe:*:Enabled:LA
"C:\Program Files\Russobit-M\Worms Armageddon\WA.exe" = C:\Program Files\Russobit-M\Worms Armageddon\WA.exe:*:Enabled:Worms Armageddon 3.6.31.0
"C:\Documents and Settings\Lisa Oakley\My Documents\Worms2\frontend.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\Worms2\frontend.exe:*:Enabled:Worms 2 Frontend
"C:\Team17\Worms2\frontend.exe" = C:\Team17\Worms2\frontend.exe:*:Enabled:Worms 2 Frontend
"C:\Documents and Settings\Lisa Oakley\My Documents\nexuiz-lite\nexuiz.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\nexuiz-lite\nexuiz.exe:*:Enabled:Nexuiz
"C:\Documents and Settings\Lisa Oakley\My Documents\Nexuiz\nexuiz.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\Nexuiz\nexuiz.exe:*:Enabled:Nexuiz
"C:\Documents and Settings\Lisa Oakley\My Documents\kurok\FitzKurok_sdl.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\kurok\FitzKurok_sdl.exe:*:Enabled:FitzKurok_sdl.exe
"C:\Documents and Settings\Lisa Oakley\My Documents\quake\ezquake-gl.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\quake\ezquake-gl.exe:*:Enabled:ezquake-gl
"C:\Documents and Settings\Lisa Oakley\My Documents\quake\glQrack.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\quake\glQrack.exe:*:Enabled:glQrack
"C:\Documents and Settings\Lisa Oakley\My Documents\proquake\glpro451.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\proquake\glpro451.exe:*:Enabled:glpro451
"C:\Program Files\Red Eclipse\bin\reclient.exe" = C:\Program Files\Red Eclipse\bin\reclient.exe:*:Enabled:reclient
"C:\Documents and Settings\Lisa Oakley\My Documents\Xonotic\xonotic.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\Xonotic\xonotic.exe:*:Enabled:DarkPlaces Game Engine
"C:\Program Files\Warsow 0.6\warsow_x86.exe" = C:\Program Files\Warsow 0.6\warsow_x86.exe:*:Enabled:Warsow
"C:\Documents and Settings\Lisa Oakley\My Documents\UrbanTerror\qtracker\qtracker.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\UrbanTerror\qtracker\qtracker.exe:*:Enabled:Qtracker
"C:\Documents and Settings\Lisa Oakley\My Documents\doom-chex\odamex\odamex.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\doom-chex\odamex\odamex.exe:*:Enabled:Odamex Client
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
"C:\Program Files\USArmy\America's Army 2\System\ArmyOps.exe" = C:\Program Files\USArmy\America's Army 2\System\ArmyOps.exe:*:Enabled:ArmyOps
"C:\Program Files\USArmy\America's Army 2\System\Server.exe" = C:\Program Files\USArmy\America's Army 2\System\Server.exe:*:Enabled:Server
"C:\Program Files\America's Army\System\ArmyOps.exe" = C:\Program Files\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps
"C:\Program Files\America's Army\System\Server.exe" = C:\Program Files\America's Army\System\Server.exe:*:Enabled:Server
"C:\UnrealTournament\System\UnrealTournament.exe" = C:\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament
"C:\UnrealGold\System\Unreal.exe" = C:\UnrealGold\System\Unreal.exe:*:Enabled:Unreal
"C:\Documents and Settings\Lisa Oakley\My Documents\megaman\skulltag.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\megaman\skulltag.exe:*:Enabled:Skulltag
"C:\Documents and Settings\Lisa Oakley\My Documents\dosbox\dosbox_release.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\dosbox\dosbox_release.exe:*:Enabled:DOSBox DOS Emulator
"C:\Documents and Settings\Lisa Oakley\My Documents\descent\d1x-rebirth-gl.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\descent\d1x-rebirth-gl.exe:*:Enabled:d1x-rebirth-gl
"C:\Documents and Settings\Lisa Oakley\My Documents\gang garrison 2\Gang Garrison 2.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\gang garrison 2\Gang Garrison 2.exe:*:Enabled:Gang Garrison 2
"C:\Program Files\DOSBox-0.74\DOSBox.exe" = C:\Program Files\DOSBox-0.74\DOSBox.exe:*:Enabled:DOSBox DOS Emulator
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe" = C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1_1.0c_1440x900.exe" = C:\Program Files\Microsoft Games\Age of Empires II\age2_x1_1.0c_1440x900.exe:*:Enabled:Age of Empires II Expansion
"C:\Program Files\Kali95\Kali.exe" = C:\Program Files\Kali95\Kali.exe:*:Enabled:Kali II (Ver 2.613)
"C:\Program Files\DOSBox-0.72\dosbox.exe" = C:\Program Files\DOSBox-0.72\dosbox.exe:*:Enabled:DOSBox DOS Emulator
"C:\Program Files\Pinnacle\Studio 15\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 15\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 15\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 15\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 15\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 15\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Documents and Settings\Lisa Oakley\My Documents\chex quest\chocolate-doom.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\chex quest\chocolate-doom.exe:*:Enabled:Chocolate Doom 1.6.0
"C:\Program Files\Steam\steamapps\danfun64\half-life 2 deathmatch\hl2.exe" = C:\Program Files\Steam\steamapps\danfun64\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2
"C:\Documents and Settings\Lisa Oakley\My Documents\SRB2\SRB2CB.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\SRB2\SRB2CB.exe:*:Enabled:SRB2 - Community Build
"C:\Documents and Settings\Lisa Oakley\My Documents\SRB2\srb2riders.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\SRB2\srb2riders.exe:*:Enabled:srb2riders
"C:\Documents and Settings\Lisa Oakley\My Documents\srb2\skulltag.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\srb2\skulltag.exe:*:Enabled:Skulltag
"C:\Documents and Settings\Lisa Oakley\My Documents\srb2\xsrb2.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\srb2\xsrb2.exe:*:Enabled:xsrb2
"C:\Documents and Settings\Lisa Oakley\My Documents\srb2\srb2win.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\srb2\srb2win.exe:*:Enabled:srb2win
"C:\Documents and Settings\Lisa Oakley\My Documents\srb2\sf94\srb2win.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\srb2\sf94\srb2win.exe:*:Enabled:srb2win
"C:\Documents and Settings\Lisa Oakley\My Documents\srb2\riders\srb2riders.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\srb2\riders\srb2riders.exe:*:Enabled:srb2riders
"C:\Documents and Settings\Lisa Oakley\My Documents\srb2\sf94\SRB2CB.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\srb2\sf94\SRB2CB.exe:*:Enabled:SRB2CB
"C:\Documents and Settings\Lisa Oakley\My Documents\Keygrip\Paintball2\quake2.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\Keygrip\Paintball2\quake2.exe:*:Enabled:Digital Paint: Paintball 2
"C:\Documents and Settings\Lisa Oakley\My Documents\qtracker noinstall\qtracker.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\qtracker noinstall\qtracker.exe:*:Enabled:Qtracker
"C:\Documents and Settings\Lisa Oakley\My Documents\UrbanTerror\ioUrTded.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\UrbanTerror\ioUrTded.exe:*:Enabled:ioUrTded
"C:\Documents and Settings\Lisa Oakley\My Documents\normandy\egl.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\normandy\egl.exe:*:Enabled:egl
"C:\Team17\Worms World Party\CutWorm\CutWorm.exe" = C:\Team17\Worms World Party\CutWorm\CutWorm.exe:*:Enabled:CutWorm
"C:\Program Files\Armagetron Advanced\armagetronad.exe" = C:\Program Files\Armagetron Advanced\armagetronad.exe:*:Enabled:armagetronad
"C:\Documents and Settings\Lisa Oakley\My Documents\Marathon Saga\Marathon (A1)\Marathon.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\Marathon Saga\Marathon (A1)\Marathon.exe:*:Enabled:Marathon (A1)
"C:\Program Files\Qtracker\qtracker.exe" = C:\Program Files\Qtracker\qtracker.exe:*:Enabled:Qtracker
"C:\Program Files\Tremulous\tremulous-gpp.exe" = C:\Program Files\Tremulous\tremulous-gpp.exe:*:Enabled:tremulous-gpp
"C:\Documents and Settings\Lisa Oakley\My Documents\chocolate doom\chocolate-doom.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\chocolate doom\chocolate-doom.exe:*:Enabled:Chocolate Doom 1.6.0
"C:\Documents and Settings\Lisa Oakley\My Documents\chex quest and chibi rebellion\chex quest\skulltag.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\chex quest and chibi rebellion\chex quest\skulltag.exe:*:Enabled:Skulltag
"C:\Documents and Settings\Lisa Oakley\My Documents\chibi rebellion and srb2\srb2 sf94\srb2win.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\chibi rebellion and srb2\srb2 sf94\srb2win.exe:*:Enabled:srb2win
"C:\Documents and Settings\Lisa Oakley\My Documents\chibi rebellion and srb2\srb2 vanilla\srb2win.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\chibi rebellion and srb2\srb2 vanilla\srb2win.exe:*:Enabled:srb2win
"C:\Documents and Settings\Lisa Oakley\My Documents\chibi rebellion and srb2\xsrb2 sf94\xsrb2.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\chibi rebellion and srb2\xsrb2 sf94\xsrb2.exe:*:Enabled:xsrb2
"C:\Documents and Settings\Lisa Oakley\My Documents\chibi rebellion and srb2\xsrb2\xsrb2.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\chibi rebellion and srb2\xsrb2\xsrb2.exe:*:Enabled:xsrb2
"C:\Documents and Settings\Lisa Oakley\My Documents\chibi rebellion and srb2\srb2 mansion\srb2win.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\chibi rebellion and srb2\srb2 mansion\srb2win.exe:*:Enabled:srb2win
"C:\Documents and Settings\Lisa Oakley\My Documents\chibi rebellion and srb2\srb2cb\SRB2CB.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\chibi rebellion and srb2\srb2cb\SRB2CB.exe:*:Enabled:SRB2 - Community Build
"C:\Program Files\LucasArts\Outlaws\olwin.exe" = C:\Program Files\LucasArts\Outlaws\olwin.exe:*:Enabled:Outlaws
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam
"C:\Program Files\Bsecure\InetCtrl.exe" = C:\Program Files\Bsecure\InetCtrl.exe:*:Enabled:CloudCare -- (Bsecure Technologies, Inc.)
"C:\Documents and Settings\Lisa Oakley\My Documents\srb2 kart\srb2kart.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\srb2 kart\srb2kart.exe:*:Enabled:srb2kart
"C:\Program Files\Java\jre7\bin\javaw.exe" = C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"C:\Documents and Settings\Lisa Oakley\My Documents\srb2\srb2cb\SRB2CB.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\srb2\srb2cb\SRB2CB.exe:*:Enabled:SRB2 - Community Build


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E41365-84F3-4599-8F0F-6FAD653301A6}" = e-Sword
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series" = Canon MX410 series MP Drivers
"{1362E602-9625-42D3-B57F-CDA9D26F9DA8}" = Pinnacle Studio 15
"{18FC2A03-B955-4F92-8A56-B6E37A9AEBEA}" = Mission Pack
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3456
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java(TM) 7 Update 2
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A0604C2-807A-11DB-8DF8-00508DD5B6B9}" = Microsoft Mike and Mary TTS Engines 5.1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{586BE0D1-6175-4F0F-A072-951CFE0D7AF6}" = NDS GBM GBA Movie Player(M3) Converter Crystal Ver1.21
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{67903736-E9BB-4664-B148-F62BCAB4FA42}_is1" = OpenMPT 1.19
"{6B3DA87F-FDB5-43C9-887D-72547C0C5EB5}" = LibreOffice 3.4 Help Pack (English)
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.50 (February 21st, 2012) version v2012.buil
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{EC6B304A-044A-46AE-B761-D1202720D93A}" = VOB2MPG v3
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F1161EC6-7CC1-4D9F-83F6-8839C17019C2}" = LibreOffice 3.4
"{FC030CB5-46A6-4229-AD6E-0AC869F509C8}" = Pinnacle Studio Bonus Content
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.22beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AnyToISO_is1" = AnyToISO
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AviSynth" = AviSynth 2.5
"Canon MX410 series User Registration" = Canon MX410 series User Registration
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"CloudCare" = CloudCare
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"Defraggler" = Defraggler
"DivXLand Media Subtitler" = DivXLand Media Subtitler
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"Fraps" = Fraps (remove only)
"HyperCam 2" = HyperCam 2
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InfraRecorder" = InfraRecorder
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"M3 GAME Manager" = M3 GAME Manager Uninstall
"MASH_is1" = MASH
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PPJoy Joystick Driver" = PPJoy Joystick Driver 0.8.4.5
"qt7lite_is1" = QT Lite 2.9.0
"RADVideo" = RAD Video Tools
"secretmaryo" = Secret Maryo Chronicles
"secretmaryo_music" = Secret Maryo Chronicles Music Pack
"sfArk" = sfArk
"Sound Club" = Sound Club
"Speakonia_is1" = Speakonia
"Speed Dial Utility" = Canon Speed Dial Utility
"synfigstudio" = Synfig Studio
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Universal Extractor_is1" = Universal Extractor 1.6.1
"uTorrent" = µTorrent
"Winamp" = Winamp
"WinCDEmu" = WinCDEmu
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-4
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"yuls" = YULS -- YUVsoft's lossless video codec (Remove Only)
"ZMBV" = Zip Motion Block Video codec (Remove Only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-842925246-436374069-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Chromium" = Chromium
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/9/2012 3:57:10 PM | Computer Name = OAKLEY05 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 2/9/2012 5:45:14 PM | Computer Name = OAKLEY05 | Source = Application Error | ID = 1000
Description = Faulting application mpc-hc.exe, version 1.5.2.3456, faulting module
mpc-hc.exe, version 1.5.2.3456, fault address 0x005d3234.

Error - 2/16/2012 10:53:29 AM | Computer Name = OAKLEY05 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 2/18/2012 5:01:22 PM | Computer Name = OAKLEY05 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 2/22/2012 3:16:26 PM | Computer Name = OAKLEY05 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 2/22/2012 8:03:13 PM | Computer Name = OAKLEY05 | Source = Application Hang | ID = 1002
Description = Hanging application mpc-hc.exe, version 1.5.2.3456, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/22/2012 8:03:48 PM | Computer Name = OAKLEY05 | Source = Application Hang | ID = 1002
Description = Hanging application mpc-hc.exe, version 1.5.2.3456, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/23/2012 3:26:27 PM | Computer Name = OAKLEY05 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/3/2012 4:11:42 PM | Computer Name = OAKLEY05 | Source = Application Error | ID = 1000
Description = Faulting application imagompeg-muxer.exe, version 1.0.1.0, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.

Error - 3/4/2012 7:03:38 PM | Computer Name = OAKLEY05 | Source = Application Error | ID = 1000
Description = Faulting application is-2ib26.tmp.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00eb4123.

[ System Events ]
Error - 3/1/2012 1:00:29 AM | Computer Name = OAKLEY05 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f0102: Security Update for Windows XP Service Pack 3 (KB952069).

Error - 3/1/2012 1:00:30 AM | Computer Name = OAKLEY05 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f0102: Security Update for Windows Media Format Runtime 9, 9.5
& 11 for Windows XP SP3 (KB978695).

Error - 3/2/2012 12:53:10 AM | Computer Name = OAKLEY05 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f0102: Security Update for Windows XP Service Pack 3 (KB952069).

Error - 3/2/2012 12:53:12 AM | Computer Name = OAKLEY05 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f0102: Security Update for Windows Media Format Runtime 9, 9.5
& 11 for Windows XP SP3 (KB978695).

Error - 3/3/2012 12:38:30 AM | Computer Name = OAKLEY05 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f0102: Security Update for Windows XP Service Pack 3 (KB952069).

Error - 3/3/2012 12:38:31 AM | Computer Name = OAKLEY05 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f0102: Security Update for Windows Media Format Runtime 9, 9.5
& 11 for Windows XP SP3 (KB978695).

Error - 3/4/2012 12:58:04 AM | Computer Name = OAKLEY05 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f0102: Security Update for Windows XP Service Pack 3 (KB952069).

Error - 3/4/2012 12:58:05 AM | Computer Name = OAKLEY05 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f0102: Security Update for Windows Media Format Runtime 9, 9.5
& 11 for Windows XP SP3 (KB978695).

Error - 3/5/2012 2:00:06 AM | Computer Name = OAKLEY05 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f0102: Security Update for Windows XP Service Pack 3 (KB952069).

Error - 3/5/2012 2:00:08 AM | Computer Name = OAKLEY05 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f0102: Security Update for Windows Media Format Runtime 9, 9.5
& 11 for Windows XP SP3 (KB978695).


< End of report >
Back to top
View user's profile Send private message
Danfun64
Junior Member


Joined: 27 Jul 2010
Last Visit: 15 Apr 2013
Posts: 16

PostPosted: Mon Mar 05, 2012 11:06 am    Post subject: Reply with quote

TDSSKiller log

14:04:55.0390 0792 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
14:04:55.0812 0792 ============================================================
14:04:55.0812 0792 Current date / time: 2012/03/05 14:04:55.0812
14:04:55.0812 0792 SystemInfo:
14:04:55.0812 0792
14:04:55.0812 0792 OS Version: 5.1.2600 ServicePack: 3.0
14:04:55.0812 0792 Product type: Workstation
14:04:55.0812 0792 ComputerName: OAKLEY05
14:04:55.0812 0792 UserName: Lisa Oakley
14:04:55.0812 0792 Windows directory: C:\WINDOWS
14:04:55.0812 0792 System windows directory: C:\WINDOWS
14:04:55.0812 0792 Processor architecture: Intel x86
14:04:55.0812 0792 Number of processors: 1
14:04:55.0812 0792 Page size: 0x1000
14:04:55.0812 0792 Boot type: Normal boot
14:04:55.0812 0792 ============================================================
14:04:59.0500 0792 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:05:09.0546 0792 Drive \Device\Harddisk1\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:05:09.0546 0792 \Device\Harddisk0\DR0:
14:05:09.0578 0792 MBR used
14:05:09.0578 0792 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A7D53F
14:05:09.0578 0792 \Device\Harddisk1\DR2:
14:05:09.0578 0792 MBR used
14:05:09.0578 0792 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385030
14:05:09.0640 0792 Initialize success
14:05:09.0640 0792 ============================================================
14:05:19.0453 0388 ============================================================
14:05:19.0453 0388 Scan started
14:05:19.0453 0388 Mode: Manual; TDLFS;
14:05:19.0453 0388 ============================================================
14:05:19.0828 0388 Abiosdsk - ok
14:05:19.0906 0388 abp480n5 - ok
14:05:20.0046 0388 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:05:20.0062 0388 ACPI - ok
14:05:20.0281 0388 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:05:20.0281 0388 ACPIEC - ok
14:05:20.0390 0388 adpu160m - ok
14:05:20.0515 0388 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
14:05:20.0515 0388 aeaudio - ok
14:05:20.0796 0388 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:05:20.0828 0388 aec - ok
14:05:21.0109 0388 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:05:21.0125 0388 AFD - ok
14:05:21.0203 0388 Aha154x - ok
14:05:21.0265 0388 aic78u2 - ok
14:05:21.0296 0388 aic78xx - ok
14:05:21.0343 0388 AliIde - ok
14:05:21.0375 0388 amsint - ok
14:05:21.0421 0388 asc - ok
14:05:21.0453 0388 asc3350p - ok
14:05:21.0484 0388 asc3550 - ok
14:05:21.0593 0388 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:05:21.0593 0388 AsyncMac - ok
14:05:21.0703 0388 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:05:21.0703 0388 atapi - ok
14:05:21.0750 0388 Atdisk - ok
14:05:21.0890 0388 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:05:21.0890 0388 Atmarpc - ok
14:05:22.0015 0388 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:05:22.0015 0388 audstub - ok
14:05:22.0203 0388 BazisVirtualCDBus (1ef9532bf34f56281f557938038505f4) C:\WINDOWS\system32\DRIVERS\BazisVirtualCDBus.sys
14:05:22.0203 0388 BazisVirtualCDBus - ok
14:05:22.0375 0388 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
14:05:22.0375 0388 bcm4sbxp - ok
14:05:22.0546 0388 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:05:22.0546 0388 Beep - ok
14:05:22.0656 0388 BSecACFltr (c9aff970593e598b896f22898d768105) C:\WINDOWS\system32\DRIVERS\BSecACFltr.sys
14:05:22.0671 0388 BSecACFltr - ok
14:05:22.0828 0388 BsecureFilter (0a00fd8d22ecf4031964414f699b7bbd) C:\WINDOWS\system32\drivers\BsecFltr.sys
14:05:22.0828 0388 BsecureFilter - ok
14:05:22.0968 0388 btaudio (b6e16da77eafe84a8c5bc44784feeaea) C:\WINDOWS\system32\drivers\btaudio.sys
14:05:23.0000 0388 btaudio - ok
14:05:23.0171 0388 BTDriver (58a49bd10e08d3d4333a60dedcb1ced8) C:\WINDOWS\system32\DRIVERS\btport.sys
14:05:23.0171 0388 BTDriver - ok
14:05:23.0312 0388 BTKRNL (ef5e0de0a7ca2977a9255f36f4d915ab) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
14:05:23.0359 0388 BTKRNL - ok
14:05:23.0562 0388 BTWDNDIS (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
14:05:23.0562 0388 BTWDNDIS - ok
14:05:23.0703 0388 btwhid (e48668b4a6a5cf68b33aecad18ee8e1e) C:\WINDOWS\system32\DRIVERS\btwhid.sys
14:05:23.0703 0388 btwhid - ok
14:05:23.0875 0388 BTWUSB (053dc5be74621b63bb48c2b86bafc7b0) C:\WINDOWS\system32\Drivers\btwusb.sys
14:05:23.0875 0388 BTWUSB - ok
14:05:24.0031 0388 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:05:24.0031 0388 cbidf2k - ok
14:05:24.0171 0388 cd20xrnt - ok
14:05:24.0281 0388 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:05:24.0281 0388 Cdaudio - ok
14:05:24.0453 0388 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:05:24.0453 0388 Cdfs - ok
14:05:24.0515 0388 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:05:24.0515 0388 Cdrom - ok
14:05:24.0625 0388 Changer - ok
14:05:24.0750 0388 CmdIde - ok
14:05:24.0812 0388 Cpqarray - ok
14:05:24.0875 0388 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
14:05:24.0875 0388 cpuz135 - ok
14:05:25.0000 0388 dac2w2k - ok
14:05:25.0046 0388 dac960nt - ok
14:05:25.0140 0388 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:05:25.0140 0388 Disk - ok
14:05:25.0312 0388 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:05:25.0343 0388 dmboot - ok
14:05:25.0531 0388 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:05:25.0546 0388 dmio - ok
14:05:25.0656 0388 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:05:25.0656 0388 dmload - ok
14:05:25.0796 0388 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:05:25.0796 0388 DMusic - ok
14:05:25.0921 0388 dpti2o - ok
14:05:26.0015 0388 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:05:26.0015 0388 drmkaud - ok
14:05:26.0203 0388 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:05:26.0218 0388 Fastfat - ok
14:05:26.0343 0388 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:05:26.0343 0388 Fdc - ok
14:05:26.0453 0388 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:05:26.0453 0388 Fips - ok
14:05:26.0593 0388 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:05:26.0593 0388 Flpydisk - ok
14:05:26.0734 0388 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:05:26.0734 0388 FltMgr - ok
14:05:26.0921 0388 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:05:26.0921 0388 Fs_Rec - ok
14:05:27.0093 0388 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:05:27.0109 0388 Ftdisk - ok
14:05:27.0203 0388 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:05:27.0203 0388 Gpc - ok
14:05:27.0375 0388 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
14:05:27.0375 0388 hamachi - ok
14:05:27.0531 0388 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:05:27.0531 0388 hidusb - ok
14:05:27.0703 0388 hpn - ok
14:05:27.0828 0388 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:05:27.0843 0388 HTTP - ok
14:05:27.0968 0388 i2omgmt - ok
14:05:28.0015 0388 i2omp - ok
14:05:28.0093 0388 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:05:28.0093 0388 i8042prt - ok
14:05:28.0234 0388 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:05:28.0234 0388 Imapi - ok
14:05:28.0328 0388 ini910u - ok
14:05:28.0437 0388 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:05:28.0437 0388 IntelIde - ok
14:05:28.0500 0388 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:05:28.0500 0388 intelppm - ok
14:05:28.0640 0388 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:05:28.0640 0388 ip6fw - ok
14:05:28.0750 0388 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:05:28.0750 0388 IpFilterDriver - ok
14:05:28.0875 0388 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:05:28.0890 0388 IpInIp - ok
14:05:29.0046 0388 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:05:29.0046 0388 IpNat - ok
14:05:29.0156 0388 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:05:29.0156 0388 IPSec - ok
14:05:29.0250 0388 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:05:29.0250 0388 IRENUM - ok
14:05:29.0406 0388 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:05:29.0406 0388 isapnp - ok
14:05:29.0609 0388 ISLNDIS5 - ok
14:05:29.0781 0388 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:05:29.0781 0388 Kbdclass - ok
14:05:29.0875 0388 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:05:29.0890 0388 kbdhid - ok
14:05:30.0062 0388 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:05:30.0062 0388 kmixer - ok
14:05:30.0218 0388 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:05:30.0234 0388 KSecDD - ok
14:05:30.0343 0388 lbrtfdc - ok
14:05:30.0531 0388 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
14:05:30.0531 0388 MarvinBus - ok
14:05:30.0703 0388 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:05:30.0703 0388 mnmdd - ok
14:05:30.0812 0388 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:05:30.0812 0388 Modem - ok
14:05:30.0968 0388 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:05:30.0968 0388 Mouclass - ok
14:05:31.0046 0388 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:05:31.0046 0388 mouhid - ok
14:05:31.0218 0388 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:05:31.0218 0388 MountMgr - ok
14:05:31.0343 0388 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
14:05:31.0343 0388 MpFilter - ok
14:05:31.0453 0388 mraid35x - ok
14:05:31.0578 0388 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:05:31.0593 0388 MRxDAV - ok
14:05:31.0765 0388 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:05:31.0781 0388 MRxSmb - ok
14:05:31.0953 0388 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:05:31.0953 0388 Msfs - ok
14:05:32.0062 0388 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:05:32.0062 0388 MSKSSRV - ok
14:05:32.0171 0388 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:05:32.0171 0388 MSPCLOCK - ok
14:05:32.0218 0388 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:05:32.0218 0388 MSPQM - ok
14:05:32.0390 0388 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:05:32.0406 0388 mssmbios - ok
14:05:32.0562 0388 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:05:32.0562 0388 Mup - ok
14:05:32.0750 0388 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:05:32.0765 0388 NDIS - ok
14:05:32.0859 0388 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:05:32.0859 0388 NdisTapi - ok
14:05:32.0968 0388 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:05:32.0968 0388 Ndisuio - ok
14:05:33.0093 0388 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:05:33.0093 0388 NdisWan - ok
14:05:33.0218 0388 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:05:33.0218 0388 NDProxy - ok
14:05:33.0375 0388 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:05:33.0375 0388 NetBIOS - ok
14:05:33.0468 0388 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:05:33.0468 0388 NetBT - ok
14:05:33.0718 0388 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:05:33.0718 0388 Npfs - ok
14:05:33.0796 0388 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:05:33.0828 0388 Ntfs - ok
14:05:34.0000 0388 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:05:34.0000 0388 Null - ok
14:05:34.0390 0388 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:05:34.0656 0388 nv - ok
14:05:34.0812 0388 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:05:34.0812 0388 NwlnkFlt - ok
14:05:34.0906 0388 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:05:34.0906 0388 NwlnkFwd - ok
14:05:35.0078 0388 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
14:05:35.0078 0388 NwlnkIpx - ok
14:05:35.0234 0388 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
14:05:35.0250 0388 NwlnkNb - ok
14:05:35.0406 0388 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
14:05:35.0406 0388 NwlnkSpx - ok
14:05:35.0546 0388 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
14:05:35.0546 0388 OMCI - ok
14:05:35.0671 0388 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:05:35.0671 0388 Parport - ok
14:05:35.0796 0388 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:05:35.0796 0388 PartMgr - ok
14:05:35.0906 0388 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:05:35.0906 0388 ParVdm - ok
14:05:36.0062 0388 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:05:36.0062 0388 PCI - ok
14:05:36.0171 0388 PCIDump - ok
14:05:36.0343 0388 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
14:05:36.0343 0388 PCIIde - ok
14:05:36.0421 0388 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:05:36.0437 0388 Pcmcia - ok
14:05:36.0546 0388 PDCOMP - ok
14:05:36.0609 0388 PDFRAME - ok
14:05:36.0671 0388 PDRELI - ok
14:05:36.0703 0388 PDRFRAME - ok
14:05:36.0734 0388 perc2 - ok
14:05:36.0765 0388 perc2hib - ok
14:05:36.0937 0388 PPJoyBus (951d0d3ab7abe3bd82941a77976618d2) C:\WINDOWS\system32\DRIVERS\PPJoyBus.sys
14:05:36.0937 0388 PPJoyBus - ok
14:05:37.0140 0388 PPortJoystick (1e3297cd9bc0c0bc1770a2fb606dba9d) C:\WINDOWS\system32\DRIVERS\PPortJoy.sys
14:05:37.0156 0388 PPortJoystick - ok
14:05:37.0265 0388 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:05:37.0265 0388 PptpMiniport - ok
14:05:37.0437 0388 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
14:05:37.0437 0388 Processor - ok
14:05:37.0562 0388 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:05:37.0562 0388 PSched - ok
14:05:37.0718 0388 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:05:37.0718 0388 Ptilink - ok
14:05:37.0812 0388 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:05:37.0812 0388 PxHelp20 - ok
14:05:37.0937 0388 ql1080 - ok
14:05:38.0000 0388 Ql10wnt - ok
14:05:38.0093 0388 ql12160 - ok
14:05:38.0156 0388 ql1240 - ok
14:05:38.0250 0388 ql1280 - ok
14:05:38.0359 0388 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:05:38.0359 0388 RasAcd - ok
14:05:38.0546 0388 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:05:38.0546 0388 Rasl2tp - ok
14:05:38.0656 0388 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:05:38.0656 0388 RasPppoe - ok
14:05:38.0765 0388 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:05:38.0765 0388 Raspti - ok
14:05:38.0937 0388 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:05:38.0937 0388 Rdbss - ok
14:05:39.0093 0388 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:05:39.0093 0388 RDPCDD - ok
14:05:39.0265 0388 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:05:39.0281 0388 RDPWD - ok
14:05:39.0468 0388 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:05:39.0468 0388 redbook - ok
14:05:39.0609 0388 RT73 (4f153709d0691c6de8c9a4c5e813907c) C:\WINDOWS\system32\DRIVERS\rt73.sys
14:05:39.0640 0388 RT73 - ok
14:05:39.0828 0388 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:05:39.0828 0388 Secdrv - ok
14:05:39.0968 0388 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:05:39.0968 0388 serenum - ok
14:05:40.0078 0388 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:05:40.0078 0388 Serial - ok
14:05:40.0250 0388 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:05:40.0250 0388 Sfloppy - ok
14:05:40.0375 0388 Simbad - ok
14:05:40.0531 0388 smwdm (99a9e1ef62f955c82a5001ac94b4b77b) C:\WINDOWS\system32\drivers\smwdm.sys
14:05:40.0546 0388 smwdm - ok
14:05:40.0656 0388 Sparrow - ok
14:05:40.0781 0388 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:05:40.0781 0388 splitter - ok
14:05:40.0890 0388 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:05:40.0906 0388 sr - ok
14:05:41.0093 0388 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:05:41.0140 0388 Srv - ok
14:05:41.0328 0388 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:05:41.0328 0388 swenum - ok
14:05:41.0390 0388 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:05:41.0390 0388 swmidi - ok
14:05:41.0500 0388 symc810 - ok
14:05:41.0531 0388 symc8xx - ok
14:05:41.0562 0388 sym_hi - ok
14:05:41.0593 0388 sym_u3 - ok
14:05:41.0703 0388 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:05:41.0703 0388 sysaudio - ok
14:05:41.0937 0388 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:05:41.0953 0388 Tcpip - ok
14:05:42.0109 0388 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:05:42.0109 0388 TDPIPE - ok
14:05:42.0218 0388 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:05:42.0218 0388 TDTCP - ok
14:05:42.0328 0388 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:05:42.0328 0388 TermDD - ok
14:05:42.0437 0388 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) C:\WINDOWS\system32\drivers\tiehdusb.sys
14:05:42.0437 0388 TIEHDUSB - ok
14:05:42.0546 0388 TosIde - ok
14:05:42.0671 0388 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:05:42.0687 0388 Udfs - ok
14:05:42.0781 0388 ultra - ok
14:05:42.0906 0388 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:05:42.0937 0388 Update - ok
14:05:43.0109 0388 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:05:43.0109 0388 usbccgp - ok
14:05:43.0234 0388 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:05:43.0234 0388 usbehci - ok
14:05:43.0328 0388 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:05:43.0328 0388 usbhub - ok
14:05:43.0484 0388 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:05:43.0484 0388 usbprint - ok
14:05:43.0593 0388 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:05:43.0593 0388 usbscan - ok
14:05:43.0703 0388 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:05:43.0703 0388 USBSTOR - ok
14:05:43.0875 0388 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:05:43.0875 0388 usbuhci - ok
14:05:43.0968 0388 VBoxNetAdp (a471884d136dce3cec878ddab5acaebe) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
14:05:43.0968 0388 VBoxNetAdp - ok
14:05:44.0062 0388 VBoxNetFlt - ok
14:05:44.0171 0388 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:05:44.0171 0388 VgaSave - ok
14:05:44.0218 0388 ViaIde - ok
14:05:44.0296 0388 VMnetAdapter - ok
14:05:44.0421 0388 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:05:44.0421 0388 VolSnap - ok
14:05:44.0468 0388 vsc32 - ok
14:05:44.0625 0388 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:05:44.0625 0388 Wanarp - ok
14:05:44.0687 0388 WDICA - ok
14:05:44.0859 0388 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:05:44.0859 0388 wdmaud - ok
14:05:45.0109 0388 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:05:45.0109 0388 WS2IFSL - ok
14:05:45.0265 0388 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:05:45.0281 0388 WudfPf - ok
14:05:45.0453 0388 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:05:45.0453 0388 WudfRd - ok
14:05:45.0546 0388 WUSB54GSCV2 - ok
14:05:45.0687 0388 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:05:46.0078 0388 \Device\Harddisk0\DR0 - ok
14:05:46.0437 0388 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR2
14:05:46.0625 0388 \Device\Harddisk1\DR2 - ok
14:05:46.0640 0388 Boot (0x1200) (692c92c0ff7c6c0babba789612fcf653) \Device\Harddisk0\DR0\Partition0
14:05:46.0640 0388 \Device\Harddisk0\DR0\Partition0 - ok
14:05:46.0671 0388 Boot (0x1200) (80bc17dc7ee26e8576cd4814feb96197) \Device\Harddisk1\DR2\Partition0
14:05:46.0687 0388 \Device\Harddisk1\DR2\Partition0 - ok
14:05:46.0687 0388 ============================================================
14:05:46.0687 0388 Scan finished
14:05:46.0687 0388 ============================================================
14:05:46.0734 4052 Detected object count: 0
14:05:46.0734 4052 Actual detected object count: 0
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Sep 2014
Posts: 9979
Location: Yorkshire

PostPosted: Mon Mar 05, 2012 3:17 pm    Post subject: Reply with quote

OK, let's get started cleaning up your computer.

Please go to Control Panel > Add/Remove Programs and Uninstall the following:

Quote:
Coupon Printer for Windows
µTorrent


Although Coupon Printer for Windows isn't out and out malware, it is an undesirable program and usually installed using dubious practices .... http://www.benedelman.org/news/082807-1.html

Use of P2P programs is the quickest way to pick up an infection that I know of .... http://spywarewarrior.com/viewtopic.php?p=166646#166646

Reboot your computer when finished

Next


  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.

Code:
:Reg
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-842925246-436374069-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=Z4xdm037YYus&ptb=87C8DAD9-9D98-400A-8C06-5A2EB89CFC48&si=XXXXXXXXXX
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-842925246-436374069-725345543-1005..\Run: [Voobly] File not found
O33 - MountPoints2\{0c087642-4be8-11df-9d82-bb75fe3114b6}\Shell - "" = AutoRun
O33 - MountPoints2\{0c087642-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c087642-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun\command - "" = F:\alliance.exe
O33 - MountPoints2\{0c087646-4be8-11df-9d82-bb75fe3114b6}\Shell - "" = AutoRun
O33 - MountPoints2\{0c087646-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c087646-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{0c087648-4be8-11df-9d82-bb75fe3114b6}\Shell - "" = AutoRun
O33 - MountPoints2\{0c087648-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c087648-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{12b162bd-280e-11e1-9eec-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{12b162bd-280e-11e1-9eec-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{12b162bd-280e-11e1-9eec-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{170a0c22-fc19-11e0-9e9d-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{170a0c22-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{170a0c22-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\autorun\autorun.exe
O33 - MountPoints2\{170a0c26-fc19-11e0-9e9d-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{170a0c26-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{170a0c26-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\autorun\autorun.exe
O33 - MountPoints2\{170a0c27-fc19-11e0-9e9d-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{170a0c27-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{170a0c27-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\autorun\autorun.exe
O33 - MountPoints2\{1db79530-49a5-11df-9d7e-aceeac55215f}\Shell - "" = AutoRun
O33 - MountPoints2\{1db79530-49a5-11df-9d7e-aceeac55215f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1db79530-49a5-11df-9d7e-aceeac55215f}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{2a6cc000-f81d-11e0-9e96-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{2a6cc000-f81d-11e0-9e96-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a6cc000-f81d-11e0-9e96-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{393fd8dc-9d8a-11df-9dde-e7ef8e258bc1}\Shell - "" = AutoRun
O33 - MountPoints2\{393fd8dc-9d8a-11df-9dde-e7ef8e258bc1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{393fd8dc-9d8a-11df-9dde-e7ef8e258bc1}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{393fd8dd-9d8a-11df-9dde-e7ef8e258bc1}\Shell - "" = AutoRun
O33 - MountPoints2\{393fd8dd-9d8a-11df-9dde-e7ef8e258bc1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{393fd8dd-9d8a-11df-9dde-e7ef8e258bc1}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{3dc0e9ca-413e-11e1-9f10-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{3dc0e9ca-413e-11e1-9f10-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3dc0e9ca-413e-11e1-9f10-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\outlaws.exe
O33 - MountPoints2\{3dc0e9d0-413e-11e1-9f10-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{3dc0e9d0-413e-11e1-9f10-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3dc0e9d0-413e-11e1-9f10-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\outlaws.exe
O33 - MountPoints2\{3e6b2c2c-e5fd-11e0-9e7e-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{3e6b2c2c-e5fd-11e0-9e7e-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3e6b2c2c-e5fd-11e0-9e7e-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{42ad5eaa-d19d-11e0-9e63-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{42ad5eaa-d19d-11e0-9e63-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{42ad5eaa-d19d-11e0-9e63-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{45bcddcf-e6b2-11e0-9e7f-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{45bcddcf-e6b2-11e0-9e7f-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45bcddcf-e6b2-11e0-9e7f-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{45f3800c-d49c-11e0-9e67-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{45f3800c-d49c-11e0-9e67-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45f3800c-d49c-11e0-9e67-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{45f38020-d49c-11e0-9e67-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{45f38020-d49c-11e0-9e67-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45f38020-d49c-11e0-9e67-000f1f57cdbd}\Shell\AutoRun\command - "" = H:\Setup.now.exe
O33 - MountPoints2\{75081fdd-39c0-11df-9d65-a7a0cb42c7e7}\Shell - "" = AutoRun
O33 - MountPoints2\{75081fdd-39c0-11df-9d65-a7a0cb42c7e7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{75081fdd-39c0-11df-9d65-a7a0cb42c7e7}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{7b87d44c-d349-11e0-9e65-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{7b87d44c-d349-11e0-9e65-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7b87d44c-d349-11e0-9e65-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{7d7d0cc6-10e1-11df-9d2c-d06a6bfb46e9}\Shell - "" = AutoRun
O33 - MountPoints2\{7d7d0cc6-10e1-11df-9d2c-d06a6bfb46e9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7d7d0cc6-10e1-11df-9d2c-d06a6bfb46e9}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{7ddba500-4a2b-11df-9d80-a6d525802ae5}\Shell - "" = AutoRun
O33 - MountPoints2\{7ddba500-4a2b-11df-9d80-a6d525802ae5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7ddba500-4a2b-11df-9d80-a6d525802ae5}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{822c7712-12ac-11df-9d2f-881aeaa2d6f0}\Shell - "" = AutoRun
O33 - MountPoints2\{822c7712-12ac-11df-9d2f-881aeaa2d6f0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{822c7712-12ac-11df-9d2f-881aeaa2d6f0}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{86169b70-d275-11e0-9e64-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{86169b70-d275-11e0-9e64-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{86169b70-d275-11e0-9e64-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{8a11d0f0-4cb1-11df-9d83-cfe0f9edcec6}\Shell - "" = AutoRun
O33 - MountPoints2\{8a11d0f0-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a11d0f0-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{8a11d0f1-4cb1-11df-9d83-cfe0f9edcec6}\Shell - "" = AutoRun
O33 - MountPoints2\{8a11d0f1-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a11d0f1-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun\command - "" = F:\alliance.exe
O33 - MountPoints2\{8a11d0f2-4cb1-11df-9d83-cfe0f9edcec6}\Shell - "" = AutoRun
O33 - MountPoints2\{8a11d0f2-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a11d0f2-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{8a11d0f4-4cb1-11df-9d83-cfe0f9edcec6}\Shell - "" = AutoRun
O33 - MountPoints2\{8a11d0f4-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a11d0f4-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{99357521-28b3-11e1-9eee-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{99357521-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{99357521-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{99357526-28b3-11e1-9eee-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{99357526-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{99357526-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\Setup.now.exe
O33 - MountPoints2\{99357538-28b3-11e1-9eee-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{99357538-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{99357538-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\Setup.now.exe
O33 - MountPoints2\{9bdf5702-c2a2-11df-9deb-af0ff51858cc}\Shell - "" = AutoRun
O33 - MountPoints2\{9bdf5702-c2a2-11df-9deb-af0ff51858cc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9bdf5702-c2a2-11df-9deb-af0ff51858cc}\Shell\AutoRun\command - "" = F:\alliance.exe
O33 - MountPoints2\{9bdf570b-c2a2-11df-9deb-c3dcb8120470}\Shell - "" = AutoRun
O33 - MountPoints2\{9bdf570b-c2a2-11df-9deb-c3dcb8120470}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9bdf570b-c2a2-11df-9deb-c3dcb8120470}\Shell\AutoRun\command - "" = F:\tiestart.exe
O33 - MountPoints2\{9bdf570c-c2a2-11df-9deb-c3dcb8120470}\Shell - "" = AutoRun
O33 - MountPoints2\{9bdf570c-c2a2-11df-9deb-c3dcb8120470}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9bdf570c-c2a2-11df-9deb-c3dcb8120470}\Shell\AutoRun\command - "" = F:\alliance.exe
O33 - MountPoints2\{aa498b04-cf1d-11e0-9e55-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{aa498b04-cf1d-11e0-9e55-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aa498b04-cf1d-11e0-9e55-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell - "" = AutoRun
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\AutoRun\command - "" = F:\aoesetup.exe /autorun
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\directx\command - "" = F:\DirectX\dxsetup.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\dplay\command - "" = F:\DirectX\dplay61a.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\dxdiag\command - "" = F:\goodies\ar40eng.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\dxinfo\command - "" = F:\goodies\DirectX\dxinfo.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\dxtest\command - "" = F:\DirectX\dxdiag.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\dxtool\command - "" = F:\goodies\DirectX\dxtool.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\log\command - "" = F:\goodies\machine\machine.exe -l
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\machine\command - "" = F:\goodies\machine\machine.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\setup\command - "" = F:\aoesetup.exe /autorun
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\zone\command - "" = F:\goodies\mszone\zoneA600.exe
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell - "" = AutoRun
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\adobe\command - "" = F:\goodies\ar405eng.exe
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\AutoRun\command - "" = F:\aocsetup.exe /autorun
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\log\command - "" = F:\goodies\machine\machine.exe -l
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\machine\command - "" = F:\goodies\machine\machine.exe
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\setup\command - "" = F:\aocsetup.exe /autorun
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\zone\command - "" = F:\goodies\mszone\zonea660.exe
O33 - MountPoints2\{b69dee5a-d0ff-11e0-9e60-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{b69dee5a-d0ff-11e0-9e60-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b69dee5a-d0ff-11e0-9e60-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\xwingtie.exe
O33 - MountPoints2\{ce4fbdbc-cfe6-11e0-9e56-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{ce4fbdbc-cfe6-11e0-9e56-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ce4fbdbc-cfe6-11e0-9e56-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun\command - "" = H:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\directx\command - "" = H:\DirectX\dxsetup.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dplay\command - "" = H:\DirectX\dplay61a.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxdiag\command - "" = H:\goodies\ar40eng.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxinfo\command - "" = H:\goodies\DirectX\dxinfo.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtest\command - "" = H:\DirectX\dxdiag.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtool\command - "" = H:\goodies\DirectX\dxtool.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\log\command - "" = H:\goodies\machine\machine.exe -l
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\machine\command - "" = H:\goodies\machine\machine.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\setup\command - "" = H:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\zone\command - "" = H:\goodies\mszone\zoneA600.exe
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\adobe\command - "" = H:\goodies\ar405eng.exe
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun\command - "" = H:\aocsetup.exe /autorun
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\log\command - "" = H:\goodies\machine\machine.exe -l
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\machine\command - "" = H:\goodies\machine\machine.exe
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\setup\command - "" = H:\aocsetup.exe /autorun
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\zone\command - "" = H:\goodies\mszone\zonea660.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun\command - "" = H:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\directx\command - "" = H:\DirectX\dxsetup.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dplay\command - "" = H:\DirectX\dplay61a.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxdiag\command - "" = H:\goodies\ar40eng.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxinfo\command - "" = H:\goodies\DirectX\dxinfo.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtest\command - "" = H:\DirectX\dxdiag.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtool\command - "" = H:\goodies\DirectX\dxtool.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\log\command - "" = H:\goodies\machine\machine.exe -l
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\machine\command - "" = H:\goodies\machine\machine.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\setup\command - "" = H:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\zone\command - "" = H:\goodies\mszone\zoneA600.exe
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\adobe\command - "" = H:\goodies\ar405eng.exe
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun\command - "" = H:\aocsetup.exe /autorun
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\log\command - "" = H:\goodies\machine\machine.exe -l
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\machine\command - "" = H:\goodies\machine\machine.exe
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\setup\command - "" = H:\aocsetup.exe /autorun
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\zone\command - "" = H:\goodies\mszone\zonea660.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun\command - "" = I:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\directx\command - "" = I:\DirectX\dxsetup.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dplay\command - "" = I:\DirectX\dplay61a.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxdiag\command - "" = I:\goodies\ar40eng.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxinfo\command - "" = I:\goodies\DirectX\dxinfo.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtest\command - "" = I:\DirectX\dxdiag.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtool\command - "" = I:\goodies\DirectX\dxtool.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\log\command - "" = I:\goodies\machine\machine.exe -l
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\machine\command - "" = I:\goodies\machine\machine.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\setup\command - "" = I:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\zone\command - "" = I:\goodies\mszone\zoneA600.exe
O33 - MountPoints2\{d31e09ba-d0aa-11e0-9e5a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{d31e09ba-d0aa-11e0-9e5a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d31e09ba-d0aa-11e0-9e5a-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tieauto.exe
O33 - MountPoints2\{f192614c-d016-11e0-9e58-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{f192614c-d016-11e0-9e58-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f192614c-d016-11e0-9e58-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tieauto.exe
O33 - MountPoints2\{f192614e-d016-11e0-9e58-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{f192614e-d016-11e0-9e58-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f192614e-d016-11e0-9e58-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tieauto.exe
O33 - MountPoints2\{f6423be0-4b10-11df-9d81-a99f9362871e}\Shell - "" = AutoRun
O33 - MountPoints2\{f6423be0-4b10-11df-9d81-a99f9362871e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f6423be0-4b10-11df-9d81-a99f9362871e}\Shell\AutoRun\command - "" = F:\alliance.exe
O33 - MountPoints2\{fe8092ce-d0ac-11e0-9e5b-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8092ce-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe8092ce-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tiestart.exe
O33 - MountPoints2\{fe8092d1-d0ac-11e0-9e5b-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8092d1-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe8092d1-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tiestart.exe
O33 - MountPoints2\{fe8092d3-d0ac-11e0-9e5b-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8092d3-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe8092d3-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tiestart.exe
O33 - MountPoints2\{fe8092d8-d0ac-11e0-9e5b-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8092d8-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe8092d8-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\xwingtie.exe
O33 - MountPoints2\{fe8092db-d0ac-11e0-9e5b-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8092db-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe8092db-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\xwingtie.exe
[2012/02/25 19:46:32 | 000,398,760 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2012/02/25 19:46:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[2012/02/25 19:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2012/02/25 19:46:39 | 000,398,760 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2012/02/14 23:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\uTorrent

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

:Commands
[emptytemp]
[resethosts]


  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.


Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go HERE then click on:

Quote:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.


  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:



    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: (Selecting Uninstall application on close if you so wish)


Summary of the logs I need from you in your next post:

  • OTL fix log
  • E-Set log
  • Please let me know how your computer is running now.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Danfun64
Junior Member


Joined: 27 Jul 2010
Last Visit: 15 Apr 2013
Posts: 16

PostPosted: Wed Mar 07, 2012 9:07 am    Post subject: Reply with quote

I attempted to use OTL, but i got this message "processing registry data 03-hklm\..\toolbar:(no name) - locked - no clsid value found" then the program hung and I restarted the computer. I didn't attempt the online malware scan.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Sep 2014
Posts: 9979
Location: Yorkshire

PostPosted: Wed Mar 07, 2012 12:18 pm    Post subject: Reply with quote

OK, lets try running OTL again, this time using the modified fix script below .....


  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.

Code:
:Processes
killallprocesses

:Reg
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-842925246-436374069-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=Z4xdm037YYus&ptb=87C8DAD9-9D98-400A-8C06-5A2EB89CFC48&si=XXXXXXXXXX
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
O4 - HKU\S-1-5-21-842925246-436374069-725345543-1005..\Run: [Voobly] File not found
O33 - MountPoints2\{0c087642-4be8-11df-9d82-bb75fe3114b6}\Shell - "" = AutoRun
O33 - MountPoints2\{0c087642-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c087642-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun\command - "" = F:\alliance.exe
O33 - MountPoints2\{0c087646-4be8-11df-9d82-bb75fe3114b6}\Shell - "" = AutoRun
O33 - MountPoints2\{0c087646-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c087646-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{0c087648-4be8-11df-9d82-bb75fe3114b6}\Shell - "" = AutoRun
O33 - MountPoints2\{0c087648-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c087648-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{12b162bd-280e-11e1-9eec-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{12b162bd-280e-11e1-9eec-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{12b162bd-280e-11e1-9eec-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{170a0c22-fc19-11e0-9e9d-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{170a0c22-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{170a0c22-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\autorun\autorun.exe
O33 - MountPoints2\{170a0c26-fc19-11e0-9e9d-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{170a0c26-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{170a0c26-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\autorun\autorun.exe
O33 - MountPoints2\{170a0c27-fc19-11e0-9e9d-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{170a0c27-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{170a0c27-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\autorun\autorun.exe
O33 - MountPoints2\{1db79530-49a5-11df-9d7e-aceeac55215f}\Shell - "" = AutoRun
O33 - MountPoints2\{1db79530-49a5-11df-9d7e-aceeac55215f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1db79530-49a5-11df-9d7e-aceeac55215f}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{2a6cc000-f81d-11e0-9e96-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{2a6cc000-f81d-11e0-9e96-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a6cc000-f81d-11e0-9e96-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{393fd8dc-9d8a-11df-9dde-e7ef8e258bc1}\Shell - "" = AutoRun
O33 - MountPoints2\{393fd8dc-9d8a-11df-9dde-e7ef8e258bc1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{393fd8dc-9d8a-11df-9dde-e7ef8e258bc1}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{393fd8dd-9d8a-11df-9dde-e7ef8e258bc1}\Shell - "" = AutoRun
O33 - MountPoints2\{393fd8dd-9d8a-11df-9dde-e7ef8e258bc1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{393fd8dd-9d8a-11df-9dde-e7ef8e258bc1}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{3dc0e9ca-413e-11e1-9f10-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{3dc0e9ca-413e-11e1-9f10-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3dc0e9ca-413e-11e1-9f10-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\outlaws.exe
O33 - MountPoints2\{3dc0e9d0-413e-11e1-9f10-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{3dc0e9d0-413e-11e1-9f10-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3dc0e9d0-413e-11e1-9f10-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\outlaws.exe
O33 - MountPoints2\{3e6b2c2c-e5fd-11e0-9e7e-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{3e6b2c2c-e5fd-11e0-9e7e-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3e6b2c2c-e5fd-11e0-9e7e-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{42ad5eaa-d19d-11e0-9e63-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{42ad5eaa-d19d-11e0-9e63-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{42ad5eaa-d19d-11e0-9e63-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{45bcddcf-e6b2-11e0-9e7f-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{45bcddcf-e6b2-11e0-9e7f-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45bcddcf-e6b2-11e0-9e7f-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{45f3800c-d49c-11e0-9e67-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{45f3800c-d49c-11e0-9e67-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45f3800c-d49c-11e0-9e67-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{45f38020-d49c-11e0-9e67-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{45f38020-d49c-11e0-9e67-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45f38020-d49c-11e0-9e67-000f1f57cdbd}\Shell\AutoRun\command - "" = H:\Setup.now.exe
O33 - MountPoints2\{75081fdd-39c0-11df-9d65-a7a0cb42c7e7}\Shell - "" = AutoRun
O33 - MountPoints2\{75081fdd-39c0-11df-9d65-a7a0cb42c7e7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{75081fdd-39c0-11df-9d65-a7a0cb42c7e7}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{7b87d44c-d349-11e0-9e65-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{7b87d44c-d349-11e0-9e65-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7b87d44c-d349-11e0-9e65-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{7d7d0cc6-10e1-11df-9d2c-d06a6bfb46e9}\Shell - "" = AutoRun
O33 - MountPoints2\{7d7d0cc6-10e1-11df-9d2c-d06a6bfb46e9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7d7d0cc6-10e1-11df-9d2c-d06a6bfb46e9}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{7ddba500-4a2b-11df-9d80-a6d525802ae5}\Shell - "" = AutoRun
O33 - MountPoints2\{7ddba500-4a2b-11df-9d80-a6d525802ae5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7ddba500-4a2b-11df-9d80-a6d525802ae5}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{822c7712-12ac-11df-9d2f-881aeaa2d6f0}\Shell - "" = AutoRun
O33 - MountPoints2\{822c7712-12ac-11df-9d2f-881aeaa2d6f0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{822c7712-12ac-11df-9d2f-881aeaa2d6f0}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{86169b70-d275-11e0-9e64-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{86169b70-d275-11e0-9e64-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{86169b70-d275-11e0-9e64-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{8a11d0f0-4cb1-11df-9d83-cfe0f9edcec6}\Shell - "" = AutoRun
O33 - MountPoints2\{8a11d0f0-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a11d0f0-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{8a11d0f1-4cb1-11df-9d83-cfe0f9edcec6}\Shell - "" = AutoRun
O33 - MountPoints2\{8a11d0f1-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a11d0f1-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun\command - "" = F:\alliance.exe
O33 - MountPoints2\{8a11d0f2-4cb1-11df-9d83-cfe0f9edcec6}\Shell - "" = AutoRun
O33 - MountPoints2\{8a11d0f2-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a11d0f2-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{8a11d0f4-4cb1-11df-9d83-cfe0f9edcec6}\Shell - "" = AutoRun
O33 - MountPoints2\{8a11d0f4-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a11d0f4-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{99357521-28b3-11e1-9eee-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{99357521-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{99357521-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{99357526-28b3-11e1-9eee-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{99357526-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{99357526-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\Setup.now.exe
O33 - MountPoints2\{99357538-28b3-11e1-9eee-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{99357538-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{99357538-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\Setup.now.exe
O33 - MountPoints2\{9bdf5702-c2a2-11df-9deb-af0ff51858cc}\Shell - "" = AutoRun
O33 - MountPoints2\{9bdf5702-c2a2-11df-9deb-af0ff51858cc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9bdf5702-c2a2-11df-9deb-af0ff51858cc}\Shell\AutoRun\command - "" = F:\alliance.exe
O33 - MountPoints2\{9bdf570b-c2a2-11df-9deb-c3dcb8120470}\Shell - "" = AutoRun
O33 - MountPoints2\{9bdf570b-c2a2-11df-9deb-c3dcb8120470}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9bdf570b-c2a2-11df-9deb-c3dcb8120470}\Shell\AutoRun\command - "" = F:\tiestart.exe
O33 - MountPoints2\{9bdf570c-c2a2-11df-9deb-c3dcb8120470}\Shell - "" = AutoRun
O33 - MountPoints2\{9bdf570c-c2a2-11df-9deb-c3dcb8120470}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9bdf570c-c2a2-11df-9deb-c3dcb8120470}\Shell\AutoRun\command - "" = F:\alliance.exe
O33 - MountPoints2\{aa498b04-cf1d-11e0-9e55-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{aa498b04-cf1d-11e0-9e55-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aa498b04-cf1d-11e0-9e55-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell - "" = AutoRun
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\AutoRun\command - "" = F:\aoesetup.exe /autorun
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\directx\command - "" = F:\DirectX\dxsetup.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\dplay\command - "" = F:\DirectX\dplay61a.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\dxdiag\command - "" = F:\goodies\ar40eng.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\dxinfo\command - "" = F:\goodies\DirectX\dxinfo.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\dxtest\command - "" = F:\DirectX\dxdiag.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\dxtool\command - "" = F:\goodies\DirectX\dxtool.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\log\command - "" = F:\goodies\machine\machine.exe -l
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\machine\command - "" = F:\goodies\machine\machine.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\setup\command - "" = F:\aoesetup.exe /autorun
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\zone\command - "" = F:\goodies\mszone\zoneA600.exe
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell - "" = AutoRun
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\adobe\command - "" = F:\goodies\ar405eng.exe
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\AutoRun\command - "" = F:\aocsetup.exe /autorun
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\log\command - "" = F:\goodies\machine\machine.exe -l
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\machine\command - "" = F:\goodies\machine\machine.exe
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\setup\command - "" = F:\aocsetup.exe /autorun
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\zone\command - "" = F:\goodies\mszone\zonea660.exe
O33 - MountPoints2\{b69dee5a-d0ff-11e0-9e60-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{b69dee5a-d0ff-11e0-9e60-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b69dee5a-d0ff-11e0-9e60-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\xwingtie.exe
O33 - MountPoints2\{ce4fbdbc-cfe6-11e0-9e56-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{ce4fbdbc-cfe6-11e0-9e56-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ce4fbdbc-cfe6-11e0-9e56-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun\command - "" = H:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\directx\command - "" = H:\DirectX\dxsetup.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dplay\command - "" = H:\DirectX\dplay61a.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxdiag\command - "" = H:\goodies\ar40eng.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxinfo\command - "" = H:\goodies\DirectX\dxinfo.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtest\command - "" = H:\DirectX\dxdiag.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtool\command - "" = H:\goodies\DirectX\dxtool.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\log\command - "" = H:\goodies\machine\machine.exe -l
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\machine\command - "" = H:\goodies\machine\machine.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\setup\command - "" = H:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\zone\command - "" = H:\goodies\mszone\zoneA600.exe
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\adobe\command - "" = H:\goodies\ar405eng.exe
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun\command - "" = H:\aocsetup.exe /autorun
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\log\command - "" = H:\goodies\machine\machine.exe -l
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\machine\command - "" = H:\goodies\machine\machine.exe
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\setup\command - "" = H:\aocsetup.exe /autorun
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\zone\command - "" = H:\goodies\mszone\zonea660.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun\command - "" = H:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\directx\command - "" = H:\DirectX\dxsetup.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dplay\command - "" = H:\DirectX\dplay61a.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxdiag\command - "" = H:\goodies\ar40eng.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxinfo\command - "" = H:\goodies\DirectX\dxinfo.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtest\command - "" = H:\DirectX\dxdiag.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtool\command - "" = H:\goodies\DirectX\dxtool.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\log\command - "" = H:\goodies\machine\machine.exe -l
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\machine\command - "" = H:\goodies\machine\machine.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\setup\command - "" = H:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\zone\command - "" = H:\goodies\mszone\zoneA600.exe
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\adobe\command - "" = H:\goodies\ar405eng.exe
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun\command - "" = H:\aocsetup.exe /autorun
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\log\command - "" = H:\goodies\machine\machine.exe -l
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\machine\command - "" = H:\goodies\machine\machine.exe
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\setup\command - "" = H:\aocsetup.exe /autorun
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\zone\command - "" = H:\goodies\mszone\zonea660.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun\command - "" = I:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\directx\command - "" = I:\DirectX\dxsetup.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dplay\command - "" = I:\DirectX\dplay61a.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxdiag\command - "" = I:\goodies\ar40eng.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxinfo\command - "" = I:\goodies\DirectX\dxinfo.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtest\command - "" = I:\DirectX\dxdiag.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtool\command - "" = I:\goodies\DirectX\dxtool.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\log\command - "" = I:\goodies\machine\machine.exe -l
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\machine\command - "" = I:\goodies\machine\machine.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\setup\command - "" = I:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\zone\command - "" = I:\goodies\mszone\zoneA600.exe
O33 - MountPoints2\{d31e09ba-d0aa-11e0-9e5a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{d31e09ba-d0aa-11e0-9e5a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d31e09ba-d0aa-11e0-9e5a-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tieauto.exe
O33 - MountPoints2\{f192614c-d016-11e0-9e58-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{f192614c-d016-11e0-9e58-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f192614c-d016-11e0-9e58-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tieauto.exe
O33 - MountPoints2\{f192614e-d016-11e0-9e58-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{f192614e-d016-11e0-9e58-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f192614e-d016-11e0-9e58-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tieauto.exe
O33 - MountPoints2\{f6423be0-4b10-11df-9d81-a99f9362871e}\Shell - "" = AutoRun
O33 - MountPoints2\{f6423be0-4b10-11df-9d81-a99f9362871e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f6423be0-4b10-11df-9d81-a99f9362871e}\Shell\AutoRun\command - "" = F:\alliance.exe
O33 - MountPoints2\{fe8092ce-d0ac-11e0-9e5b-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8092ce-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe8092ce-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tiestart.exe
O33 - MountPoints2\{fe8092d1-d0ac-11e0-9e5b-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8092d1-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe8092d1-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tiestart.exe
O33 - MountPoints2\{fe8092d3-d0ac-11e0-9e5b-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8092d3-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe8092d3-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tiestart.exe
O33 - MountPoints2\{fe8092d8-d0ac-11e0-9e5b-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8092d8-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe8092d8-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\xwingtie.exe
O33 - MountPoints2\{fe8092db-d0ac-11e0-9e5b-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8092db-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe8092db-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\xwingtie.exe
[2012/02/25 19:46:32 | 000,398,760 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2012/02/25 19:46:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[2012/02/25 19:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2012/02/25 19:46:39 | 000,398,760 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2012/02/14 23:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\uTorrent

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

:Commands
[emptytemp]
[resethosts]


  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.


Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Danfun64
Junior Member


Joined: 27 Jul 2010
Last Visit: 15 Apr 2013
Posts: 16

PostPosted: Fri Mar 09, 2012 11:37 am    Post subject: Reply with quote

another error... just like last time, the computer froze and I had to restart it manually. I had to copy the message by hand so it might not be fully accurate (because of my handwriting).

"processing registry data O4-HKu\5-1-5-21-842925246-436374069-725345543-1005..\run:[Voobly] File not found..."

Should I rescan with OTL and then try again?
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Sep 2014
Posts: 9979
Location: Yorkshire

PostPosted: Fri Mar 09, 2012 2:57 pm    Post subject: Reply with quote

Danfun64 wrote:
Should I rescan with OTL and then try again?


Just run a new scan for me with OTL, and post me the log please, so I can see what (if anything) has been removed.

I should then be able to use alternate methods to remove anything that still needs attention.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Danfun64
Junior Member


Joined: 27 Jul 2010
Last Visit: 15 Apr 2013
Posts: 16

PostPosted: Sat Mar 10, 2012 9:24 am    Post subject: Reply with quote

OTL.txt

OTL logfile created on: 3/10/2012 12:09:48 PM - Run 2
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\Lisa Oakley\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.00 Mb Total Physical Memory | 410.29 Mb Available Physical Memory | 40.15% Memory free
2.40 Gb Paging File | 1.91 Gb Available in Paging File | 79.61% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 6.00 Gb Free Space | 16.12% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 362.53 Gb Free Space | 77.84% Space Free | Partition Type: NTFS

Computer Name: OAKLEY05 | User Name: Lisa Oakley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/05 13:51:48 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisa Oakley\My Documents\Downloads\OTL.exe
PRC - [2012/02/18 10:50:53 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/19 11:38:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/11/12 20:06:36 | 001,589,248 | ---- | M] (Don HO don.h@free.fr) -- C:\Program Files\Notepad++\notepad++.exe
PRC - [2011/07/25 11:40:56 | 004,766,000 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Lisa Oakley\My Documents\procexp\procexp.exe
PRC - [2011/07/11 16:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011/06/25 11:59:55 | 000,161,776 | ---- | M] (Bsecure Technologies, Inc.) -- C:\Program Files\Bsecure\BsecAV.exe
PRC - [2011/06/25 11:59:34 | 000,066,344 | ---- | M] (Bsecure Technologies, Inc.) -- C:\Program Files\Bsecure\InetCtrl.exe
PRC - [2011/06/25 11:59:34 | 000,022,824 | ---- | M] () -- C:\Program Files\Bsecure\BsecAMX.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/07/25 21:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/29 15:11:56 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/02/20 10:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/18 10:50:46 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/12/09 15:54:41 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/09/21 15:46:28 | 001,673,728 | ---- | M] () -- C:\Program Files\Notepad++\plugins\NppFTP.dll
MOD - [2011/07/18 16:07:28 | 000,014,336 | ---- | M] () -- C:\Program Files\Notepad++\plugins\NppExport.dll
MOD - [2011/07/18 16:04:08 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll
MOD - [2011/06/25 11:59:37 | 000,057,128 | ---- | M] () -- C:\Program Files\Bsecure\BsecZlib.dll
MOD - [2011/06/25 11:59:34 | 000,022,824 | ---- | M] () -- C:\Program Files\Bsecure\BsecAMX.exe
MOD - [2009/12/08 17:50:04 | 003,565,056 | ---- | M] () -- C:\Program Files\ffdshow\ffdshow.ax
MOD - [2008/12/05 16:22:48 | 000,839,680 | ---- | M] () -- C:\WINDOWS\system32\timiditydrv.dll
MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/01/29 15:05:48 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2008/01/29 15:03:28 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2002/12/11 23:14:32 | 000,316,416 | ---- | M] () -- C:\Program Files\Movie Player\Decoder\mpg2splt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/12/19 11:38:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/06/25 11:59:55 | 000,161,776 | ---- | M] (Bsecure Technologies, Inc.) [Auto | Running] -- C:\Program Files\Bsecure\BsecAV.exe -- (BsecureAV)
SRV - [2011/06/25 11:59:34 | 000,066,344 | ---- | M] (Bsecure Technologies, Inc.) [Auto | Running] -- C:\Program Files\Bsecure\InetCtrl.exe -- (Bsecure)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2005/10/24 08:33:04 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcjcoms.exe -- (lxcj_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WUSB54GSCV2)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (vsc32)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (VBoxNetFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (ISLNDIS5)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/10 11:05:40 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5D1D995F-C7CD-4B76-8808-46676ACA334A}\MpKslf9722692.sys -- (MpKslf9722692)
DRV - [2011/11/04 13:42:02 | 000,104,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/04/26 14:23:50 | 000,049,088 | ---- | M] (BSafe Online) [File_System | Boot | Unknown] -- C:\WINDOWS\system32\drivers\BsecFltr.sys -- (BsecureFilter)
DRV - [2010/02/05 12:40:12 | 000,021,624 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BSecACFltr.sys -- (BSecACFltr)
DRV - [2009/12/06 05:24:21 | 000,135,320 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV - [2009/11/03 22:03:56 | 000,031,808 | ---- | M] (Deon van der Westhuysen) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PPortJoy.sys -- (PPortJoystick)
DRV - [2009/11/03 22:03:56 | 000,015,936 | ---- | M] (Deon van der Westhuysen) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PPJoyBus.sys -- (PPJoyBus)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/04/13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/12/10 20:21:26 | 000,539,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/11/27 23:40:38 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/11/21 18:51:30 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/10/02 04:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/06/29 19:38:30 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/03/31 20:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007/03/23 17:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005/09/23 21:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004/02/04 09:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2003/07/16 15:40:09 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/07/16 15:40:08 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/06/30 18:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-842925246-436374069-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=Z4xdm037YYus&ptb=87C8DAD9-9D98-400A-8C06-5A2EB89CFC48&si=XXXXXXXXXX
IE - HKU\S-1-5-21-842925246-436374069-725345543-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-842925246-436374069-725345543-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-842925246-436374069-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.ixquick.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/06 14:10:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/06 14:10:30 | 000,000,000 | ---D | M]

[2011/03/12 22:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lisa Oakley\Application Data\Mozilla\Extensions
[2012/03/02 09:42:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lisa Oakley\Application Data\Mozilla\Firefox\Profiles\ztcl7rcw.default\extensions
[2011/05/26 20:28:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lisa Oakley\Application Data\Mozilla\Firefox\Profiles\ztcl7rcw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/23 22:01:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Lisa Oakley\Application Data\Mozilla\Firefox\Profiles\ztcl7rcw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/03/02 09:42:03 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Lisa Oakley\Application Data\Mozilla\Firefox\Profiles\ztcl7rcw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/09/01 18:10:47 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Documents and Settings\Lisa Oakley\Application Data\Mozilla\Firefox\Profiles\ztcl7rcw.default\extensions\coralietab@mozdev.org
[2012/03/09 23:34:23 | 000,001,590 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\Application Data\Mozilla\Firefox\Profiles\ztcl7rcw.default\searchplugins\ixquick-https.xml
[2012/03/01 14:16:58 | 000,009,634 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\Application Data\Mozilla\Firefox\Profiles\ztcl7rcw.default\searchplugins\my-web-search.xml
[2011/12/19 11:34:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\LISA OAKLEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ZTCL7RCW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\LISA OAKLEY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ZTCL7RCW.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012/02/18 10:50:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/11 16:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/02/14 16:12:52 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/14 16:12:52 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2003/07/16 15:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CloudCare] C:\Program Files\Bsecure\BsecTray.exe (Bsecure Technologies, Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-842925246-436374069-725345543-1005..\Run: [Voobly] File not found
O4 - HKU\S-1-5-21-842925246-436374069-725345543-1005..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-436374069-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250105583375 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76F00CF9-7BFF-438E-A6E2-4E77FBB9A1A3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3CDD3A4-9D84-4B97-BFEF-1411CD48B998}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\DOCUMENTS AND SETTINGS\LISA OAKLEY\MY DOCUMENTS\PROCEXP\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009/08/10 11:03:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0c087642-4be8-11df-9d82-bb75fe3114b6}\Shell - "" = AutoRun
O33 - MountPoints2\{0c087642-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c087642-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun\command - "" = F:\alliance.exe
O33 - MountPoints2\{0c087646-4be8-11df-9d82-bb75fe3114b6}\Shell - "" = AutoRun
O33 - MountPoints2\{0c087646-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c087646-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{0c087648-4be8-11df-9d82-bb75fe3114b6}\Shell - "" = AutoRun
O33 - MountPoints2\{0c087648-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c087648-4be8-11df-9d82-bb75fe3114b6}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{12b162bd-280e-11e1-9eec-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{12b162bd-280e-11e1-9eec-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{12b162bd-280e-11e1-9eec-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{170a0c22-fc19-11e0-9e9d-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{170a0c22-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{170a0c22-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\autorun\autorun.exe
O33 - MountPoints2\{170a0c26-fc19-11e0-9e9d-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{170a0c26-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{170a0c26-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\autorun\autorun.exe
O33 - MountPoints2\{170a0c27-fc19-11e0-9e9d-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{170a0c27-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{170a0c27-fc19-11e0-9e9d-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\autorun\autorun.exe
O33 - MountPoints2\{1db79530-49a5-11df-9d7e-aceeac55215f}\Shell - "" = AutoRun
O33 - MountPoints2\{1db79530-49a5-11df-9d7e-aceeac55215f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1db79530-49a5-11df-9d7e-aceeac55215f}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{2a6cc000-f81d-11e0-9e96-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{2a6cc000-f81d-11e0-9e96-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a6cc000-f81d-11e0-9e96-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{393fd8dc-9d8a-11df-9dde-e7ef8e258bc1}\Shell - "" = AutoRun
O33 - MountPoints2\{393fd8dc-9d8a-11df-9dde-e7ef8e258bc1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{393fd8dc-9d8a-11df-9dde-e7ef8e258bc1}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{393fd8dd-9d8a-11df-9dde-e7ef8e258bc1}\Shell - "" = AutoRun
O33 - MountPoints2\{393fd8dd-9d8a-11df-9dde-e7ef8e258bc1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{393fd8dd-9d8a-11df-9dde-e7ef8e258bc1}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{3dc0e9ca-413e-11e1-9f10-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{3dc0e9ca-413e-11e1-9f10-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3dc0e9ca-413e-11e1-9f10-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\outlaws.exe
O33 - MountPoints2\{3dc0e9d0-413e-11e1-9f10-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{3dc0e9d0-413e-11e1-9f10-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3dc0e9d0-413e-11e1-9f10-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\outlaws.exe
O33 - MountPoints2\{3e6b2c2c-e5fd-11e0-9e7e-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{3e6b2c2c-e5fd-11e0-9e7e-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3e6b2c2c-e5fd-11e0-9e7e-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{42ad5eaa-d19d-11e0-9e63-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{42ad5eaa-d19d-11e0-9e63-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{42ad5eaa-d19d-11e0-9e63-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{45bcddcf-e6b2-11e0-9e7f-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{45bcddcf-e6b2-11e0-9e7f-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45bcddcf-e6b2-11e0-9e7f-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{45f3800c-d49c-11e0-9e67-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{45f3800c-d49c-11e0-9e67-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45f3800c-d49c-11e0-9e67-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{45f38020-d49c-11e0-9e67-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{45f38020-d49c-11e0-9e67-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45f38020-d49c-11e0-9e67-000f1f57cdbd}\Shell\AutoRun\command - "" = H:\Setup.now.exe
O33 - MountPoints2\{68546266-6ab4-11e1-9f62-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{68546266-6ab4-11e1-9f62-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{68546266-6ab4-11e1-9f62-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\wubi.exe --cdmenu
O33 - MountPoints2\{75081fdd-39c0-11df-9d65-a7a0cb42c7e7}\Shell - "" = AutoRun
O33 - MountPoints2\{75081fdd-39c0-11df-9d65-a7a0cb42c7e7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{75081fdd-39c0-11df-9d65-a7a0cb42c7e7}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{7b87d44c-d349-11e0-9e65-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{7b87d44c-d349-11e0-9e65-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7b87d44c-d349-11e0-9e65-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{7d7d0cc6-10e1-11df-9d2c-d06a6bfb46e9}\Shell - "" = AutoRun
O33 - MountPoints2\{7d7d0cc6-10e1-11df-9d2c-d06a6bfb46e9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7d7d0cc6-10e1-11df-9d2c-d06a6bfb46e9}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{7ddba500-4a2b-11df-9d80-a6d525802ae5}\Shell - "" = AutoRun
O33 - MountPoints2\{7ddba500-4a2b-11df-9d80-a6d525802ae5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7ddba500-4a2b-11df-9d80-a6d525802ae5}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{822c7712-12ac-11df-9d2f-881aeaa2d6f0}\Shell - "" = AutoRun
O33 - MountPoints2\{822c7712-12ac-11df-9d2f-881aeaa2d6f0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{822c7712-12ac-11df-9d2f-881aeaa2d6f0}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{86169b70-d275-11e0-9e64-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{86169b70-d275-11e0-9e64-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{86169b70-d275-11e0-9e64-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{8a11d0f0-4cb1-11df-9d83-cfe0f9edcec6}\Shell - "" = AutoRun
O33 - MountPoints2\{8a11d0f0-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a11d0f0-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{8a11d0f1-4cb1-11df-9d83-cfe0f9edcec6}\Shell - "" = AutoRun
O33 - MountPoints2\{8a11d0f1-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a11d0f1-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun\command - "" = F:\alliance.exe
O33 - MountPoints2\{8a11d0f2-4cb1-11df-9d83-cfe0f9edcec6}\Shell - "" = AutoRun
O33 - MountPoints2\{8a11d0f2-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a11d0f2-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{8a11d0f4-4cb1-11df-9d83-cfe0f9edcec6}\Shell - "" = AutoRun
O33 - MountPoints2\{8a11d0f4-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a11d0f4-4cb1-11df-9d83-cfe0f9edcec6}\Shell\AutoRun\command - "" = F:\xwingtie.exe
O33 - MountPoints2\{99357521-28b3-11e1-9eee-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{99357521-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{99357521-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{99357526-28b3-11e1-9eee-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{99357526-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{99357526-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\Setup.now.exe
O33 - MountPoints2\{99357538-28b3-11e1-9eee-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{99357538-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{99357538-28b3-11e1-9eee-000f1f57cdbd}\Shell\AutoRun\command - "" = F:\Setup.now.exe
O33 - MountPoints2\{9bdf5702-c2a2-11df-9deb-af0ff51858cc}\Shell - "" = AutoRun
O33 - MountPoints2\{9bdf5702-c2a2-11df-9deb-af0ff51858cc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9bdf5702-c2a2-11df-9deb-af0ff51858cc}\Shell\AutoRun\command - "" = F:\alliance.exe
O33 - MountPoints2\{9bdf570b-c2a2-11df-9deb-c3dcb8120470}\Shell - "" = AutoRun
O33 - MountPoints2\{9bdf570b-c2a2-11df-9deb-c3dcb8120470}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9bdf570b-c2a2-11df-9deb-c3dcb8120470}\Shell\AutoRun\command - "" = F:\tiestart.exe
O33 - MountPoints2\{9bdf570c-c2a2-11df-9deb-c3dcb8120470}\Shell - "" = AutoRun
O33 - MountPoints2\{9bdf570c-c2a2-11df-9deb-c3dcb8120470}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9bdf570c-c2a2-11df-9deb-c3dcb8120470}\Shell\AutoRun\command - "" = F:\alliance.exe
O33 - MountPoints2\{aa498b04-cf1d-11e0-9e55-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{aa498b04-cf1d-11e0-9e55-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aa498b04-cf1d-11e0-9e55-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell - "" = AutoRun
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\AutoRun\command - "" = F:\aoesetup.exe /autorun
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\directx\command - "" = F:\DirectX\dxsetup.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\dplay\command - "" = F:\DirectX\dplay61a.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\dxdiag\command - "" = F:\goodies\ar40eng.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\dxinfo\command - "" = F:\goodies\DirectX\dxinfo.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\dxtest\command - "" = F:\DirectX\dxdiag.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\dxtool\command - "" = F:\goodies\DirectX\dxtool.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\log\command - "" = F:\goodies\machine\machine.exe -l
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\machine\command - "" = F:\goodies\machine\machine.exe
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\setup\command - "" = F:\aoesetup.exe /autorun
O33 - MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}\Shell\zone\command - "" = F:\goodies\mszone\zoneA600.exe
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell - "" = AutoRun
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\adobe\command - "" = F:\goodies\ar405eng.exe
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\AutoRun\command - "" = F:\aocsetup.exe /autorun
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\log\command - "" = F:\goodies\machine\machine.exe -l
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\machine\command - "" = F:\goodies\machine\machine.exe
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\setup\command - "" = F:\aocsetup.exe /autorun
O33 - MountPoints2\{b3a48252-87e3-11e0-9e34-9e7277a67fc4}\Shell\zone\command - "" = F:\goodies\mszone\zonea660.exe
O33 - MountPoints2\{b69dee5a-d0ff-11e0-9e60-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{b69dee5a-d0ff-11e0-9e60-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b69dee5a-d0ff-11e0-9e60-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\xwingtie.exe
O33 - MountPoints2\{ce4fbdbc-cfe6-11e0-9e56-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{ce4fbdbc-cfe6-11e0-9e56-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ce4fbdbc-cfe6-11e0-9e56-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun\command - "" = H:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\directx\command - "" = H:\DirectX\dxsetup.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dplay\command - "" = H:\DirectX\dplay61a.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxdiag\command - "" = H:\goodies\ar40eng.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxinfo\command - "" = H:\goodies\DirectX\dxinfo.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtest\command - "" = H:\DirectX\dxdiag.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtool\command - "" = H:\goodies\DirectX\dxtool.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\log\command - "" = H:\goodies\machine\machine.exe -l
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\machine\command - "" = H:\goodies\machine\machine.exe
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\setup\command - "" = H:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\zone\command - "" = H:\goodies\mszone\zoneA600.exe
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\adobe\command - "" = H:\goodies\ar405eng.exe
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun\command - "" = H:\aocsetup.exe /autorun
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\log\command - "" = H:\goodies\machine\machine.exe -l
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\machine\command - "" = H:\goodies\machine\machine.exe
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\setup\command - "" = H:\aocsetup.exe /autorun
O33 - MountPoints2\{cf149a94-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\zone\command - "" = H:\goodies\mszone\zonea660.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun\command - "" = H:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\directx\command - "" = H:\DirectX\dxsetup.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dplay\command - "" = H:\DirectX\dplay61a.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxdiag\command - "" = H:\goodies\ar40eng.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxinfo\command - "" = H:\goodies\DirectX\dxinfo.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtest\command - "" = H:\DirectX\dxdiag.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtool\command - "" = H:\goodies\DirectX\dxtool.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\log\command - "" = H:\goodies\machine\machine.exe -l
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\machine\command - "" = H:\goodies\machine\machine.exe
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\setup\command - "" = H:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149a99-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\zone\command - "" = H:\goodies\mszone\zoneA600.exe
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\adobe\command - "" = H:\goodies\ar405eng.exe
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun\command - "" = H:\aocsetup.exe /autorun
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\log\command - "" = H:\goodies\machine\machine.exe -l
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\machine\command - "" = H:\goodies\machine\machine.exe
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\setup\command - "" = H:\aocsetup.exe /autorun
O33 - MountPoints2\{cf149a9d-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\zone\command - "" = H:\goodies\mszone\zonea660.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\AutoRun\command - "" = I:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\directx\command - "" = I:\DirectX\dxsetup.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dplay\command - "" = I:\DirectX\dplay61a.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxdiag\command - "" = I:\goodies\ar40eng.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxinfo\command - "" = I:\goodies\DirectX\dxinfo.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtest\command - "" = I:\DirectX\dxdiag.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\dxtool\command - "" = I:\goodies\DirectX\dxtool.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\log\command - "" = I:\goodies\machine\machine.exe -l
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\machine\command - "" = I:\goodies\machine\machine.exe
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\setup\command - "" = I:\aoesetup.exe /autorun
O33 - MountPoints2\{cf149aa2-f9b2-11e0-9e9a-000f1f57cdbd}\Shell\zone\command - "" = I:\goodies\mszone\zoneA600.exe
O33 - MountPoints2\{d31e09ba-d0aa-11e0-9e5a-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{d31e09ba-d0aa-11e0-9e5a-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d31e09ba-d0aa-11e0-9e5a-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tieauto.exe
O33 - MountPoints2\{f192614c-d016-11e0-9e58-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{f192614c-d016-11e0-9e58-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f192614c-d016-11e0-9e58-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tieauto.exe
O33 - MountPoints2\{f192614e-d016-11e0-9e58-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{f192614e-d016-11e0-9e58-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f192614e-d016-11e0-9e58-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tieauto.exe
O33 - MountPoints2\{f6423be0-4b10-11df-9d81-a99f9362871e}\Shell - "" = AutoRun
O33 - MountPoints2\{f6423be0-4b10-11df-9d81-a99f9362871e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f6423be0-4b10-11df-9d81-a99f9362871e}\Shell\AutoRun\command - "" = F:\alliance.exe
O33 - MountPoints2\{fe8092ce-d0ac-11e0-9e5b-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8092ce-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe8092ce-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tiestart.exe
O33 - MountPoints2\{fe8092d1-d0ac-11e0-9e5b-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8092d1-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe8092d1-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tiestart.exe
O33 - MountPoints2\{fe8092d3-d0ac-11e0-9e5b-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8092d3-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe8092d3-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\tiestart.exe
O33 - MountPoints2\{fe8092d8-d0ac-11e0-9e5b-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8092d8-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe8092d8-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\xwingtie.exe
O33 - MountPoints2\{fe8092db-d0ac-11e0-9e5b-000f1f57cdbd}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8092db-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe8092db-d0ac-11e0-9e5b-000f1f57cdbd}\Shell\AutoRun\command - "" = G:\xwingtie.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\wubi.exe --cdmenu
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Setup.now.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/10 08:26:52 | 000,000,000 | ---D | C] -- C:\ubuntu
[2012/03/08 17:53:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lisa Oakley\Recent
[2012/03/06 14:18:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/05 13:51:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/05 13:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/03/05 13:50:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/03/04 18:05:53 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drvc.dll
[2012/03/04 18:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPER © - by eRightSoft
[2012/03/04 18:05:52 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2012/03/04 18:05:52 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2012/03/04 18:05:51 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2012/03/04 18:05:50 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2012/03/04 18:05:50 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2012/03/04 18:05:50 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2012/03/04 18:05:49 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2012/03/04 18:05:48 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2012/03/04 18:05:46 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2012/03/04 18:05:43 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2012/03/04 18:05:42 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2012/03/04 18:05:41 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2012/02/29 18:03:45 | 000,000,000 | ---D | C] -- C:\temp
[2012/02/25 13:21:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa Oakley\Synfig
[2012/02/25 13:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Synfig
[2012/02/25 13:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\Synfig
[2012/02/16 17:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa Oakley\Local Settings\Application Data\wuaschtbrot
[2012/02/14 14:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa Oakley\My Documents\ofmiceandmenphotostory pictures
[2012/02/10 17:21:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinHTTrack
[2012/02/10 17:21:27 | 000,000,000 | ---D | C] -- C:\Program Files\WinHTTrack
[2012/02/09 12:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa Oakley\My Documents\AppSelfService.aspx_files
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/10 11:04:43 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2012/03/10 10:20:59 | 000,207,872 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/10 08:32:24 | 000,000,239 | RHS- | M] () -- C:\boot.ini
[2012/03/10 08:32:23 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
[2012/03/10 04:26:52 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/10 04:21:37 | 000,186,910 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/03/10 04:21:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/10 04:21:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/10 04:04:45 | 000,134,976 | ---- | M] () -- C:\wubildr
[2012/03/09 21:44:03 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS
[2012/03/09 11:39:04 | 004,724,551 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\My Documents\SRI Application.pdf
[2012/03/07 22:30:42 | 001,390,271 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\My Documents\Signed application.pdf
[2012/03/05 13:51:01 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\Desktop\ERUNT.lnk
[2012/02/28 12:32:43 | 000,016,007 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\My Documents\STEVE'S RESUME.odt
[2012/02/25 13:15:36 | 000,000,051 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\.gtkrc-2.0
[2012/02/17 14:09:51 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\.recently-used.xbel
[2012/02/16 09:51:18 | 000,252,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/16 00:04:15 | 000,494,058 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/16 00:04:15 | 000,084,602 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/12 11:15:02 | 000,021,000 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\My Documents\CORVEL CORP TRIAGE NURSE.odt
[2012/02/10 17:21:46 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\Desktop\HTTrack Website Copier.lnk
[2012/02/10 14:38:11 | 000,020,477 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\My Documents\AMERICAN SENIOR CARE.odt
[2012/02/09 14:40:42 | 000,000,158 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\My Documents\My Videos.scn
[2012/02/09 12:23:38 | 000,048,596 | ---- | M] () -- C:\Documents and Settings\Lisa Oakley\My Documents\AppSelfService.aspx.htm
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/10 08:32:23 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
[2012/03/10 04:04:46 | 000,134,976 | ---- | C] () -- C:\wubildr
[2012/03/09 11:39:04 | 004,724,551 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\My Documents\SRI Application.pdf
[2012/03/07 22:30:42 | 001,390,271 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\My Documents\Signed application.pdf
[2012/03/05 13:51:01 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\Desktop\ERUNT.lnk
[2012/03/04 18:05:50 | 000,121,344 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.ax
[2012/03/04 18:05:50 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2012/03/04 18:05:49 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2012/03/04 18:05:47 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2012/03/04 18:05:47 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2012/03/04 18:05:44 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2012/03/04 18:05:43 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2012/03/04 18:05:42 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2012/03/04 18:05:41 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2012/03/04 18:05:41 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2012/02/28 12:32:43 | 000,016,007 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\My Documents\STEVE'S RESUME.odt
[2012/02/25 13:15:36 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\.gtkrc-2.0
[2012/02/17 14:09:51 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\.recently-used.xbel
[2012/02/12 11:15:02 | 000,021,000 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\My Documents\CORVEL CORP TRIAGE NURSE.odt
[2012/02/10 17:21:46 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\Desktop\HTTrack Website Copier.lnk
[2012/02/10 14:38:09 | 000,020,477 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\My Documents\AMERICAN SENIOR CARE.odt
[2012/02/09 14:26:31 | 000,000,158 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\My Documents\My Videos.scn
[2012/02/09 12:23:34 | 000,048,596 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\My Documents\AppSelfService.aspx.htm
[2012/01/18 21:20:44 | 000,021,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\BSecACFltr.sys
[2012/01/13 11:51:46 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\Application Data\.backup.dm
[2012/01/02 17:15:04 | 000,076,888 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/12/25 23:54:20 | 000,252,334 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/12/21 08:28:20 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/12/09 17:11:36 | 000,000,579 | ---- | C] () -- C:\WINDOWS\qtracker.INI
[2011/11/15 14:46:23 | 000,001,044 | ---- | C] () -- C:\WINDOWS\Sidplay2w.ini
[2011/11/14 18:13:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2011/11/14 14:58:51 | 000,710,374 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\Application Data\OS.8xu
[2011/11/01 15:42:07 | 000,000,734 | ---- | C] () -- C:\WINDOWS\HEGames.ini
[2011/10/29 13:41:09 | 000,065,536 | ---- | C] () -- C:\WINDOWS\TADSUINS.EXE
[2011/10/24 18:55:23 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011/10/16 18:08:05 | 000,003,244 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\Application Data\glide_wrapper.zbag.ini
[2011/10/06 21:58:44 | 000,903,888 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/10/04 14:45:11 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Lisa Oakley\Application Data\PnkBstrK.sys
[2011/10/04 14:44:44 | 000,840,264 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2011/09/24 10:50:43 | 000,000,088 | ---- | C] () -- C:\WINDOWS\EFPM.INI
[2011/09/01 12:41:19 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2011/08/26 15:02:23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/08/26 13:49:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\portaudio.dll
[2011/08/19 13:58:48 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/08/19 13:58:48 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/08/19 13:49:45 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/08/15 09:02:25 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjserv.dll
[2011/08/15 09:02:25 | 001,122,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjusb1.dll
[2011/08/15 09:02:25 | 000,630,784 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjpmui.dll
[2011/08/15 09:02:25 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjprox.dll
[2011/08/15 09:02:25 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjpplc.dll
[2011/08/15 09:02:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcjvs.dll
[2011/08/15 09:02:24 | 000,770,048 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjhbn3.dll
[2011/08/15 09:02:24 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjcomc.dll
[2011/08/15 09:02:24 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjcoms.exe
[2011/08/15 09:02:24 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjcomm.dll
[2011/08/15 09:02:24 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjih.exe
[2011/08/15 09:02:24 | 000,368,640 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjcfg.exe
[2011/08/15 09:02:23 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjlmpm.dll
[2010/06/03 17:55:06 | 000,000,042 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/02 18:43:39 | 000,000,464 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010/04/09 14:08:26 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\zmbv.dll

========== LOP Check ==========

[2011/09/25 11:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Armagetron
[2012/01/02 19:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/12/05 14:35:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/12/30 12:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2011/12/05 15:03:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/12/05 15:15:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJFAX
[2011/12/06 08:11:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2012/03/05 13:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2011/12/05 14:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup000
[2012/01/02 15:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2012/01/13 11:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2011/10/26 17:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2011/10/26 17:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio HD
[2011/10/26 17:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2011/10/26 17:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 15
[2012/01/07 19:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/19 20:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\.doomseeker
[2012/01/07 16:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\.kde
[2011/09/01 18:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Advanced Mario Sequencer
[2012/01/02 18:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Allume Systems
[2011/09/25 11:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Armagetron
[2012/03/10 05:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Audacity
[2011/08/10 19:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\bsnes
[2011/12/30 11:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Canon
[2011/10/28 13:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Enigma
[2012/01/28 15:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\gtk-2.0
[2011/08/31 09:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\id Software
[2010/09/02 12:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\ImgBurn
[2010/02/03 16:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\InfraRecorder
[2012/01/07 16:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\KDE
[2011/08/11 15:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\LibreOffice
[2011/08/22 17:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\LucasArts
[2011/05/26 19:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Mumble
[2011/09/18 17:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Mupen64Plus
[2011/08/20 10:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Neverball
[2011/12/10 18:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Nuncabola
[2011/08/19 15:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\OpenArena
[2011/10/15 19:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\OpenMPT
[2010/02/05 20:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\OpenOffice.org
[2012/01/06 19:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Pingus
[2011/08/19 17:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Quake3
[2011/12/21 09:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\RadiantSettings
[2011/10/29 19:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\ScummVM
[2011/11/24 16:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\SLADE3
[2012/01/22 18:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\smc
[2011/12/22 18:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Stella
[2011/09/23 17:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\STVEF
[2012/01/04 16:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\supertuxkart
[2012/01/02 18:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\Tremulous
[2012/03/06 14:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\uTorrent
[2012/01/16 16:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\WarZone
[2011/08/19 15:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\wolfcamql
[2011/10/21 19:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Oakley\Application Data\yang
[2012/03/10 04:26:52 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
Back to top
View user's profile Send private message
Danfun64
Junior Member


Joined: 27 Jul 2010
Last Visit: 15 Apr 2013
Posts: 16

PostPosted: Sat Mar 10, 2012 9:29 am    Post subject: Reply with quote

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E9A1B25
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0888F409

< End of report >

extras.txt

OTL Extras logfile created on: 3/10/2012 12:09:48 PM - Run 2
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\Lisa Oakley\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.00 Mb Total Physical Memory | 410.29 Mb Available Physical Memory | 40.15% Memory free
2.40 Gb Paging File | 1.91 Gb Available in Paging File | 79.61% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 6.00 Gb Free Space | 16.12% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 362.53 Gb Free Space | 77.84% Space Free | Partition Type: NTFS

Computer Name: OAKLEY05 | User Name: Lisa Oakley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-842925246-436374069-725345543-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
InternetShortcut [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Open File Location] -- "explorer.exe" /select,"%1" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"27960:UDP" = 27960:UDP:*:Enabled:urban terror udp
"27960:TCP" = 27960:TCP:*:Enabled:Urban terror tcp

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Qtracker\Applications\QtUplink.exe" = C:\Program Files\Qtracker\Applications\QtUplink.exe:*:Enabled:QtUplink
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary
"C:\Program Files\Croteam\Serious Sam\Bin\SeriousSam.exe" = C:\Program Files\Croteam\Serious Sam\Bin\SeriousSam.exe:*:Enabled:SeriousSam
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:dplaysvr.exe -- (Microsoft Corporation)
"C:\Games\Descent3\main.exe" = C:\Games\Descent3\main.exe:*:Enabled:main
"C:\Documents and Settings\Lisa Oakley\My Documents\emulation\snes9x\snes9x.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\emulation\snes9x\snes9x.exe:*:Enabled:Snes9XW
"C:\Documents and Settings\Lisa Oakley\My Documents\UrbanTerror\ioq3-urt.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\UrbanTerror\ioq3-urt.exe:*:Enabled:ioq3-urt
"C:\Documents and Settings\Lisa Oakley\My Documents\wolfcamql8.3\wolfcamql.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\wolfcamql8.3\wolfcamql.exe:*:Enabled:wolfcamql
"C:\Documents and Settings\Lisa Oakley\My Documents\openarena-0.8.1\openarena.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\openarena-0.8.1\openarena.exe:*:Enabled:openarena
"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server
"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld
"C:\Games\Paintball2\paintball2.exe" = C:\Games\Paintball2\paintball2.exe:*:Enabled:Digital Paint: Paintball 2
"C:\Games\Keygrip2\quake2.exe" = C:\Games\Keygrip2\quake2.exe:*:Enabled:Digital Paint: Paintball 2
"C:\Documents and Settings\Lisa Oakley\My Documents\laser arena\LA_GL.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\laser arena\LA_GL.exe:*:Enabled:LA_GL
"C:\Program Files\Atari\Nerf\System\Nerf.exe" = C:\Program Files\Atari\Nerf\System\Nerf.exe:*:Enabled:Nerf
"C:\Documents and Settings\Lisa Oakley\My Documents\Laser Arena\LA.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\Laser Arena\LA.exe:*:Enabled:LA
"C:\Program Files\Russobit-M\Worms Armageddon\WA.exe" = C:\Program Files\Russobit-M\Worms Armageddon\WA.exe:*:Enabled:Worms Armageddon 3.6.31.0
"C:\Documents and Settings\Lisa Oakley\My Documents\Worms2\frontend.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\Worms2\frontend.exe:*:Enabled:Worms 2 Frontend
"C:\Team17\Worms2\frontend.exe" = C:\Team17\Worms2\frontend.exe:*:Enabled:Worms 2 Frontend
"C:\Documents and Settings\Lisa Oakley\My Documents\nexuiz-lite\nexuiz.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\nexuiz-lite\nexuiz.exe:*:Enabled:Nexuiz
"C:\Documents and Settings\Lisa Oakley\My Documents\Nexuiz\nexuiz.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\Nexuiz\nexuiz.exe:*:Enabled:Nexuiz
"C:\Documents and Settings\Lisa Oakley\My Documents\kurok\FitzKurok_sdl.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\kurok\FitzKurok_sdl.exe:*:Enabled:FitzKurok_sdl.exe
"C:\Documents and Settings\Lisa Oakley\My Documents\quake\ezquake-gl.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\quake\ezquake-gl.exe:*:Enabled:ezquake-gl
"C:\Documents and Settings\Lisa Oakley\My Documents\quake\glQrack.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\quake\glQrack.exe:*:Enabled:glQrack
"C:\Documents and Settings\Lisa Oakley\My Documents\proquake\glpro451.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\proquake\glpro451.exe:*:Enabled:glpro451
"C:\Program Files\Red Eclipse\bin\reclient.exe" = C:\Program Files\Red Eclipse\bin\reclient.exe:*:Enabled:reclient
"C:\Documents and Settings\Lisa Oakley\My Documents\Xonotic\xonotic.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\Xonotic\xonotic.exe:*:Enabled:DarkPlaces Game Engine
"C:\Program Files\Warsow 0.6\warsow_x86.exe" = C:\Program Files\Warsow 0.6\warsow_x86.exe:*:Enabled:Warsow
"C:\Documents and Settings\Lisa Oakley\My Documents\UrbanTerror\qtracker\qtracker.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\UrbanTerror\qtracker\qtracker.exe:*:Enabled:Qtracker
"C:\Documents and Settings\Lisa Oakley\My Documents\doom-chex\odamex\odamex.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\doom-chex\odamex\odamex.exe:*:Enabled:Odamex Client
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
"C:\Program Files\USArmy\America's Army 2\System\ArmyOps.exe" = C:\Program Files\USArmy\America's Army 2\System\ArmyOps.exe:*:Enabled:ArmyOps
"C:\Program Files\USArmy\America's Army 2\System\Server.exe" = C:\Program Files\USArmy\America's Army 2\System\Server.exe:*:Enabled:Server
"C:\Program Files\America's Army\System\ArmyOps.exe" = C:\Program Files\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps
"C:\Program Files\America's Army\System\Server.exe" = C:\Program Files\America's Army\System\Server.exe:*:Enabled:Server
"C:\UnrealTournament\System\UnrealTournament.exe" = C:\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament
"C:\UnrealGold\System\Unreal.exe" = C:\UnrealGold\System\Unreal.exe:*:Enabled:Unreal
"C:\Documents and Settings\Lisa Oakley\My Documents\megaman\skulltag.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\megaman\skulltag.exe:*:Enabled:Skulltag
"C:\Documents and Settings\Lisa Oakley\My Documents\dosbox\dosbox_release.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\dosbox\dosbox_release.exe:*:Enabled:DOSBox DOS Emulator
"C:\Documents and Settings\Lisa Oakley\My Documents\descent\d1x-rebirth-gl.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\descent\d1x-rebirth-gl.exe:*:Enabled:d1x-rebirth-gl
"C:\Documents and Settings\Lisa Oakley\My Documents\gang garrison 2\Gang Garrison 2.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\gang garrison 2\Gang Garrison 2.exe:*:Enabled:Gang Garrison 2
"C:\Program Files\DOSBox-0.74\DOSBox.exe" = C:\Program Files\DOSBox-0.74\DOSBox.exe:*:Enabled:DOSBox DOS Emulator
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe" = C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1_1.0c_1440x900.exe" = C:\Program Files\Microsoft Games\Age of Empires II\age2_x1_1.0c_1440x900.exe:*:Enabled:Age of Empires II Expansion
"C:\Program Files\Kali95\Kali.exe" = C:\Program Files\Kali95\Kali.exe:*:Enabled:Kali II (Ver 2.613)
"C:\Program Files\DOSBox-0.72\dosbox.exe" = C:\Program Files\DOSBox-0.72\dosbox.exe:*:Enabled:DOSBox DOS Emulator
"C:\Program Files\Pinnacle\Studio 15\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 15\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 15\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 15\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 15\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 15\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Documents and Settings\Lisa Oakley\My Documents\chex quest\chocolate-doom.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\chex quest\chocolate-doom.exe:*:Enabled:Chocolate Doom 1.6.0
"C:\Program Files\Steam\steamapps\danfun64\half-life 2 deathmatch\hl2.exe" = C:\Program Files\Steam\steamapps\danfun64\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2
"C:\Documents and Settings\Lisa Oakley\My Documents\SRB2\SRB2CB.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\SRB2\SRB2CB.exe:*:Enabled:SRB2 - Community Build
"C:\Documents and Settings\Lisa Oakley\My Documents\SRB2\srb2riders.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\SRB2\srb2riders.exe:*:Enabled:srb2riders
"C:\Documents and Settings\Lisa Oakley\My Documents\srb2\skulltag.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\srb2\skulltag.exe:*:Enabled:Skulltag
"C:\Documents and Settings\Lisa Oakley\My Documents\srb2\xsrb2.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\srb2\xsrb2.exe:*:Enabled:xsrb2
"C:\Documents and Settings\Lisa Oakley\My Documents\srb2\srb2win.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\srb2\srb2win.exe:*:Enabled:srb2win
"C:\Documents and Settings\Lisa Oakley\My Documents\srb2\sf94\srb2win.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\srb2\sf94\srb2win.exe:*:Enabled:srb2win
"C:\Documents and Settings\Lisa Oakley\My Documents\srb2\riders\srb2riders.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\srb2\riders\srb2riders.exe:*:Enabled:srb2riders
"C:\Documents and Settings\Lisa Oakley\My Documents\srb2\sf94\SRB2CB.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\srb2\sf94\SRB2CB.exe:*:Enabled:SRB2CB
"C:\Documents and Settings\Lisa Oakley\My Documents\Keygrip\Paintball2\quake2.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\Keygrip\Paintball2\quake2.exe:*:Enabled:Digital Paint: Paintball 2
"C:\Documents and Settings\Lisa Oakley\My Documents\qtracker noinstall\qtracker.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\qtracker noinstall\qtracker.exe:*:Enabled:Qtracker
"C:\Documents and Settings\Lisa Oakley\My Documents\UrbanTerror\ioUrTded.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\UrbanTerror\ioUrTded.exe:*:Enabled:ioUrTded
"C:\Documents and Settings\Lisa Oakley\My Documents\normandy\egl.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\normandy\egl.exe:*:Enabled:egl
"C:\Team17\Worms World Party\CutWorm\CutWorm.exe" = C:\Team17\Worms World Party\CutWorm\CutWorm.exe:*:Enabled:CutWorm
"C:\Program Files\Armagetron Advanced\armagetronad.exe" = C:\Program Files\Armagetron Advanced\armagetronad.exe:*:Enabled:armagetronad
"C:\Documents and Settings\Lisa Oakley\My Documents\Marathon Saga\Marathon (A1)\Marathon.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\Marathon Saga\Marathon (A1)\Marathon.exe:*:Enabled:Marathon (A1)
"C:\Program Files\Qtracker\qtracker.exe" = C:\Program Files\Qtracker\qtracker.exe:*:Enabled:Qtracker
"C:\Program Files\Tremulous\tremulous-gpp.exe" = C:\Program Files\Tremulous\tremulous-gpp.exe:*:Enabled:tremulous-gpp
"C:\Documents and Settings\Lisa Oakley\My Documents\chocolate doom\chocolate-doom.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\chocolate doom\chocolate-doom.exe:*:Enabled:Chocolate Doom 1.6.0
"C:\Documents and Settings\Lisa Oakley\My Documents\chex quest and chibi rebellion\chex quest\skulltag.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\chex quest and chibi rebellion\chex quest\skulltag.exe:*:Enabled:Skulltag
"C:\Documents and Settings\Lisa Oakley\My Documents\chibi rebellion and srb2\srb2 sf94\srb2win.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\chibi rebellion and srb2\srb2 sf94\srb2win.exe:*:Enabled:srb2win
"C:\Documents and Settings\Lisa Oakley\My Documents\chibi rebellion and srb2\srb2 vanilla\srb2win.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\chibi rebellion and srb2\srb2 vanilla\srb2win.exe:*:Enabled:srb2win
"C:\Documents and Settings\Lisa Oakley\My Documents\chibi rebellion and srb2\xsrb2 sf94\xsrb2.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\chibi rebellion and srb2\xsrb2 sf94\xsrb2.exe:*:Enabled:xsrb2
"C:\Documents and Settings\Lisa Oakley\My Documents\chibi rebellion and srb2\xsrb2\xsrb2.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\chibi rebellion and srb2\xsrb2\xsrb2.exe:*:Enabled:xsrb2
"C:\Documents and Settings\Lisa Oakley\My Documents\chibi rebellion and srb2\srb2 mansion\srb2win.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\chibi rebellion and srb2\srb2 mansion\srb2win.exe:*:Enabled:srb2win
"C:\Documents and Settings\Lisa Oakley\My Documents\chibi rebellion and srb2\srb2cb\SRB2CB.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\chibi rebellion and srb2\srb2cb\SRB2CB.exe:*:Enabled:SRB2 - Community Build
"C:\Program Files\LucasArts\Outlaws\olwin.exe" = C:\Program Files\LucasArts\Outlaws\olwin.exe:*:Enabled:Outlaws
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam
"C:\Program Files\Bsecure\InetCtrl.exe" = C:\Program Files\Bsecure\InetCtrl.exe:*:Enabled:CloudCare -- (Bsecure Technologies, Inc.)
"C:\Documents and Settings\Lisa Oakley\My Documents\srb2 kart\srb2kart.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\srb2 kart\srb2kart.exe:*:Enabled:srb2kart
"C:\Program Files\Java\jre7\bin\javaw.exe" = C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"C:\Documents and Settings\Lisa Oakley\My Documents\srb2\srb2cb\SRB2CB.exe" = C:\Documents and Settings\Lisa Oakley\My Documents\srb2\srb2cb\SRB2CB.exe:*:Enabled:SRB2 - Community Build


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E41365-84F3-4599-8F0F-6FAD653301A6}" = e-Sword
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series" = Canon MX410 series MP Drivers
"{1362E602-9625-42D3-B57F-CDA9D26F9DA8}" = Pinnacle Studio 15
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3456
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java(TM) 7 Update 2
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A0604C2-807A-11DB-8DF8-00508DD5B6B9}" = Microsoft Mike and Mary TTS Engines 5.1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{586BE0D1-6175-4F0F-A072-951CFE0D7AF6}" = NDS GBM GBA Movie Player(M3) Converter Crystal Ver1.21
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{67903736-E9BB-4664-B148-F62BCAB4FA42}_is1" = OpenMPT 1.19
"{6B3DA87F-FDB5-43C9-887D-72547C0C5EB5}" = LibreOffice 3.4 Help Pack (English)
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.50 (February 21st, 2012) version v2012.buil
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{EC6B304A-044A-46AE-B761-D1202720D93A}" = VOB2MPG v3
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F1161EC6-7CC1-4D9F-83F6-8839C17019C2}" = LibreOffice 3.4
"{FC030CB5-46A6-4229-AD6E-0AC869F509C8}" = Pinnacle Studio Bonus Content
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.22beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AnyToISO_is1" = AnyToISO
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AviSynth" = AviSynth 2.5
"Canon MX410 series User Registration" = Canon MX410 series User Registration
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"CloudCare" = CloudCare
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"Defraggler" = Defraggler
"DivXLand Media Subtitler" = DivXLand Media Subtitler
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"Fraps" = Fraps (remove only)
"HyperCam 2" = HyperCam 2
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InfraRecorder" = InfraRecorder
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"M3 GAME Manager" = M3 GAME Manager Uninstall
"MASH_is1" = MASH
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PPJoy Joystick Driver" = PPJoy Joystick Driver 0.8.4.5
"qt7lite_is1" = QT Lite 2.9.0
"RADVideo" = RAD Video Tools
"secretmaryo" = Secret Maryo Chronicles
"secretmaryo_music" = Secret Maryo Chronicles Music Pack
"sfArk" = sfArk
"Sound Club" = Sound Club
"Speakonia_is1" = Speakonia
"Speed Dial Utility" = Canon Speed Dial Utility
"synfigstudio" = Synfig Studio
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Universal Extractor_is1" = Universal Extractor 1.6.1
"Winamp" = Winamp
"WinCDEmu" = WinCDEmu
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-4
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wubi" = Xubuntu
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"yuls" = YULS -- YUVsoft's lossless video codec (Remove Only)
"ZMBV" = Zip Motion Block Video codec (Remove Only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-842925246-436374069-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Chromium" = Chromium
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/18/2012 5:01:22 PM | Computer Name = OAKLEY05 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 2/22/2012 3:16:26 PM | Computer Name = OAKLEY05 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 2/22/2012 8:03:13 PM | Computer Name = OAKLEY05 | Source = Application Hang | ID = 1002
Description = Hanging application mpc-hc.exe, version 1.5.2.3456, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/22/2012 8:03:48 PM | Computer Name = OAKLEY05 | Source = Application Hang | ID = 1002
Description = Hanging application mpc-hc.exe, version 1.5.2.3456, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/23/2012 3:26:27 PM | Computer Name = OAKLEY05 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/3/2012 4:11:42 PM | Computer Name = OAKLEY05 | Source = Application Error | ID = 1000
Description = Faulting application imagompeg-muxer.exe, version 1.0.1.0, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.

Error - 3/4/2012 7:03:38 PM | Computer Name = OAKLEY05 | Source = Application Error | ID = 1000
Description = Faulting application is-2ib26.tmp.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00eb4123.

Error - 3/5/2012 8:02:05 PM | Computer Name = OAKLEY05 | Source = Application Hang | ID = 1002
Description = Hanging application mpc-hc.exe, version 1.5.2.3456, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/8/2012 5:47:08 PM | Computer Name = OAKLEY05 | Source = Application Error | ID = 1000
Description = Faulting application mpc-hc.exe, version 1.5.2.3456, faulting module
mpc-hc.exe, version 1.5.2.3456, fault address 0x005d3234.

Error - 3/10/2012 12:06:17 PM | Computer Name = OAKLEY05 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

[ System Events ]
Error - 3/9/2012 2:01:56 AM | Computer Name = OAKLEY05 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f0102: Security Update for Windows XP Service Pack 3 (KB952069).

Error - 3/9/2012 2:01:58 AM | Computer Name = OAKLEY05 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f0102: Security Update for Windows Media Format Runtime 9, 9.5
& 11 for Windows XP SP3 (KB978695).

Error - 3/9/2012 3:28:24 PM | Computer Name = OAKLEY05 | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
15000 milliseconds: Restart the service.

Error - 3/9/2012 3:28:24 PM | Computer Name = OAKLEY05 | Source = Service Control Manager | ID = 7031
Description = The Bluetooth Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 3/9/2012 3:28:25 PM | Computer Name = OAKLEY05 | Source = Service Control Manager | ID = 7034
Description = The CloudCare service terminated unexpectedly. It has done this 1
time(s).

Error - 3/9/2012 3:28:26 PM | Computer Name = OAKLEY05 | Source = Service Control Manager | ID = 7034
Description = The CloudCare AntiVirus service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/9/2012 3:28:26 PM | Computer Name = OAKLEY05 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/9/2012 3:28:26 PM | Computer Name = OAKLEY05 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/10/2012 12:40:01 AM | Computer Name = OAKLEY05 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f0102: Security Update for Windows XP Service Pack 3 (KB952069).

Error - 3/10/2012 12:40:03 AM | Computer Name = OAKLEY05 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f0102: Security Update for Windows Media Format Runtime 9, 9.5
& 11 for Windows XP SP3 (KB978695).


< End of report >
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Sep 2014
Posts: 9979
Location: Yorkshire

PostPosted: Sat Mar 10, 2012 10:44 pm    Post subject: Reply with quote

OK, seems nothing really has been removed, so we'll need to start again .....

Download ComboFix from one of these locations and save it to your Desktop: (if you already have a copy of Combofix, delete it and use this version)

Link 1
Link 2

IMPORTANT !!! ComboFix.exe must be run from your Desktop


  • Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix. There are details for disabling many programmes here.

  • Double click on ComboFix.exe and follow the prompts.

  • As part of it's process, ComboFix will check to see if Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install Microsoft Windows Recovery Console.


**Please note: If Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you.

Please include this log in your next reply. ......... (it can also be found at C:\ComboFix.txt)

IMPORTANT

  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it.

If you have any problems with these instructions, a detailed Tutorial for how to use Combofix is available here.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Danfun64
Junior Member


Joined: 27 Jul 2010
Last Visit: 15 Apr 2013
Posts: 16

PostPosted: Sun Mar 11, 2012 10:42 am    Post subject: Reply with quote

results of log.txt

ComboFix 12-03-10.02 - Lisa Oakley 03/11/2012 14:24:36.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.626 [GMT -4:00]
Running from: c:\documents and settings\Lisa Oakley\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Lisa Oakley\WINDOWS
C:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-11 to 2012-03-11 )))))))))))))))))))))))))))))))
.
.
2012-03-05 18:50 . 2012-03-05 18:51 -------- d-----w- c:\program files\ERUNT
2012-02-29 23:03 . 2012-02-29 23:03 -------- d-----w- C:\temp
2012-02-25 18:21 . 2012-02-25 18:21 -------- d-----w- c:\documents and settings\Lisa Oakley\Synfig
2012-02-25 18:15 . 2012-02-25 18:16 -------- d-----w- c:\program files\Synfig
2012-02-16 22:43 . 2012-02-16 22:43 -------- d-----w- c:\documents and settings\Lisa Oakley\Local Settings\Application Data\wuaschtbrot
2012-02-10 22:21 . 2012-02-10 22:21 -------- d-----w- c:\program files\WinHTTrack
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 06:03 . 2011-08-29 14:57 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 19:39 . 2012-01-31 19:43 237568 ----a-w- c:\windows\system32\BtwRSupport.dll
2012-01-31 19:39 . 2012-01-31 19:42 93736 ----a-w- c:\windows\system32\drivers\btwsecfl.sys
2012-01-31 12:44 . 2010-02-02 17:11 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-12 16:53 . 2003-07-16 20:51 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-02 22:15 . 2012-01-02 22:15 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-01-02 22:06 . 2011-10-04 19:44 840264 ----a-w- c:\windows\system32\pbsvc.exe
2011-12-19 16:38 . 2011-12-19 16:39 141312 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-19 16:38 . 2011-12-19 16:39 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-19 16:38 . 2011-10-23 17:06 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-17 19:46 . 2003-07-16 20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2003-07-16 20:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2003-07-16 20:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-17 17:54 . 2011-09-01 17:41 47104 ----a-w- c:\windows\system32\KMVIDC32.DLL
2011-12-16 12:22 . 2009-08-11 15:25 385024 ----a-w- c:\windows\system32\html.iec
2012-02-18 15:50 . 2011-08-08 01:45 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 16:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 17:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 19:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 04:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"CloudCare"="c:\program files\Bsecure\BsecTray.exe" [2011-06-25 96040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-29 576104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI2"=timiditydrv.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\umi.exe"=
"c:\\Program Files\\Bsecure\\InetCtrl.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27960:UDP"= 27960:UDP:urban terror udp
"27960:TCP"= 27960:TCP:Urban terror tcp
.
R1 MpKsl29c69793;MpKsl29c69793;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8B659D41-5D23-4C31-8377-275CEEDB5753}\MpKsl29c69793.sys [3/11/2012 2:16 PM 29904]
R2 Bsecure;CloudCare;c:\program files\Bsecure\InetCtrl.exe [8/10/2011 10:16 PM 66344]
R2 BsecureAV;CloudCare AntiVirus;c:\program files\Bsecure\BsecAV.exe [8/10/2011 10:16 PM 161776]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [8/19/2011 2:07 PM 21992]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [12/5/2009 11:01 AM 135320]
R3 BSecACFltr;BSecACFltr;c:\windows\system32\drivers\BSecACFltr.sys [1/18/2012 10:20 PM 21624]
R3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\drivers\PPJoyBus.sys [11/3/2009 11:03 PM 15936]
R3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\drivers\PPortJoy.sys [11/3/2009 11:03 PM 31808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 ISLNDIS5;ISLNDIS5 Protocol Driver;\??\c:\docume~1\LISAOA~1\LOCALS~1\Temp\MSBNDO~1\ISLNDIS5.SYS --> c:\docume~1\LISAOA~1\LOCALS~1\Temp\MSBNDO~1\ISLNDIS5.SYS [?]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [11/4/2011 2:42 PM 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\DRIVERS\vsc.sys --> c:\windows\system32\DRIVERS\vsc.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\DRIVERS\WUSB54GSCV2.sys --> c:\windows\system32\DRIVERS\WUSB54GSCV2.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL29C69793
*Deregistered* - BsecureFilter
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=Z4xdm037YYus&ptb=87C8DAD9-9D98-400A-8C06-5A2EB89CFC48&si=XXXXXXXXXX
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: %ProgramFiles%\Bsecure\InetCtrl57.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Lisa Oakley\Application Data\Mozilla\Firefox\Profiles\ztcl7rcw.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.ixquick.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-Voobly - (no file)
MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-11 14:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-842925246-436374069-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E8590B3E-20D0-D8D0-3CFB-142BC6CC4049}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'lsass.exe'(736)
c:\program files\Bsecure\InetCtrl57.dll
.
Completion time: 2012-03-11 14:39:05
ComboFix-quarantined-files.txt 2012-03-11 18:39
.
Pre-Run: 16,170,876,928 bytes free
Post-Run: 16,422,379,520 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - DBDF6FC0059E939B22F38CBD18884713
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Sep 2014
Posts: 9979
Location: Yorkshire

PostPosted: Mon Mar 12, 2012 2:06 am    Post subject: Reply with quote


  • Click Start > Run type Notepad click OK.
  • This will open an empty Notepad file.
  • Copy/Paste the contents of the box below into Notepad.

Code:
Registry::
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=-
[HKU\S-1-5-21-842925246-436374069-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=-
[HKU\S-1-5-21-842925246-436374069-725345543-1005\[SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Voobly"=-
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c087642-4be8-11df-9d82-bb75fe3114b6}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12b162bd-280e-11e1-9eec-000f1f57cdbd}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{170a0c22-fc19-11e0-9e9d-000f1f57cdbd}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1db79530-49a5-11df-9d7e-aceeac55215f}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a6cc000-f81d-11e0-9e96-000f1f57cdbd}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{393fd8dc-9d8a-11df-9dde-e7ef8e258bc1}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3dc0e9ca-413e-11e1-9f10-000f1f57cdbd}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e6b2c2c-e5fd-11e0-9e7e-000f1f57cdbd}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42ad5eaa-d19d-11e0-9e63-000f1f57cdbd}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45bcddcf-e6b2-11e0-9e7f-000f1f57cdbd}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45f3800c-d49c-11e0-9e67-000f1f57cdbd}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75081fdd-39c0-11df-9d65-a7a0cb42c7e7}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b87d44c-d349-11e0-9e65-000f1f57cdbd}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d7d0cc6-10e1-11df-9d2c-d06a6bfb46e9}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ddba500-4a2b-11df-9d80-a6d525802ae5}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{822c7712-12ac-11df-9d2f-881aeaa2d6f0}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86169b70-d275-11e0-9e64-000f1f57cdbd}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a11d0f0-4cb1-11df-9d83-cfe0f9edcec6}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99357521-28b3-11e1-9eee-000f1f57cdbd}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bdf5702-c2a2-11df-9deb-af0ff51858cc}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bdf570b-c2a2-11df-9deb-c3dcb8120470}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa498b04-cf1d-11e0-9e55-000f1f57cdbd}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3a4824e-87e3-11e0-9e34-9e7277a67fc4}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b69dee5a-d0ff-11e0-9e60-000f1f57cdbd}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce4fbdbc-cfe6-11e0-9e56-000f1f57cdbd}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf149a8e-f9b2-11e0-9e9a-000f1f57cdbd}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d31e09ba-d0aa-11e0-9e5a-000f1f57cdbd}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f192614c-d016-11e0-9e58-000f1f57cdbd}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6423be0-4b10-11df-9d81-a99f9362871e}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe8092ce-d0ac-11e0-9e5b-000f1f57cdbd}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\]
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe"=-

File::
C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
C:\WINDOWS\System32\cpnprt2.cid

Folder::
C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
C:\Program Files\Coupons
C:\Documents and Settings\Lisa Oakley\Application Data\uTorrent
C:\Program Files\uTorrent


  • Click Format and ensure Wordwrap is unchecked.
  • Save as CFScript.txt to your Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe

Combofix will now process that file.

When finished, it will produce a log for you. Post that log in your next reply please. (it can also be found at C:\Combofix.txt)
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Danfun64
Junior Member


Joined: 27 Jul 2010
Last Visit: 15 Apr 2013
Posts: 16

PostPosted: Mon Mar 12, 2012 11:58 am    Post subject: Reply with quote

ComboFix 12-03-10.02 - Lisa Oakley 03/12/2012 15:38:37.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.640 [GMT -4:00]
Running from: c:\documents and settings\Lisa Oakley\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Lisa Oakley\My Documents\Downloads\cfscript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\program files\mozilla firefox\plugins\npCouponPrinter.dll"
"c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll"
"c:\windows\System32\cpnprt2.cid"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Lisa Oakley\Application Data\uTorrent
c:\documents and settings\Lisa Oakley\Application Data\uTorrent\apps\3609FC884502A1DF0AA5D9D160C827BB1BD51FC9.btapp
c:\documents and settings\Lisa Oakley\Application Data\uTorrent\apps\4585805A0BEAAAA6F570825EB241201C227B5E09.btapp
c:\documents and settings\Lisa Oakley\Application Data\uTorrent\apps\player.btapp
c:\documents and settings\Lisa Oakley\Application Data\uTorrent\apps\plus.btapp
c:\documents and settings\Lisa Oakley\Application Data\uTorrent\apps\welcome-upsell.btapp
c:\documents and settings\Lisa Oakley\Application Data\uTorrent\dht.dat
c:\documents and settings\Lisa Oakley\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Lisa Oakley\Application Data\uTorrent\dht_feed.dat
c:\documents and settings\Lisa Oakley\Application Data\uTorrent\dht_feed.dat.old
c:\documents and settings\Lisa Oakley\Application Data\uTorrent\dlimagecache\10E6FBE4D921B475FA5FEC6E9A535A540D6FEED1
c:\documents and settings\Lisa Oakley\Application Data\uTorrent\dlimagecache\2D78C93EC367E6C1D9894103FA04B3BE5B20A84E
c:\documents and settings\Lisa Oakley\Application Data\uTorrent\dlimagecache\32F529521A3DEC709F97F761F192AABF29BDC408
c:\documents and settings\Lisa Oakley\Application Data\uTorrent\dlimagecache\BBEEC0395D21A2A7F91889D7C7509F3D5D46FC05
c:\documents and settings\Lisa Oakley\Application Data\uTorrent\ie\ie.1314279005.tmp
c:\documents and settings\Lisa Oakley\Application Data\uTorrent\ie\ie.1314279299.tmp
c:\documents and settings\Lisa Oakley\Application Data\uTorrent\Outlaws.torrent
c:\documents and settings\Lisa Oakley\Application Data\uTorrent\resume.dat
c:\documents and settings\Lisa Oakley\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Lisa Oakley\Application Data\uTorrent\rss.dat
c:\documents and settings\Lisa Oakley\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Lisa Oakley\Application Data\uTorrent\settings.dat
c:\documents and settings\Lisa Oakley\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Lisa Oakley\Application Data\uTorrent\Star Wars Ultimate Soundtrack Collection.1.torrent
c:\documents and settings\Lisa Oakley\Application Data\uTorrent\Star Wars Ultimate Soundtrack Collection.2.torrent
c:\documents and settings\Lisa Oakley\Application Data\uTorrent\Star Wars Ultimate Soundtrack Collection.torrent
c:\documents and settings\Lisa Oakley\Application Data\uTorrent\TribesNext.torrent
c:\documents and settings\Lisa Oakley\Application Data\uTorrent\utorrent.lng
c:\documents and settings\Lisa Oakley\Application Data\uTorrent\X-WING VS TIE FIGHTER AND THE BALANCE OF POWER.torrent
C:\Documents
c:\windows\iun6002.exe
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-12 to 2012-03-12 )))))))))))))))))))))))))))))))
.
.
2012-03-11 19:00 . 2012-03-11 19:02 -------- d-----w- c:\program files\eMule
2012-03-11 18:43 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{02A34CD1-C5E0-4BA3-B405-66951D703B04}\mpengine.dll
2012-03-10 21:17 . 2012-03-10 21:18 -------- d-----w- c:\program files\Neverball
2012-03-06 19:18 . 2012-03-06 19:18 -------- d-----w- C:\_OTL
2012-03-05 18:50 . 2012-03-05 18:51 -------- d-----w- c:\program files\ERUNT
2012-02-29 23:03 . 2012-02-29 23:03 -------- d-----w- C:\temp
2012-02-25 18:21 . 2012-02-25 18:21 -------- d-----w- c:\documents and settings\Lisa Oakley\Synfig
2012-02-25 18:15 . 2012-02-25 18:16 -------- d-----w- c:\program files\Synfig
2012-02-16 22:43 . 2012-02-16 22:43 -------- d-----w- c:\documents and settings\Lisa Oakley\Local Settings\Application Data\wuaschtbrot
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 06:03 . 2011-08-29 14:57 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 19:39 . 2012-01-31 19:43 237568 ----a-w- c:\windows\system32\BtwRSupport.dll
2012-01-31 19:39 . 2012-01-31 19:42 93736 ----a-w- c:\windows\system32\drivers\btwsecfl.sys
2012-01-31 12:44 . 2010-02-02 17:11 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-12 16:53 . 2003-07-16 20:51 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-02 22:15 . 2012-01-02 22:15 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-01-02 22:06 . 2011-10-04 19:44 840264 ----a-w- c:\windows\system32\pbsvc.exe
2011-12-19 16:38 . 2011-12-19 16:39 141312 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-19 16:38 . 2011-12-19 16:39 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-19 16:38 . 2011-10-23 17:06 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-17 19:46 . 2003-07-16 20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2003-07-16 20:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2003-07-16 20:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-17 17:54 . 2011-09-01 17:41 47104 ----a-w- c:\windows\system32\KMVIDC32.DLL
2011-12-16 12:22 . 2009-08-11 15:25 385024 ----a-w- c:\windows\system32\html.iec
2012-02-18 15:50 . 2011-08-08 01:45 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 16:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 17:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 19:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 04:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"CloudCare"="c:\program files\Bsecure\BsecTray.exe" [2011-06-25 96040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-29 576104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI2"=timiditydrv.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\umi.exe"=
"c:\\Program Files\\Bsecure\\InetCtrl.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Documents and Settings\\Lisa Oakley\\My Documents\\Laser Arena\\LA_GL.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27960:UDP"= 27960:UDP:urban terror udp
"27960:TCP"= 27960:TCP:Urban terror tcp
.
R2 Bsecure;CloudCare;c:\program files\Bsecure\InetCtrl.exe [8/10/2011 10:16 PM 66344]
R2 BsecureAV;CloudCare AntiVirus;c:\program files\Bsecure\BsecAV.exe [8/10/2011 10:16 PM 161776]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [8/19/2011 2:07 PM 21992]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [12/5/2009 11:01 AM 135320]
R3 BSecACFltr;BSecACFltr;c:\windows\system32\drivers\BSecACFltr.sys [1/18/2012 10:20 PM 21624]
R3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\drivers\PPJoyBus.sys [11/3/2009 11:03 PM 15936]
R3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\drivers\PPortJoy.sys [11/3/2009 11:03 PM 31808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 ISLNDIS5;ISLNDIS5 Protocol Driver;\??\c:\docume~1\LISAOA~1\LOCALS~1\Temp\MSBNDO~1\ISLNDIS5.SYS --> c:\docume~1\LISAOA~1\LOCALS~1\Temp\MSBNDO~1\ISLNDIS5.SYS [?]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [11/4/2011 2:42 PM 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\DRIVERS\vsc.sys --> c:\windows\system32\DRIVERS\vsc.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\DRIVERS\WUSB54GSCV2.sys --> c:\windows\system32\DRIVERS\WUSB54GSCV2.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BsecureFilter
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=Z4xdm037YYus&ptb=87C8DAD9-9D98-400A-8C06-5A2EB89CFC48&si=XXXXXXXXXX
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: %ProgramFiles%\Bsecure\InetCtrl57.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Lisa Oakley\Application Data\Mozilla\Firefox\Profiles\ztcl7rcw.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.ixquick.com/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-12 15:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-842925246-436374069-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E8590B3E-20D0-D8D0-3CFB-142BC6CC4049}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'lsass.exe'(736)
c:\program files\Bsecure\InetCtrl57.dll
.
Completion time: 2012-03-12 15:56:08
ComboFix-quarantined-files.txt 2012-03-12 19:56
ComboFix2.txt 2012-03-11 18:39
.
Pre-Run: 16,158,613,504 bytes free
Post-Run: 16,167,542,784 bytes free
.
- - End Of File - - 27DA97A8B706CF3D63DD811D3DA718C1
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Sep 2014
Posts: 9979
Location: Yorkshire

PostPosted: Mon Mar 12, 2012 3:10 pm    Post subject: Reply with quote

Please go to Control panel > Programs > Uninstall a program and uninstall eMule

There's no point in uninstalling uTorrent if your're then going to go out and install another P2P program ..... use of any P2P programs is a severe security risk to your computer.

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go HERE then click on:

Quote:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.


  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:



    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: (Selecting Uninstall application on close if you so wish)


Please let me know how your computer is running now.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 22 Sep 2014
Posts: 9979
Location: Yorkshire

PostPosted: Wed Mar 14, 2012 10:52 pm    Post subject: Reply with quote

Quote:
Due to lack of response this topic is now closed.

If you still need help you must open a new thread in the Help with Spyware Removal forum, post a new log, and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

Gary R

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group