Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chinese Website Redirections, Suspicious activity on (D:) & inability to Windows Update


  • This topic is locked This topic is locked
15 replies to this topic

#1 drlxy

drlxy

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 05 April 2010 - 07:10 AM

As my title suggests:

"Chinese Website Redirections, Suspicious activity on (D:) & inability to Windows Update"

- I am redirected to hxxp://www.6313.com/ when I open browsers.
- I have a shorcut on my desktop directing me to hxxp://taobao.love08.com/
- I am repeatedly receiving errors from Avira about a suspicious 'autorun' on my (D:) drive [this is a 15gig recovery partition I think].
- My computer is unable to update Windows.

I am lost - I have used CCcleaner, Spybot, Windows Defender and Avira to scan, but the only naughty things they found were in a program called Holdem Manager which is very famous and well respected statistic-tracker than almost all online Poker players use religiously, so I ignore these warnings. Perhaps this was naive of me?

The strange Chinese website problem is about 1 or 2 weeks old. I have been living in China for 6 months so I'm guessing there is a link. Any help in solving my problems would be greatly appreciated.

(By the way, GMER wouldn't give me all the scanning options that were available on the screenshots in the tutorial.)

Kind regards,

drlxy


DDS (Ver_10-03-17.01) - NTFSX64
Run by DrLexy at 19:00:01.61 on 05/04/2010
Internet Explorer: 8.0.6001.18865
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.44.1033.18.4090.2527 [GMT 8:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\DrLexy\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Ivacy Monitor\IvacyMonitor.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\DrLexy\Downloads\dds.scr
C:\Windows\SysWOW64\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.6313.com/
mStart Page = hxxp://www.6313.com/
mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: msiebr Class: {6b844b04-34cb-4430-a3c3-9ad5f16a1b49} - c:\windows\syswow64\vcredist.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Octoshape Streaming Services] "c:\users\drlexy\appdata\roaming\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [SightSpeed] "c:\program files (x86)\dell video chat\DellVideoChat.exe" -bootmode
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Microsoft Default Manager] "c:\program files (x86)\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "c:\program files (x86)\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [DellSupportCenter] "c:\program files (x86)\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\drlexy\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files (x86)\pokerstars\PokerStarsUpdate.exe
IE: {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - c:\microgaming\poker\ladbrokesmpp\MPPoker.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
TCP: {C685EE91-0787-4F46-B9F0-A3A1114C4FA0} = 1.254.3.2 1.254.3.3
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\hotspot shield\hssie\HssIE_64.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [Apoint] c:\program files\delltpad\Apoint.exe
mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

================= FIREFOX ===================

FF - ProfilePath - c:\users\drlexy\appdata\roaming\mozilla\firefox\profiles\zcwqsfdi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\users\drlexy\appdata\roaming\mozilla\firefox\profiles\zcwqsfdi.default\extensions\{e173b749-db5b-4fd2-ba0e-94ecea0ca55b}\components\npAFOM.dll
FF - component: c:\users\drlexy\appdata\roaming\mozilla\firefox\profiles\zcwqsfdi.default\extensions\ivacyproxy@ivacy.com\components\IvacyProxy.dll
FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\drlexy\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\drlexy\appdata\roaming\mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-8-19 55024]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_15f4e438\AESTSr64.exe [2009-8-20 89600]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2009-10-4 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files (x86)\avira\antivir desktop\avguard.exe [2009-10-4 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-4 81072]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2009-10-10 1153368]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\dell datasafe local backup\SftService.exe [2009-8-19 636144]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-8-19 36392]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-8-19 172032]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-8-20 59392]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2009-8-20 239104]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw5v64.sys [2009-8-20 4735488]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-6 159840]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-9 319840]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2009-8-31 1038088]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files (x86)\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-21 19968]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*
regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2010-04-03 13:29:34 0 d-----w- c:\program files (x86)\Winamp Detect
2010-04-03 11:04:29 0 d-----w- c:\users\drlexy\appdata\roaming\Bioshock2
2010-04-01 23:40:37 645484014 ----a-w- c:\windows\MEMORY.DMP
2010-03-30 17:34:43 0 d-----w- c:\users\drlexy\appdata\roaming\IObit
2010-03-30 17:34:43 0 d-----w- c:\program files (x86)\IObit
2010-03-27 15:19:00 4240384 ----a-w- c:\windows\syswow64\GameUXLegacyGDFs.dll
2010-03-27 15:19:00 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-03-27 15:19:00 28672 ----a-w- c:\windows\syswow64\Apphlpdm.dll
2010-03-27 15:19:00 1927680 ----a-w- c:\windows\system32\gameux.dll
2010-03-27 15:19:00 1696256 ----a-w- c:\windows\syswow64\gameux.dll
2010-03-27 15:18:59 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-03-26 15:12:57 0 d-----w- c:\program files (x86)\Free Download Manager
2010-03-26 14:40:01 0 d-----w- c:\programdata\2DBoy
2010-03-26 14:38:34 0 d-----w- c:\program files (x86)\WorldOfGoo
2010-03-25 05:40:22 0 d-----w- c:\users\drlexy\appdata\roaming\Avira
2010-03-24 09:36:18 0 d--h--w- c:\windows\syswow64\FD0D90
2010-03-24 09:36:18 0 d--h--w- c:\windows\syswow64\391573
2010-03-19 04:14:06 0 d-sh--w- c:\windows\ftpcache
2010-03-17 10:11:36 0 d-----w- c:\users\drlexy\appdata\roaming\Facebook

==================== Find3M ====================

2010-04-05 08:46:52 2140 ----a-w- c:\windows\bthservsdp.dat
2010-04-05 06:19:32 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-05 06:19:32 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-05 06:19:32 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-04-05 06:13:43 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-04-04 04:32:12 215160 ----a-w- c:\windows\syswow64\PnkBstrB.exe
2010-04-03 10:49:35 1803 ----a-w- c:\program files (x86)\Internet Explorer.lnk
2010-02-24 02:16:06 212864 ------w- c:\windows\system32\MpSigStub.exe
2010-02-16 05:24:00 81072 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-08-19 14:51:00 75 --sh--r- c:\windows\CT4CET.bin
2009-10-30 07:18:28 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-12-22 05:23:52 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-08-19 23:41:27 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 19:02:02.03 ===============

Attached Files


Edited by elise025, 05 April 2010 - 07:42 AM.
Deactivated links ~ Elise


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:12 PM

Posted 08 April 2010 - 01:41 PM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 drlxy

drlxy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 10 April 2010 - 04:01 AM

I seriously appreciate your reply - it is very kind of you to help me out! The hijack of my browsers got really bad at one point - I couldn't use the address bar at all.
I still have strange autorun things going on in my Recovery Partition, browser redirections and the inability to update Windows, so hopefully you will be able to find some evidence of this in the logs provided:

OTL Extras logfile created on: 10/04/2010 16:09:30 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\DrLexy\Documents\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.58 Gb Total Space | 203.49 Gb Free Space | 45.16% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 5.81 Gb Free Space | 38.71% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DRLEXY-PC
Current User Name: DrLexy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 93 5B 9E CE 00 8D CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Free Music Zilla\FMZilla.exe" = C:\Program Files (x86)\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla -- ()
"C:\Program Files (x86)\Free Music Zilla\FMZilla.exe" = C:\Program Files (x86)\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04F9DF41-EA77-492C-AE0A-548EA9F9C547}" = lport=443 | protocol=17 | dir=in | name=skype3 |
"{15CA76DA-B7E1-455A-981D-7D9E4E7F25E6}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{30CB89AF-6C57-4555-9339-0822F2FEAA6B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{35901820-A2EC-454B-A2BD-621EFC39232C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{394F123F-9C7E-424E-B189-79CD250A1AFA}" = lport=14453 | protocol=6 | dir=in | name=skype2 |
"{3AC5932C-0702-4D70-AC5F-96629E390F9B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{53CE408C-A952-4FC2-9391-55930B931312}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6ACCC44C-B212-47C7-BAEB-17A5526AD9AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{79C724A0-4661-4393-B1B6-C03D9E70CEC7}" = lport=80 | protocol=17 | dir=in | name=skype1 |
"{802FF744-3DC9-4CD6-B1B2-1623BCCE549C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8CFD64BA-A5F2-4BB1-8ABC-B270F94AE57D}" = lport=5432 | protocol=6 | dir=in | name=postgres |
"{9E0786EA-67FA-499A-96EA-AD61FE004558}" = lport=443 | protocol=6 | dir=in | name=skype4 |
"{9E76FCB6-EF8C-467A-8BD6-5A7BC7D70E6E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B1B5DB7D-487A-454E-9D08-47591D76455D}" = lport=14453 | protocol=17 | dir=in | name=skype2 |
"{B4106F68-384C-4D74-99AF-B9F4FF72B688}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C7D93FDA-34B1-4625-9868-F0CBB4B41B95}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E4C7194C-4887-4E13-94D9-6C553B880EAD}" = lport=38925 | protocol=6 | dir=in | name=uttorent tcp |
"{E96C5577-24DC-48B6-BE27-4CECE8C9BE19}" = lport=80 | protocol=6 | dir=in | name=skype3 |
"{EC26F203-3142-4EEA-ACC7-0E170380B5F4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EDC42971-A289-44EA-98A0-EF76CDA43912}" = lport=38925 | protocol=17 | dir=in | name=utorrentudp |
"{EDE5BC23-6566-4B36-A5E7-232F98CE4F44}" = lport=6112 | protocol=6 | dir=in | name=blizzard downloader 2 |
"{FBE03EAF-7644-44BB-9756-BBADBAB3ED23}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04504457-7A7A-4A06-9C72-ECF4A44CA13F}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{07FF859E-51CC-41AC-9B82-44600F9E9F58}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{0A583243-7196-4B43-A02B-8983A60C1DC1}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{0D1818DA-B8EA-43F0-8D8C-63E86A9FDBDD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1F078BAE-A010-4A35-A43E-0498FA99FF8C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{20D5B2D1-C18C-4CCC-9DBB-5A7347EF8835}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{22B4B7A9-5EA9-4E59-9958-9D7F7F05B150}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{239A670F-F73E-4986-A628-00832B716EE8}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\streetfighteriv\streetfighteriv.exe |
"{242F8741-BA14-447E-9C24-A0E133C49129}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\streetfighteriv\streetfighteriv.exe |
"{2AB210A6-68C1-4544-BA02-73C7F1EA4E46}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2BEFF51B-45E3-4285-98AE-AB725E5EBF69}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2E83F2A7-B113-486F-990B-4B0D65ADB93B}" = protocol=6 | dir=in | app=c:\program files (x86)\anki\anki.exe |
"{36691BE4-4D6E-45C0-83F3-3F73081DE165}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{3690B632-3851-4315-88CA-CBC37B606BDA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hammerfight - demo\hammerfight.exe |
"{37E21686-A687-4510-BEC0-0E624017D2A1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{38F6A67C-E2B8-48CA-8B31-FE1B9FE4B2AD}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{42DEFC30-131C-4A95-B80B-2CDE785DA96E}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{443907A2-EE44-4A65-8118-F079489BCD7A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{451C34DE-A29A-4A84-9EFE-FC294F912BE9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4A7932F7-E733-4E4F-89BD-084C9A7FAA25}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{51A2B852-6EA9-4BAC-85D2-30F924F54C32}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5EA8FB06-C4A1-4E75-9AAE-980D938E642B}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{5F427B70-CB3C-4EE8-AD6C-35752951B6D5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5FA3CCD4-ED71-454B-A30A-B461098B8168}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60F68519-733C-4BBE-830D-94B6552389DE}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{62B55CFD-DBBB-48E4-BD7D-B93BCFFD5A97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{66F3CFDE-C980-41FA-8FDE-2CFFCD0698BE}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{67F4912C-EA02-4EC9-9931-0526FF9212E2}" = protocol=17 | dir=in | app=c:\users\drlexy\desktop\rapget\rapget.exe |
"{698E9D0B-FF33-4A6C-828B-DE565078FC04}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{6AA71628-6061-4CFB-997E-2B8AA8C62BA8}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{6B8C86EE-A3E9-46EF-8FE7-6FA5A71A8350}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
"{6D276272-34F9-4BAE-BF7D-8A134912370E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7160E485-0D4D-4412-933A-E3C00EFDCE78}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe |
"{768448C8-35C9-4359-8634-D3492709A653}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{770DE08B-0BBA-46B8-B63B-778AA9821206}" = protocol=6 | dir=in | app=c:\program files (x86)\red alert 3\ra3.exe |
"{7C92EAE7-4B76-485E-9EEA-D7A9BB664877}" = protocol=17 | dir=in | app=c:\program files (x86)\red alert 3\ra3.exe |
"{8092460C-BBAC-4501-96CA-BAD685988EF5}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{8A4427EC-1F4E-4B3A-A3C7-04B7D9E5203A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{91735B62-7518-4D7C-84DF-9F0A5CEBF18E}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{9A9D4CA8-4312-4362-A4E2-C106E6A44FAF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9C04F2D8-69D1-4B7C-912C-FEFA67EA4BFB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9C5938D5-E5A0-4900-BADF-0EF7A438870A}" = protocol=6 | dir=out | app=system |
"{9D02D6B2-51AF-4032-B509-4E25A0BF62FF}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9DBC881F-2F4E-4DA5-A4FA-5E6BC9C10E18}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A2A7D254-1B12-440E-85B6-9F93F532C370}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{A6E01B77-8514-4549-BE68-922A41608CF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AA3382F3-22A2-482A-9D7E-F325E921B893}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{ACC453DF-981A-4846-8894-D975B1C5344D}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{B5463AB6-6537-48A2-B1E8-47D3441AC833}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{BCF8C2AD-2737-43FB-B93B-DA23E521951F}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{BD2A4BA8-F4AF-4DE6-B63E-7E3C64E6F94D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C049E248-BD27-4534-A2ED-9055A2F28427}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{C92081C6-C95A-4B54-A73E-370744398980}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\help.htm |
"{C9EE4EEE-FB71-4D58-B130-4FF22735E5C6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C9FBC629-7E7B-4071-BEFC-6139A879856B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CC3F8B6A-16FD-419E-9CA1-520D3E32B8BF}" = protocol=17 | dir=in | app=c:\program files (x86)\anki\anki.exe |
"{D06310C0-157A-4DDB-B464-AEA571EE71A9}" = protocol=6 | dir=in | app=c:\users\drlexy\desktop\rapget\rapget.exe |
"{D13B6637-8E91-418A-A7F2-9B1FC2047019}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D9FC4098-E69D-4219-98FF-9C0AA7611C2C}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{DB7A255A-7705-4615-AC2F-7512F58A7038}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{DB8B4DD7-5D8D-4548-9813-D9E122DDE4E4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DD317F24-EF1B-4465-A24D-814472467FA1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
"{E03E57C0-9A4F-4969-92AD-C1FFF308F549}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-engb-downloader.exe |
"{EE7742C7-62E3-4784-878A-19CA4079ED65}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-engb-downloader.exe |
"{EEA230A9-669B-4F10-B34E-7089B969DA02}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\help.htm |
"{F1A8AFFF-355D-4065-97B6-A9227ED116FD}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe |
"{F2F01347-BC44-4DDC-AA10-045A1AA7A083}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F9957B98-9C8A-4C4C-AAC2-7EA9E81B0114}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hammerfight - demo\hammerfight.exe |
"TCP Query User{029FBFE8-51BF-439A-9846-65905A87FE99}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{07332077-F2BD-40AE-8D5C-52DA69AE3A5B}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{14F2AED9-7E70-44AB-95E2-709FE8CF0167}C:\program files (x86)\b2bpoker\noiqpoker\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\b2bpoker\noiqpoker\jre\bin\javaw.exe |
"TCP Query User{16D59F5C-F2F9-40DC-BFBA-94E695F9FDD9}D:\program files (x86)\puff\puff.exe" = protocol=6 | dir=in | app=d:\program files (x86)\puff\puff.exe |
"TCP Query User{35BBC840-2E30-412C-B568-802136D17E79}C:\users\drlexy\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\drlexy\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{38EEFB29-BDEC-4D32-89FE-E6BE2AE6FB9C}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{391610C1-D163-4F39-8822-5D8A34EAAE89}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{448E3500-AB48-4B14-B05D-8920343B2279}C:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
"TCP Query User{4F777051-4343-4D44-AEB1-FF0D7B6B1C8B}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{5B775316-454A-45E2-A3FF-12219311978D}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"TCP Query User{61504CF1-62C8-4C36-AA4A-D401B61756E4}C:\program files (x86)\starcraft ii beta\versions\base13891\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base13891\sc2.exe |
"TCP Query User{62844955-72B4-4090-B15B-7536BFE322AF}D:\program files (x86)\puff\puff.exe" = protocol=6 | dir=in | app=d:\program files (x86)\puff\puff.exe |
"TCP Query User{67FA7006-F516-464E-BC9A-6DD920093B3C}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.12.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.12.game |
"TCP Query User{6F5C6C75-AA80-4F9F-8B38-79A0D0DCFD6F}C:\users\drlexy\desktop\games\aliens vs depredador\avp.exe" = protocol=6 | dir=in | app=c:\users\drlexy\desktop\games\aliens vs depredador\avp.exe |
"TCP Query User{79BE5F68-AFB6-4621-BC59-5A7DDD16526A}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{7B0ADD1B-2805-4B18-BECA-AB3917DAC95F}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{862BD8D4-64BF-4F15-8CF4-4584DC4F6635}C:\users\drlexy\desktop\red alert 2\game\ra2_yrevengeportable\ra2_yrevengeportable\game.exe" = protocol=6 | dir=in | app=c:\users\drlexy\desktop\red alert 2\game\ra2_yrevengeportable\ra2_yrevengeportable\game.exe |
"TCP Query User{A658F401-1260-4A85-8B9B-5D63DC3E3145}C:\program files (x86)\aliens vs depredador\avp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aliens vs depredador\avp.exe |
"TCP Query User{A92D0126-2030-402D-87C7-A07B6B4F336B}C:\users\drlexy\desktop\red alert 2\game\ra2_yrevengeportable\ra2_yrevengeportable\game.exe" = protocol=6 | dir=in | app=c:\users\drlexy\desktop\red alert 2\game\ra2_yrevengeportable\ra2_yrevengeportable\game.exe |
"TCP Query User{B698F859-6EDF-4D9A-AB64-00EA0B469BE7}C:\users\drlexy\desktop\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\drlexy\desktop\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{C41D3197-646F-4A67-9326-6E2B4F0B84E3}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{C82434C4-7A2D-451F-AB5A-71EAE3BD53DD}C:\users\drlexy\desktop\aomwithexpansion\stubs\19dba818ce414c7b422a0755cfdec32ab8937d8\aomx.exe" = protocol=6 | dir=in | app=c:\users\drlexy\desktop\aomwithexpansion\stubs\19dba818ce414c7b422a0755cfdec32ab8937d8\aomx.exe |
"TCP Query User{CEFFE588-46FE-4955-B11C-84EC6295531A}C:\users\drlexy\desktop\cc-tiberian sun\tiberian sun\game.exe" = protocol=6 | dir=in | app=c:\users\drlexy\desktop\cc-tiberian sun\tiberian sun\game.exe |
"TCP Query User{D6984B73-8841-4457-8A62-4B966FA73FD7}C:\users\drlexy\desktop\aomwithexpansion\stubs\cb8419b27cd3ef1e14bbc97fb12b7bde6d389c3\aom.exe" = protocol=6 | dir=in | app=c:\users\drlexy\desktop\aomwithexpansion\stubs\cb8419b27cd3ef1e14bbc97fb12b7bde6d389c3\aom.exe |
"TCP Query User{D7CDDF98-A9E5-4C6F-8D6F-20FD6D5E658C}C:\program files (x86)\free music zilla\fmzilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\free music zilla\fmzilla.exe |
"TCP Query User{DA244F8C-1719-4610-93BA-1D244E896253}C:\users\drlexy\desktop\games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\drlexy\desktop\games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{DAF50812-059B-48AA-B944-A6BC80D228D1}C:\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\age of empires ii\empires2.exe |
"TCP Query User{DC2DEB35-C083-4B9A-8835-21ABA3E0CF9F}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{E3761685-0DDA-47F9-B9AD-AD0E7FEDF11E}C:\users\drlexy\desktop\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\drlexy\desktop\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{E910EA85-9D82-446C-99DD-E0AAE9913412}C:\users\drlexy\desktop\games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\drlexy\desktop\games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{EBF52473-E262-4C4D-9FFC-D441E8C664B7}C:\program files (x86)\free music zilla\fmzilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\free music zilla\fmzilla.exe |
"TCP Query User{EF1DE393-64E4-4348-AE6F-FF9722F7911D}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{F9935B5E-0D1C-44FA-BA76-39D8165D60ED}C:\users\drlexy\desktop\games\cc-tiberian sun\tiberian sun\game.exe" = protocol=6 | dir=in | app=c:\users\drlexy\desktop\games\cc-tiberian sun\tiberian sun\game.exe |
"TCP Query User{FA0A7F2F-A235-4D7D-AA38-4A3F059B8002}C:\users\drlexy\desktop\aomwithexpansion\stubs\19dba818ce414c7b422a0755cfdec32ab8937d8\aomx.exe" = protocol=6 | dir=in | app=c:\users\drlexy\desktop\aomwithexpansion\stubs\19dba818ce414c7b422a0755cfdec32ab8937d8\aomx.exe |
"TCP Query User{FE5AF4E6-D6DE-406F-B0B4-FDD8E5A2B96A}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{07F5FB6A-2A16-465C-920A-0F57985EC10A}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{0BAFC01D-FCF7-4884-B5E8-0FC15A56DCAE}C:\program files (x86)\b2bpoker\noiqpoker\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\b2bpoker\noiqpoker\jre\bin\javaw.exe |
"UDP Query User{1AB7EB1F-AD67-40F4-B4BB-59E7157AAC97}D:\program files (x86)\puff\puff.exe" = protocol=17 | dir=in | app=d:\program files (x86)\puff\puff.exe |
"UDP Query User{221DE915-D01D-450E-9570-D3DE21AFB86E}C:\users\drlexy\desktop\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\drlexy\desktop\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{263C0766-1F5D-48A7-A979-F1E24AFEBDD5}C:\users\drlexy\desktop\cc-tiberian sun\tiberian sun\game.exe" = protocol=17 | dir=in | app=c:\users\drlexy\desktop\cc-tiberian sun\tiberian sun\game.exe |
"UDP Query User{2A82416C-9273-4C74-9C85-4E0A86BF44D4}C:\users\drlexy\desktop\aomwithexpansion\stubs\cb8419b27cd3ef1e14bbc97fb12b7bde6d389c3\aom.exe" = protocol=17 | dir=in | app=c:\users\drlexy\desktop\aomwithexpansion\stubs\cb8419b27cd3ef1e14bbc97fb12b7bde6d389c3\aom.exe |
"UDP Query User{2DE8C987-3D72-4702-AE28-50C3B3E5952A}C:\program files (x86)\aliens vs depredador\avp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aliens vs depredador\avp.exe |
"UDP Query User{3310CAB0-95FB-4966-816F-7B3C36B74A3C}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"UDP Query User{33F903F2-A654-4108-A67F-58F3A0E8E64E}C:\users\drlexy\desktop\games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\drlexy\desktop\games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{399C3A6B-AAFD-494D-BFFA-2C17C69E61B7}C:\users\drlexy\desktop\aomwithexpansion\stubs\19dba818ce414c7b422a0755cfdec32ab8937d8\aomx.exe" = protocol=17 | dir=in | app=c:\users\drlexy\desktop\aomwithexpansion\stubs\19dba818ce414c7b422a0755cfdec32ab8937d8\aomx.exe |
"UDP Query User{39EB45BF-53E0-4B40-B27B-2946618A80E5}C:\users\drlexy\desktop\aomwithexpansion\stubs\19dba818ce414c7b422a0755cfdec32ab8937d8\aomx.exe" = protocol=17 | dir=in | app=c:\users\drlexy\desktop\aomwithexpansion\stubs\19dba818ce414c7b422a0755cfdec32ab8937d8\aomx.exe |
"UDP Query User{3A2F1D53-A0A6-461D-84F6-BF2A20AA64E4}C:\users\drlexy\desktop\games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\drlexy\desktop\games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{3CA56D14-7376-4555-A862-573865ADC437}C:\users\drlexy\desktop\games\aliens vs depredador\avp.exe" = protocol=17 | dir=in | app=c:\users\drlexy\desktop\games\aliens vs depredador\avp.exe |
"UDP Query User{4615F2C2-6995-41A7-A20A-B223C98B8A3F}D:\program files (x86)\puff\puff.exe" = protocol=17 | dir=in | app=d:\program files (x86)\puff\puff.exe |
"UDP Query User{500FB715-60BB-4B0C-AE5D-F382DA133FD6}C:\users\drlexy\desktop\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\drlexy\desktop\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{5473C7A5-5B05-40A7-AF93-4136F7768DB5}C:\users\drlexy\desktop\red alert 2\game\ra2_yrevengeportable\ra2_yrevengeportable\game.exe" = protocol=17 | dir=in | app=c:\users\drlexy\desktop\red alert 2\game\ra2_yrevengeportable\ra2_yrevengeportable\game.exe |
"UDP Query User{55274D51-DADA-4581-985D-1FB0FC8779E0}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{5ACCD2C0-BBEF-42C1-9A1D-943FA22A81B4}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{631D0DD7-3622-4838-B925-4C281F7D353B}C:\program files (x86)\free music zilla\fmzilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\free music zilla\fmzilla.exe |
"UDP Query User{7E7FFBC7-D3B9-4BF3-950F-881B3DF679E5}C:\program files (x86)\starcraft ii beta\versions\base13891\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base13891\sc2.exe |
"UDP Query User{7F0183A5-6017-45C8-9D7B-AA5A7874E1F2}C:\users\drlexy\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\drlexy\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{9190E379-9E15-4249-8AB9-260F98485EC2}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{93A4F7AF-D7BB-47F8-B74E-03A410463BCA}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{AEB31292-3D23-4734-A817-19130261436A}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{B42C2B5F-C677-4299-9ED4-FE6308FFF54A}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{BDBB2848-A69A-48BA-AC55-2ACF252945C8}C:\program files (x86)\free music zilla\fmzilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\free music zilla\fmzilla.exe |
"UDP Query User{BDDF9CFE-6EF9-450F-B40F-9B9264777DCE}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{CE19CD44-2583-4D9D-AACD-A1A36076ABF6}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{CEF8BF35-79EE-4977-8256-8F05942BD29F}C:\users\drlexy\desktop\games\cc-tiberian sun\tiberian sun\game.exe" = protocol=17 | dir=in | app=c:\users\drlexy\desktop\games\cc-tiberian sun\tiberian sun\game.exe |
"UDP Query User{CF8DCF37-1141-4954-94CC-D406B512F882}C:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
"UDP Query User{D2E31840-4FF7-4122-A711-566ACC0A3DA7}C:\users\drlexy\desktop\red alert 2\game\ra2_yrevengeportable\ra2_yrevengeportable\game.exe" = protocol=17 | dir=in | app=c:\users\drlexy\desktop\red alert 2\game\ra2_yrevengeportable\ra2_yrevengeportable\game.exe |
"UDP Query User{DB701DA4-6026-46FF-BF9A-A6BD1689641B}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.12.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.12.game |
"UDP Query User{DCE36496-13A8-46ED-8385-74C3D3B2DC4D}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{E3BA0262-819F-4259-B4C7-E27ED9ED3EC7}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{EBE4D7B5-5FA0-4961-8A1C-C1A6B3F684DA}C:\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\age of empires ii\empires2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4402
"{0FBEDFFE-80F3-06BE-B004-9594C4E8E555}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java™ 6 Update 13 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{5759E649-E281-46C2-BB4B-50413623DCDF}" = iTunes
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Defraggler" = Defraggler
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"PeerGuardian_is1" = PeerGuardian 2.0
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.6
"Shiretoko (3.5.2)" = Shiretoko (3.5.2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0904ED3B-0FCD-A153-2F80-F7F5AB0329BA}" = Catalyst Control Center Graphics Previews Vista
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0B82D6C6-9ECC-4710-97AB-5CE482E72852}_is1" = TableScan Turbo v0.47 (BETA)
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F090069-6450-9559-72BD-2437FF935EEC}" = CCC Help Swedish
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11D3D948-2789-2E3D-03D7-282B537D8C01}" = BBC iPlayer Desktop
"{1246FF64-3035-4A92-8FE6-A968275495EB}" = Sony Vegas Pro 8.0
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{34386C65-FD55-CEBD-AF7F-5126751BAA98}" = Catalyst Control Center InstallProxy
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3643D422-9AFF-81D6-252C-14A8A3AD88D3}" = CCC Help Korean
"{3889CA7B-A8FC-09CB-C6D4-B134A2336DD9}" = CCC Help Portuguese
"{394B918B-47B0-D281-6AB8-E58871B54C91}" = Catalyst Control Center Core Implementation
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B7E26A8-4B67-D878-3AE3-0079686C52B6}" = CCC Help Spanish
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51B6CDCD-8802-B41A-61E4-FC6A65FF217B}" = CCC Help French
"{51FD8515-2F15-4E6D-A93C-BC6988AEC29A}" = Sony Media Manager 2.3
"{531DDC1D-6563-8796-764A-A9C4E83C23E0}" = CCC Help English
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56F4CA69-B3BC-81E6-304A-E650F3BB93A8}" = Catalyst Control Center Graphics Previews Common
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61D9B6B3-B72E-C642-F0B0-8659EADB4CAA}" = Skins
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{6FB141D8-1543-6588-623A-7D95969CB330}" = Catalyst Control Center Localization All
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7C0AEF0E-BB23-5C44-4933-88F6AE1057D8}" = Catalyst Control Center Graphics Full New
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80052E79-4A36-69BA-F44F-882A2E321116}" = CCC Help German
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87460EB7-E62D-C963-4DDB-D2146478F59F}" = CCC Help Finnish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8BD8412A-40FB-9114-A8AE-CFB94C24C078}" = CCC Help Norwegian
"{8C2522F0-8B10-139C-3379-3620EA6A254D}" = CCC Help Dutch
"{8FCE7358-DA6B-789A-44AB-E52256ACB330}" = CCC Help Chinese Traditional
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_EXCEL_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_POWERPOINT_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_POWERPOINT_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_EXCEL_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_POWERPOINT_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_EXCEL_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_POWERPOINT_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_EXCEL_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_POWERPOINT_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_WORD_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_EXCEL_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_POWERPOINT_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_EXCEL_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_POWERPOINT_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_EXCEL_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_POWERPOINT_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_EXCEL_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_POWERPOINT_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{958DF0E4-CC0D-BDD5-28D1-A1B961E48A85}" = ccc-core-static
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8E83877-671C-A1A3-F4D3-C3D74E5AE8B9}" = CCC Help Chinese Standard
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{ADB4809A-3857-F18D-153F-391EB1D37C59}" = Catalyst Control Center Graphics Full Existing
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B354E49B-DBDC-442D-5615-BD07B3A0B932}" = Catalyst Control Center Graphics Light
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B787CD67-506B-4C9A-8A99-D2C4460D055F}" = Catalyst Control Center - Branding
"{B96C8D6D-B0E5-CD7B-BC5D-739D5051E911}" = CCC Help Japanese
"{BB1FBFB2-D5AE-45E6-8C71-46D2FE73BAA3}_is1" = Call of Duty Modern Warfare 2
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB72877A-D2BF-6F18-2D0A-52C4036E2DF6}" = CCC Help Russian
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D809E781-A654-3530-2B92-91FF959C507A}" = CCC Help Danish
"{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}" = EZXDfh
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F31D838B-E7F3-1E70-F54F-B009CD9219EE}" = CCC Help Italian
"{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE63F2E5-DD8E-401E-BE50-62F8916B26F2}" = TableNinja
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Anki" = Anki
"Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"BioShock 2_is1" = BioShock 2 1.0
"CCleaner" = CCleaner
"Collab" = Collab
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"EXCEL" = Microsoft Office Excel 2007
"FL Studio 8" = FL Studio 8
"Free Music Zilla_is1" = Free Music Zilla
"ft_Transport Tycoon Deluxe" = Transport Tycoon Deluxe
"HoldemManager" = Holdem Manager
"IL Download Manager" = IL Download Manager
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"Ladbrokes Poker" = Ladbrokes Poker
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"OpenTTD" = OpenTTD 0.7.4
"PoiZone" = PoiZone
"PokerStars" = PokerStars
"PostgreSQL 8.4" = PostgreSQL 8.4
"PowerISO" = PowerISO
"POWERPOINT" = Microsoft Office PowerPoint 2007
"RollerCoaster Tycoon 2 Triple Thrill Pack" = RollerCoaster Tycoon 2 Triple Thrill Pack
"Spotify" = Spotify
"StarCraft II Beta" = StarCraft II Beta
"Steam App 220" = Half-Life 2
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 380" = Half-Life 2: Episode One
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 4560" = Company of Heroes
"Student and Home Edition" = Student and Home Edition
"SystemRequirementsLab" = System Requirements Lab
"Tiberian Sun" = Command & Conquer Tiberian Sun
"Toxic Biohazard" = Toxic Biohazard
"uTorrent" = µTorrent
"Veoh Web Player Beta" = Veoh Web Player
"Viveza" = Viveza
"VLC media player" = VLC media player 1.0.1
"Voobly_is1" = Voobly
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
"WOLAPI" = Westwood Shared Internet Components
"WORD" = Microsoft Office Word 2007
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Ivacy Monitor" = Ivacy Monitor
"Octoshape Streaming Services" = Octoshape Streaming Services
"Warcraft III" = Warcraft III: All Products
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/01/2010 16:07:54 | Computer Name = DrLexy-PC | Source = PostgreSQL | ID = 0
Description = 2010-01-25 04:07:54 HKTERROR: duplicate key value violates unique
constraint "uniqueserial" 2010-01-25 04:07:54 HKTSTATEMENT: EXECUTE PKHEXECUTE(30382711878,2,to_timestamp('07/12/2009
14:59:26','MM/DD/YYYY HH24:MI:SS'),380,3,6,3,0,0,0,6,30,52,9,0,0,10,0,6,0,0,0,0,-1,-1,1,-1,False,-1,0,0,0,13,-1,-1,3,-1,-1,0);
select currval('pokerhands_pokerhand_id_seq')

Error - 24/01/2010 16:07:54 | Computer Name = DrLexy-PC | Source = PostgreSQL | ID = 0
Description = 2010-01-25 04:07:54 HKTERROR: duplicate key value violates unique
constraint "uniqueserial" 2010-01-25 04:07:54 HKTSTATEMENT: EXECUTE PKHEXECUTE(30382735467,2,to_timestamp('07/12/2009
15:00:02','MM/DD/YYYY HH24:MI:SS'),380,3,6,0,0,0,0,7,0,0,0,0,0,183,0,0,0,0,0,-1,-1,-1,-1,-1,False,-1,0,0,0,-1,-1,-1,2,5,-1,0);
select currval('pokerhands_pokerhand_id_seq')

Error - 24/01/2010 16:07:54 | Computer Name = DrLexy-PC | Source = PostgreSQL | ID = 0
Description = 2010-01-25 04:07:54 HKTERROR: duplicate key value violates unique
constraint "uniqueserial" 2010-01-25 04:07:54 HKTSTATEMENT: EXECUTE PKHEXECUTE(30382751718,2,to_timestamp('07/12/2009
15:00:25','MM/DD/YYYY HH24:MI:SS'),380,3,8,2,2,2,2,8,49,13,41,1,7,341,15,356,356,356,356,0,0,0,2,2,True,3,0,0,0,13,14,14,-1,4,-1,0);
select currval('pokerhands_pokerhand_id_seq')

Error - 24/01/2010 16:07:54 | Computer Name = DrLexy-PC | Source = PostgreSQL | ID = 0
Description = 2010-01-25 04:07:54 HKTERROR: duplicate key value violates unique
constraint "uniqueserial" 2010-01-25 04:07:54 HKTSTATEMENT: EXECUTE PKHEXECUTE(30382795836,2,to_timestamp('07/12/2009
15:01:32','MM/DD/YYYY HH24:MI:SS'),380,3,8,0,0,0,0,9,0,0,0,0,0,3,0,0,0,0,0,-1,-1,-1,-1,-1,False,-1,0,0,0,-1,-1,-1,-1,-1,-1,0);
select currval('pokerhands_pokerhand_id_seq')

Error - 24/01/2010 16:07:54 | Computer Name = DrLexy-PC | Source = PostgreSQL | ID = 0
Description = 2010-01-25 04:07:54 HKTERROR: duplicate key value violates unique
constraint "uniqueserial" 2010-01-25 04:07:54 HKTSTATEMENT: EXECUTE PKHEXECUTE(30382813377,2,to_timestamp('07/12/2009
15:01:58','MM/DD/YYYY HH24:MI:SS'),380,3,7,0,0,0,0,1,0,0,0,0,0,11,0,0,0,0,0,-1,-1,-1,-1,-1,False,-1,0,0,0,-1,-1,-1,-1,3,-1,0);
select currval('pokerhands_pokerhand_id_seq')

Error - 24/01/2010 16:07:54 | Computer Name = DrLexy-PC | Source = PostgreSQL | ID = 0
Description = 2010-01-25 04:07:54 HKTERROR: duplicate key value violates unique
constraint "uniqueserial" 2010-01-25 04:07:54 HKTSTATEMENT: EXECUTE PKHEXECUTE(30382848188,2,to_timestamp('07/12/2009
15:02:50','MM/DD/YYYY HH24:MI:SS'),380,3,7,0,0,0,0,2,0,0,0,0,0,20,0,0,0,0,0,-1,-1,-1,-1,-1,False,-1,0,0,0,-1,-1,-1,-1,2,-1,0);
select currval('pokerhands_pokerhand_id_seq')

Error - 24/01/2010 16:07:54 | Computer Name = DrLexy-PC | Source = PostgreSQL | ID = 0
Description = 2010-01-25 04:07:54 HKTERROR: duplicate key value violates unique
constraint "uniqueserial" 2010-01-25 04:07:54 HKTSTATEMENT: EXECUTE PKHEXECUTE(30384764855,2,to_timestamp('07/12/2009
15:48:22','MM/DD/YYYY HH24:MI:SS'),380,3,8,5,0,0,0,8,46,49,30,0,0,20,0,10,0,0,0,0,-1,-1,2,-1,False,-1,0,0,0,10,-1,-1,2,-1,-1,0);
select currval('pokerhands_pokerhand_id_seq')

Error - 24/01/2010 16:07:54 | Computer Name = DrLexy-PC | Source = PostgreSQL | ID = 0
Description = 2010-01-25 04:07:54 HKTERROR: duplicate key value violates unique
constraint "uniqueserial" 2010-01-25 04:07:54 HKTSTATEMENT: EXECUTE PKHEXECUTE(30384820604,2,to_timestamp('07/12/2009
15:49:43','MM/DD/YYYY HH24:MI:SS'),380,3,8,4,2,0,0,9,26,41,7,23,0,127,0,33,57,0,0,0,0,-1,1,2,False,-1,0,0,0,13,13,-1,-1,2,-1,0);
select currval('pokerhands_pokerhand_id_seq')

Error - 24/01/2010 16:07:54 | Computer Name = DrLexy-PC | Source = PostgreSQL | ID = 0
Description = 2010-01-25 04:07:54 HKTERROR: duplicate key value violates unique
constraint "uniqueserial" 2010-01-25 04:07:54 HKTSTATEMENT: EXECUTE PKHEXECUTE(30384877702,2,to_timestamp('07/12/2009
15:51:07','MM/DD/YYYY HH24:MI:SS'),380,3,9,2,2,2,2,1,19,12,3,47,14,690,15,33,83,213,705,0,0,0,2,2,False,2,0,0,0,12,12,14,2,2,-1,0);
select currval('pokerhands_pokerhand_id_seq')

Error - 24/01/2010 16:07:54 | Computer Name = DrLexy-PC | Source = PostgreSQL | ID = 0
Description = 2010-01-25 04:07:54 HKTERROR: duplicate key value violates unique
constraint "uniqueserial" 2010-01-25 04:07:54 HKTSTATEMENT: EXECUTE PKHEXECUTE(30384927065,2,to_timestamp('07/12/2009
15:52:18','MM/DD/YYYY HH24:MI:SS'),380,3,9,3,3,0,0,2,4,17,49,23,0,11,0,7,7,0,0,32,49,-1,1,2,False,-1,0,0,0,10,10,-1,3,-1,-1,0);
select currval('pokerhands_pokerhand_id_seq')

[ OSession Events ]
Error - 10/11/2009 12:54:29 | Computer Name = DrLexy-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 343
seconds with 300 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/04/2010 03:46:03 | Computer Name = DrLexy-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 10/04/2010 03:46:03 | Computer Name = DrLexy-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 10/04/2010 03:46:03 | Computer Name = DrLexy-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 10/04/2010 03:46:03 | Computer Name = DrLexy-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 10/04/2010 03:46:03 | Computer Name = DrLexy-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 10/04/2010 03:46:03 | Computer Name = DrLexy-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 10/04/2010 03:46:03 | Computer Name = DrLexy-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 10/04/2010 03:46:25 | Computer Name = DrLexy-PC | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
on volume C:.

Error - 10/04/2010 04:13:41 | Computer Name = DrLexy-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{C685EE91-0787-4F46-B9F0-A3A1114C4FA0}
because another computer on the network has the same name. The server could not
start.

Error - 10/04/2010 04:13:42 | Computer Name = DrLexy-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{C685EE91-0787-4F46-B9F0-A3A1114C4FA0}
because another computer on the network has the same name. The server could not
start.


< End of report >

----------------------------------------

OTL logfile created on: 10/04/2010 16:09:30 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\DrLexy\Documents\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.58 Gb Total Space | 203.49 Gb Free Space | 45.16% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 5.81 Gb Free Space | 38.71% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DRLEXY-PC
Current User Name: DrLexy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/10 13:35:37 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\DrLexy\Documents\Downloads\OTL.exe
PRC - [2010/04/05 02:43:06 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/03/28 11:13:16 | 000,530,416 | ---- | M] (Google Inc.) -- C:\Users\DrLexy\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/03/24 23:14:24 | 006,423,040 | ---- | M] () -- C:\Program Files (x86)\Ivacy Monitor\IvacyMonitor.exe
PRC - [2010/03/16 15:36:32 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/02/23 06:52:16 | 002,633,976 | ---- | M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2009/09/08 15:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009/09/08 15:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009/08/29 17:53:20 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/07/26 16:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/05/21 14:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 14:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/17 16:17:02 | 000,636,144 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/04/11 14:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2009/02/05 03:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/08 21:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\DrLexy\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2008/12/18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/12/18 12:27:22 | 004,823,928 | ---- | M] (Dell Inc. and SightSpeed Inc.) -- C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
PRC - [2008/06/05 22:06:04 | 000,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe


========== Modules (SafeList) ==========

MOD - [2010/04/10 13:35:37 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\DrLexy\Documents\Downloads\OTL.exe
MOD - [2009/04/11 14:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/08/31 05:34:54 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/05/06 14:28:34 | 000,948,736 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2009/04/11 15:11:13 | 000,053,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bthserv.dll -- (BthServ)
SRV:64bit: - [2009/03/30 20:25:18 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/30 20:24:46 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/21 10:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/26 23:04:22 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/16 15:36:32 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/09/08 15:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009/08/31 05:31:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/29 17:53:20 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/05/21 14:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/17 16:17:02 | 000,636,144 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/03/30 12:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2006/11/02 21:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 14:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 14:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/03/02 12:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2010/02/16 13:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/08/30 05:46:14 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/11 07:18:44 | 000,036,352 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tap0901.sys -- (tap0901)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/06 14:28:38 | 005,263,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2009/05/06 14:28:38 | 005,263,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/04/29 04:20:06 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/04/27 15:05:56 | 000,230,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/04/11 13:40:06 | 000,694,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BTHport.sys -- (BthPort)
DRV:64bit: - [2009/04/11 13:39:57 | 000,178,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV:64bit: - [2009/04/11 13:39:55 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\BthEnum.sys -- (BthEnum)
DRV:64bit: - [2009/04/11 13:39:53 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BTHUSB.sys -- (BTHUSB)
DRV:64bit: - [2009/04/11 13:39:51 | 000,275,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/04/11 13:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/30 20:25:34 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/03/15 18:32:56 | 000,085,424 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/03/09 00:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2009/03/06 14:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2008/12/31 03:00:22 | 000,172,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2008/12/22 17:26:28 | 004,735,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/08/25 18:35:36 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2008/07/17 18:59:12 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/07/17 18:59:10 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/07/17 18:59:08 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/07/16 19:50:42 | 000,239,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2008/06/27 14:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/06/16 17:25:20 | 000,019,880 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/06/16 17:25:14 | 000,036,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/06/16 17:25:12 | 000,120,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/06/16 17:25:10 | 000,092,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/01/21 10:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/21 10:47:27 | 000,168,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2008/01/21 10:47:02 | 000,115,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV:64bit: - [2008/01/21 10:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2008/01/21 10:46:51 | 000,017,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV - [2009/08/19 22:26:39 | 000,000,000 | ---D | M] [Kernel | On_Demand | Running] -- C:\Windows\ITECIR -- (itecir)
DRV - [2008/08/14 14:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\adfs.sys -- (adfs)
DRV - [2006/09/19 05:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/19 05:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.6313.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: ivacyproxy@ivacy.com:1.1.8
FF - prefs.js..extensions.enabledItems: {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}:1.4.5
FF - prefs.js..network.proxy.http: "202.240.224.5"
FF - prefs.js..network.proxy.http_port: 8080

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/05 02:43:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/05 02:43:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009/08/25 20:27:47 | 000,000,000 | ---D | M] -- C:\Users\DrLexy\AppData\Roaming\Mozilla\Extensions
[2010/04/10 11:28:36 | 000,000,000 | ---D | M] -- C:\Users\DrLexy\AppData\Roaming\Mozilla\Firefox\Profiles\zcwqsfdi.default\extensions
[2009/08/26 02:16:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\DrLexy\AppData\Roaming\Mozilla\Firefox\Profiles\zcwqsfdi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/24 12:25:41 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\DrLexy\AppData\Roaming\Mozilla\Firefox\Profiles\zcwqsfdi.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2009/08/25 21:24:33 | 000,000,000 | ---D | M] -- C:\Users\DrLexy\AppData\Roaming\Mozilla\Firefox\Profiles\zcwqsfdi.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009/11/10 23:56:14 | 000,000,000 | ---D | M] -- C:\Users\DrLexy\AppData\Roaming\Mozilla\Firefox\Profiles\zcwqsfdi.default\extensions\ivacyproxy@ivacy.com
[2009/09/20 01:42:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/01/14 06:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2009/07/31 06:24:36 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/07/31 06:24:36 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/07/31 06:24:36 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/07/31 06:24:36 | 000,000,831 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/03/21 14:55:31 | 000,000,791 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (msiebr Class) - {6B844B04-34CB-4430-A3C3-9AD5F16A1B49} - C:\Windows\SysWOW64\vcredist.dll File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000..\Run: [Octoshape Streaming Services] C:\Users\DrLexy\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\DrLexy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\postgres.DrLexy-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe (Microgaming)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.co...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 180.168.255.18 116.228.111.118
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{1d723323-d091-11de-8b4c-002219ead854}\Shell\AutoRun\command - "" = G:\wd_windows_tools\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/10 15:41:47 | 000,000,000 | ---D | C] -- C:\avrescue
[2010/04/10 15:22:17 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2010/04/10 15:22:17 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/04/10 15:22:17 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2010/04/10 15:22:17 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2010/04/10 15:22:16 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2010/04/10 15:22:16 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2010/04/10 15:22:16 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2010/04/10 15:22:16 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010/04/10 15:22:16 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2010/04/10 15:22:16 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2010/04/10 15:22:15 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2010/04/10 15:22:15 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010/04/10 15:22:10 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010/04/10 15:22:10 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/04/10 15:22:07 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2010/04/10 15:22:07 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010/04/10 15:22:06 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2010/04/10 15:22:06 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010/04/10 15:22:04 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2010/04/10 15:22:04 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010/04/10 15:22:02 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2010/04/10 15:22:02 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2010/04/10 15:22:02 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2010/04/10 15:22:02 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2010/04/10 15:22:02 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010/04/10 15:22:02 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2010/04/10 13:19:33 | 000,000,000 | ---D | C] -- C:\Call of Duty Modern Warfare 2
[2010/04/09 01:21:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/04/09 01:21:58 | 000,000,000 | ---D | C] -- C:\Windows\Content.IE5
[2010/04/09 01:21:50 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\AppData\Local\Temp
[2010/04/09 01:18:26 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/04/09 01:11:36 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\Desktop\smitRem
[2010/04/08 21:09:31 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\Documents\Downloads
[2010/04/08 20:45:32 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\AppData\Local\Google
[2010/04/06 11:40:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veoh Networks
[2010/04/06 02:05:33 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\Desktop\zhongwen rom
[2010/04/06 02:02:18 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\Desktop\patcher
[2010/04/06 01:00:46 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\Documents\Insanity Progress Pics
[2010/04/05 19:03:04 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\Desktop\Logs for posting
[2010/04/03 22:22:40 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\Desktop\Worms Armageddon
[2010/04/03 21:29:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2010/04/03 19:04:29 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\Documents\Bioshock2
[2010/04/03 19:04:29 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\AppData\Roaming\Bioshock2
[2010/04/03 13:53:31 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\Desktop\Red Alert 2
[2010/04/01 14:02:34 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\Desktop\ADRIAN'S FILMS
[2010/03/31 01:34:43 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\AppData\Roaming\IObit
[2010/03/31 01:34:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2010/03/27 23:19:00 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/03/27 23:19:00 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010/03/27 23:19:00 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010/03/27 23:19:00 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/03/27 23:19:00 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/03/27 23:18:59 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/03/26 23:14:36 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\Desktop\Rapid Downloads
[2010/03/26 23:12:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Download Manager
[2010/03/26 22:40:01 | 000,000,000 | ---D | C] -- C:\ProgramData\2DBoy
[2010/03/26 22:38:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WorldOfGoo
[2010/03/25 13:40:22 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\AppData\Roaming\Avira
[2010/03/25 12:17:52 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010/03/25 12:17:52 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010/03/25 12:17:52 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010/03/24 17:36:18 | 000,000,000 | -H-D | C] -- C:\Windows\SysWow64\FD0D90
[2010/03/24 17:36:18 | 000,000,000 | -H-D | C] -- C:\Windows\SysWow64\391573
[2010/03/21 15:00:48 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\Desktop\passport etc
[2010/03/19 12:14:06 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2010/03/17 18:11:36 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\AppData\Roaming\Facebook
[2010/03/13 12:56:03 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\Desktop\AIOguide
[2010/03/12 12:11:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2009/08/25 21:25:17 | 008,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\DrLexy\AppData\Roaming\DataSafeDotNet.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/10 16:10:21 | 003,670,016 | -HS- | M] () -- C:\Users\DrLexy\NTUSER.DAT
[2010/04/10 15:50:02 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3228512399-1494745669-1716558871-1000UA.job
[2010/04/10 14:59:11 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/10 14:59:11 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/10 11:03:27 | 000,757,016 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/04/10 11:03:27 | 000,647,086 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/04/10 11:03:27 | 000,123,734 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/04/10 10:59:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/10 10:59:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/10 10:59:07 | 4289,609,728 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/10 05:20:29 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/04/10 05:20:27 | 000,524,288 | -HS- | M] () -- C:\Users\DrLexy\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/04/10 05:20:27 | 000,065,536 | -HS- | M] () -- C:\Users\DrLexy\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/04/10 02:57:56 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D62474E6-5A7C-444C-AFD0-B07AF7149413}.job
[2010/04/09 19:20:16 | 002,790,945 | -H-- | M] () -- C:\Users\DrLexy\AppData\Local\IconCache.db
[2010/04/09 01:10:23 | 000,383,836 | ---- | M] () -- C:\Users\DrLexy\Desktop\smitRem.exe
[2010/04/09 00:58:01 | 000,001,726 | ---- | M] () -- C:\Users\DrLexy\Desktop\CCleaner.lnk
[2010/04/09 00:52:10 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/04/09 00:24:07 | 000,010,876 | ---- | M] () -- C:\Users\DrLexy\Documents\Shanghai Weight.xlsx
[2010/04/08 20:50:00 | 000,000,858 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3228512399-1494745669-1716558871-1000Core.job
[2010/04/08 20:46:58 | 000,002,049 | ---- | M] () -- C:\Users\DrLexy\Desktop\Google Chrome.lnk
[2010/04/08 16:09:40 | 000,215,160 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/04/08 15:58:15 | 000,215,160 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/04/05 01:26:18 | 000,000,680 | ---- | M] () -- C:\Users\DrLexy\AppData\Local\d3d9caps.dat
[2010/04/03 18:49:35 | 000,001,803 | ---- | M] () -- C:\Program Files (x86)\Internet Explorer.lnk
[2010/04/03 18:48:04 | 000,000,202 | ---- | M] () -- C:\Windows\win.ini
[2010/04/03 18:48:03 | 000,001,803 | R-S- | M] () -- C:\Users\Public\Desktop\Internet Explorer.lnk
[2010/04/03 15:28:26 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/03/31 01:34:48 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2010/03/29 21:36:20 | 000,000,903 | ---- | M] () -- C:\Users\DrLexy\Desktop\Ivacy Monitor.lnk
[2010/03/28 14:10:42 | 000,079,743 | ---- | M] () -- C:\Users\DrLexy\Documents\Chinese Leeds Exam Texts Translated [1-6].docx
[2010/03/28 14:09:16 | 000,079,751 | ---- | M] () -- C:\Users\DrLexy\Documents\Chinese Leeds Exam Texts Translated.docx
[2010/03/27 18:11:13 | 000,012,010 | ---- | M] () -- C:\Users\DrLexy\Documents\leeds text 5.docx
[2010/03/26 22:06:40 | 000,061,952 | ---- | M] () -- C:\Users\DrLexy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/21 15:43:04 | 000,033,280 | ---- | M] () -- C:\Users\DrLexy\Documents\Curriculum Vitae - Alexander Schultz.doc
[2010/03/21 10:28:07 | 000,002,451 | ---- | M] () -- C:\Users\DrLexy\Desktop\TableNinja.lnk
[2010/03/18 15:06:21 | 000,000,751 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/03/12 12:15:58 | 000,000,612 | ---- | M] () -- C:\Users\DrLexy\Desktop\World of Warcraft Installer.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/10 15:19:12 | 000,359,942 | ---- | C] () -- C:\Users\DrLexy\AppData\Local\dd_vcredistMSI1A6B.txt
[2010/04/10 15:19:12 | 000,011,194 | ---- | C] () -- C:\Users\DrLexy\AppData\Local\dd_vcredistUI1A6B.txt
[2010/04/09 01:49:15 | 4289,609,728 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/09 01:10:16 | 000,383,836 | ---- | C] () -- C:\Users\DrLexy\Desktop\smitRem.exe
[2010/04/09 00:58:01 | 000,001,726 | ---- | C] () -- C:\Users\DrLexy\Desktop\CCleaner.lnk
[2010/04/08 20:46:58 | 000,002,049 | ---- | C] () -- C:\Users\DrLexy\Desktop\Google Chrome.lnk
[2010/04/08 20:45:34 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3228512399-1494745669-1716558871-1000UA.job
[2010/04/08 20:45:33 | 000,000,858 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3228512399-1494745669-1716558871-1000Core.job
[2010/04/03 18:49:35 | 000,001,803 | ---- | C] () -- C:\Program Files (x86)\Internet Explorer
[2010/04/03 18:48:03 | 000,001,803 | R-S- | C] () -- C:\Users\Public\Desktop\Internet Explorer.lnk
[2010/03/31 01:34:48 | 000,001,058 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2010/03/28 14:10:41 | 000,079,743 | ---- | C] () -- C:\Users\DrLexy\Documents\Chinese Leeds Exam Texts Translated [1-6].docx
[2010/03/25 12:16:48 | 000,441,270 | ---- | C] () -- C:\Users\DrLexy\AppData\Local\dd_vcredistMSI2CAD.txt
[2010/03/25 12:16:47 | 000,011,714 | ---- | C] () -- C:\Users\DrLexy\AppData\Local\dd_vcredistUI2CAD.txt
[2010/03/25 00:28:52 | 000,012,010 | ---- | C] () -- C:\Users\DrLexy\Documents\leeds text 5.docx
[2010/03/12 12:22:40 | 000,000,751 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/03/12 12:15:58 | 000,000,612 | ---- | C] () -- C:\Users\DrLexy\Desktop\World of Warcraft Installer.lnk
[2010/02/24 20:48:05 | 000,000,045 | ---- | C] () -- C:\Users\DrLexy\AppData\Local\machpro.dat
[2010/02/02 05:37:24 | 000,065,399 | ---- | C] () -- C:\Users\DrLexy\100201-213616.jpg
[2010/01/26 21:46:19 | 000,002,233 | ---- | C] () -- C:\Users\DrLexy\pokerclient.log
[2010/01/23 23:45:12 | 000,364,678 | ---- | C] () -- C:\Users\DrLexy\AppData\Local\dd_vcredistMSI1D72.txt
[2010/01/23 23:45:11 | 000,011,210 | ---- | C] () -- C:\Users\DrLexy\AppData\Local\dd_vcredistUI1D72.txt
[2009/12/03 15:01:13 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 14:59:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/11/11 00:55:45 | 000,028,707 | ---- | C] () -- C:\Users\DrLexy\weight.jpg
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/11/06 02:23:56 | 000,000,680 | ---- | C] () -- C:\Users\DrLexy\AppData\Local\d3d9caps.dat
[2009/10/04 16:14:48 | 000,335,806 | ---- | C] () -- C:\Users\DrLexy\AppData\Local\dd_vcredistMSI63F9.txt
[2009/10/04 16:14:48 | 000,012,546 | ---- | C] () -- C:\Users\DrLexy\AppData\Local\dd_vcredistUI63F9.txt
[2009/10/04 15:56:14 | 000,425,916 | ---- | C] () -- C:\Users\DrLexy\AppData\Local\dd_vcredistMSI55C3.txt
[2009/10/04 15:56:14 | 000,012,770 | ---- | C] () -- C:\Users\DrLexy\AppData\Local\dd_vcredistUI55C3.txt
[2009/09/20 16:25:39 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/09/06 19:09:22 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2009/09/02 00:14:31 | 000,700,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/08/31 09:35:27 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2009/08/29 00:18:06 | 000,000,325 | ---- | C] () -- C:\Windows\game.ini
[2009/08/25 23:06:22 | 000,061,952 | ---- | C] () -- C:\Users\DrLexy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/25 20:10:27 | 000,000,020 | -HS- | C] () -- C:\Users\DrLexy\ntuser.ini
[2009/08/25 20:10:26 | 003,670,016 | -HS- | C] () -- C:\Users\DrLexy\NTUSER.DAT
[2009/08/25 20:10:26 | 000,524,288 | -HS- | C] () -- C:\Users\DrLexy\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2009/08/25 20:10:26 | 000,524,288 | -HS- | C] () -- C:\Users\DrLexy\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2009/08/25 20:10:26 | 000,262,144 | -H-- | C] () -- C:\Users\DrLexy\ntuser.dat.LOG2
[2009/08/25 20:10:26 | 000,262,144 | -H-- | C] () -- C:\Users\DrLexy\ntuser.dat.LOG1
[2009/08/25 20:10:26 | 000,065,536 | -HS- | C] () -- C:\Users\DrLexy\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2009/08/20 07:47:36 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\zwjy06r.dll
[2009/08/20 07:47:36 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll
[2009/08/20 07:47:36 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll
[2009/08/20 07:47:36 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2009/08/20 07:47:36 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2009/08/20 07:47:36 | 000,000,340 | ---- | C] () -- C:\Windows\SysWow64\g0nj28s.dll
[2009/08/20 07:47:36 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll
[2009/08/20 07:47:36 | 000,000,072 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2009/08/20 07:47:36 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\v16qi5y.dll
[2008/01/21 10:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== Files - Unicode (All) ==========
[2010/04/04 23:09:08 | 000,001,038 | R-S- | M] ()(C:\Users\Public\Desktop\????.lnk) -- C:\Users\Public\Desktop\淘宝导购.lnk
[2010/04/04 23:09:08 | 000,001,038 | R-S- | C] ()(C:\Users\Public\Desktop\????.lnk) -- C:\Users\Public\Desktop\淘宝导购.lnk
[2010/03/29 23:41:31 | 000,014,099 | ---- | M] ()(C:\Users\DrLexy\Documents\???????????????.docx) -- C:\Users\DrLexy\Documents\我在中国碰到的一个最有意思的人.docx
[2010/03/29 20:43:59 | 000,014,099 | ---- | C] ()(C:\Users\DrLexy\Documents\???????????????.docx) -- C:\Users\DrLexy\Documents\我在中国碰到的一个最有意思的人.docx
[2010/01/10 18:24:05 | 000,011,780 | ---- | M] ()(C:\Users\DrLexy\Documents\[describing sentences]?????????.docx) -- C:\Users\DrLexy\Documents\[describing sentences]这只猫想吃那些葡萄.docx
[2010/01/10 18:16:38 | 000,011,780 | ---- | C] ()(C:\Users\DrLexy\Documents\[describing sentences]?????????.docx) -- C:\Users\DrLexy\Documents\[describing sentences]这只猫想吃那些葡萄.docx
[2010/01/06 01:45:11 | 000,015,621 | ---- | M] ()(C:\Users\DrLexy\Desktop\???????[JT].docx) -- C:\Users\DrLexy\Desktop\我对中国的印象[JT].docx
[2010/01/06 01:45:09 | 000,015,621 | ---- | C] ()(C:\Users\DrLexy\Desktop\???????[JT].docx) -- C:\Users\DrLexy\Desktop\我对中国的印象[JT].docx
[2010/01/04 03:28:19 | 000,015,805 | ---- | M] ()(C:\Users\DrLexy\Documents\finished???????bar version.docx) -- C:\Users\DrLexy\Documents\finished我对中国的印象bar version.docx
[2010/01/03 22:37:41 | 000,015,805 | ---- | C] ()(C:\Users\DrLexy\Documents\finished???????bar version.docx) -- C:\Users\DrLexy\Documents\finished我对中国的印象bar version.docx
[2010/01/03 21:39:36 | 000,014,712 | ---- | M] ()(C:\Users\DrLexy\Documents\finished???????.docx) -- C:\Users\DrLexy\Documents\finished我对中国的印象.docx
[2010/01/02 13:36:09 | 000,014,712 | ---- | C] ()(C:\Users\DrLexy\Documents\finished???????.docx) -- C:\Users\DrLexy\Documents\finished我对中国的印象.docx
[2010/01/02 13:35:41 | 000,014,674 | ---- | M] ()(C:\Users\DrLexy\Documents\???????.docx) -- C:\Users\DrLexy\Documents\我对中国的印象.docx
[2009/12/21 19:32:36 | 000,014,674 | ---- | C] ()(C:\Users\DrLexy\Documents\???????.docx) -- C:\Users\DrLexy\Documents\我对中国的印象.docx
[2009/12/10 22:47:10 | 000,011,250 | ---- | M] ()(C:\Users\DrLexy\Documents\????.docx) -- C:\Users\DrLexy\Documents\十个句子.docx
[2009/12/10 22:11:27 | 000,011,250 | ---- | C] ()(C:\Users\DrLexy\Documents\????.docx) -- C:\Users\DrLexy\Documents\十个句子.docx
[2009/12/01 23:15:57 | 000,011,655 | ---- | M] ()(C:\Users\DrLexy\Documents\????????????.docx) -- C:\Users\DrLexy\Documents\上个周末我参加了一个婚礼.docx
[2009/12/01 22:50:13 | 000,011,655 | ---- | C] ()(C:\Users\DrLexy\Documents\????????????.docx) -- C:\Users\DrLexy\Documents\上个周末我参加了一个婚礼.docx
[2009/11/25 20:56:13 | 013,535,642 | ---- | M] ()(C:\Users\DrLexy\Documents\?? 07v.pptx) -- C:\Users\DrLexy\Documents\流行 07v.pptx
[2009/11/25 20:54:29 | 013,681,664 | ---- | M] ()(C:\Users\DrLexy\Documents\?? 96-03v.ppt) -- C:\Users\DrLexy\Documents\流行 96-03v.ppt
[2009/11/25 20:54:24 | 013,681,664 | ---- | C] ()(C:\Users\DrLexy\Documents\?? 96-03v.ppt) -- C:\Users\DrLexy\Documents\流行 96-03v.ppt
[2009/11/24 20:25:41 | 013,535,642 | ---- | C] ()(C:\Users\DrLexy\Documents\?? 07v.pptx) -- C:\Users\DrLexy\Documents\流行 07v.pptx
[2009/11/19 23:40:28 | 000,011,305 | ---- | M] ()(C:\Users\DrLexy\Documents\????.docx) -- C:\Users\DrLexy\Documents\我的身体.docx
[2009/11/19 21:12:53 | 000,011,305 | ---- | C] ()(C:\Users\DrLexy\Documents\????.docx) -- C:\Users\DrLexy\Documents\我的身体.docx
[2009/11/11 15:16:56 | 000,011,945 | ---- | M] ()(C:\Users\DrLexy\Documents\?????????????.docx) -- C:\Users\DrLexy\Documents\你的国家和中国有什么不一样.docx
[2009/11/11 12:29:56 | 000,011,945 | ---- | C] ()(C:\Users\DrLexy\Documents\?????????????.docx) -- C:\Users\DrLexy\Documents\你的国家和中国有什么不一样.docx
[2009/10/18 18:20:25 | 000,011,113 | ---- | M] ()(C:\Users\DrLexy\Documents\?????.docx) -- C:\Users\DrLexy\Documents\特别的同屋.docx
[2009/10/18 17:05:10 | 000,011,113 | ---- | C] ()(C:\Users\DrLexy\Documents\?????.docx) -- C:\Users\DrLexy\Documents\特别的同屋.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
< End of report >


------------------------------------------------------------------



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-10 16:53:21
Windows 6.0.6002 Service Pack 2
Running: 8bjn011h.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\002556da5e59
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\002556da5e59@9c1874f8b290 0x61 0x1A 0x54 0xEE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\002556da5e59@0023aff162e7 0x93 0xB0 0x14 0xF1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\ControlSet002\Services\BthPort\Parameters\Keys\002556da5e59 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BthPort\Parameters\Keys\002556da5e59@9c1874f8b290 0x61 0x1A 0x54 0xEE ...
Reg HKLM\SYSTEM\ControlSet002\Services\BthPort\Parameters\Keys\002556da5e59@0023aff162e7 0x93 0xB0 0x14 0xF1 ...

---- EOF - GMER 1.0.15 ----



----------
D:/ Drive:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-10 16:55:38
Windows 6.0.6002 Service Pack 2
Running: 8bjn011h.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\002556da5e59
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\002556da5e59@9c1874f8b290 0x61 0x1A 0x54 0xEE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\002556da5e59@0023aff162e7 0x93 0xB0 0x14 0xF1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\ControlSet002\Services\BthPort\Parameters\Keys\002556da5e59 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BthPort\Parameters\Keys\002556da5e59@9c1874f8b290 0x61 0x1A 0x54 0xEE ...
Reg HKLM\SYSTEM\ControlSet002\Services\BthPort\Parameters\Keys\002556da5e59@0023aff162e7 0x93 0xB0 0x14 0xF1 ...

---- EOF - GMER 1.0.15 ----


------------------------------

EDIT: Might I add that a nasty file called IEXPL0RE.exe runs and cannot be deleted.

Again, thank you very much for responding.

Edited by drlxy, 10 April 2010 - 05:31 AM.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:12 PM

Posted 10 April 2010 - 04:47 AM

Hello again,

MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 drlxy

drlxy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 10 April 2010 - 12:08 PM

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3974

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

11/04/2010 01:08:06
mbam-log-2010-04-11 (01-08-06).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 483356
Time elapsed: 2 hour(s), 17 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{6b844b04-34cb-4430-a3c3-9ad5f16a1b49} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6b844b04-34cb-4430-a3c3-9ad5f16a1b49} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6b844b04-34cb-4430-a3c3-9ad5f16a1b49} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\DrLexy\Documents\Games\roller coaster tycoon 3\rollcostyc3 kissme1\RollerCoaster Tycoon 3\ToeD.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Users\DrLexy\Documents\Games\roller coaster tycoon 3\rollcostyc3 kissme1\RollerCoaster Tycoon 3\rct3\ToeD.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Windows\System32\FD0D90\com.run (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Windows\System32\FD0D90\dp1.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Windows\System32\FD0D90\internet.fne (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\FD0D90\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Windows\System32\FD0D90\shell.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\FD0D90\com.run (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\FD0D90\dp1.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\FD0D90\internet.fne (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\FD0D90\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\FD0D90\shell.fne (Worm.AutoRun) -> Quarantined and deleted successfully.


EDIT: IEXPL0RE.EXE still cropping up-
"Virus or unwanted program 'SPR/AutoIt.Gen [riskware]'
detected in file 'C:\Program Files (x86)\Internet Explorer\IEXPL0RE.EXE.
Action performed: Deny access"

Edited by drlxy, 10 April 2010 - 12:22 PM.


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:12 PM

Posted 10 April 2010 - 12:46 PM

Please follow these instructions to run the System File Checker. Post me the results (if any) in your next reply and let me know how things are running.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 drlxy

drlxy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 11 April 2010 - 01:11 AM

2010-04-11 13:36:26, Info CSI 0000013f [SR] Cannot repair member file [l:20{10}]"tcpmon.ini" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonINI, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2010-04-11 13:36:31, Info CSI 00000141 [SR] Cannot repair member file [l:20{10}]"tcpmon.ini" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonINI, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2010-04-11 13:48:56, Info CSI 000002d3 [SR] Cannot repair member file [l:20{10}]"tcpmon.ini" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonINI, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2010-04-11 13:48:56, Info CSI 000002d5 [SR] Cannot repair member file [l:20{10}]"tcpmon.ini" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonINI, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:12 PM

Posted 11 April 2010 - 06:04 AM

QUOTE
EDIT: IEXPL0RE.EXE still cropping up-
"Virus or unwanted program 'SPR/AutoIt.Gen [riskware]'
detected in file 'C:\Program Files (x86)\Internet Explorer\IEXPL0RE.EXE.
Action performed: Deny access"
Does this still happen now?

Also, please rerun a quick MBAM scan and post me the results.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 drlxy

drlxy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 11 April 2010 - 09:44 AM

--hxxp://www.6313.com/ is still my default redirection page.

--"Virus or unwanted program 'SPR/AutoIt.Gen [riskware]'
detected in file 'C:\Program Files (x86)\Internet Explorer\IEXPL0RE.EXE.
Action performed: Deny access" is still cropping up:

The file 'C:\Program Files (x86)\Internet Explorer\IEXPL0RE.EXE'
contained a virus or unwanted program 'SPR/AutoIt.Gen' [riskware]
Action(s) taken:
An error has occurred and the file was not deleted. ErrorID: 26003.
The file could not be deleted!
Attempting to perform action using the ARK library.
The file could not be copied to quarantine!
The file could not be deleted!

-- D:\AUTORUN.INF is still doing naughty things apparently.

-- Malwarebytes scan didn't find anything.

-- I still can't update Windows Vista security updates.

-- I wonder if I'm going to have to resign to this? I've never had such persistent malware problems. The problems came as soon as I came back to China from a holiday.



#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:12 PM

Posted 11 April 2010 - 09:48 AM

Can you please post me a new OTL log?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 drlxy

drlxy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 15 April 2010 - 12:29 AM

This is my only log:


OTL logfile created on: 15/04/2010 13:18:00 - Run 3
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\DrLexy\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.58 Gb Total Space | 190.40 Gb Free Space | 42.26% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 5.81 Gb Free Space | 38.71% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DRLEXY-PC
Current User Name: DrLexy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/15 13:00:41 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\DrLexy\Downloads\OTL.exe
PRC - [2010/04/05 02:43:06 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/03/16 15:36:32 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/02/23 06:52:16 | 002,633,976 | ---- | M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2009/09/08 15:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009/09/08 15:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009/08/29 17:53:20 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/07/26 16:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/05/21 14:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 14:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/17 16:17:02 | 000,636,144 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/02/05 03:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/08 21:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\DrLexy\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2008/12/18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/12/18 12:27:22 | 004,823,928 | ---- | M] (Dell Inc. and SightSpeed Inc.) -- C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
PRC - [2008/06/05 22:06:04 | 000,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe


========== Modules (SafeList) ==========

MOD - [2010/04/15 13:00:41 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\DrLexy\Downloads\OTL.exe
MOD - [2009/04/11 14:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/08/31 05:34:54 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/05/06 14:28:34 | 000,948,736 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2009/04/11 15:11:13 | 000,053,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bthserv.dll -- (BthServ)
SRV:64bit: - [2009/03/30 20:25:18 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/30 20:24:46 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/21 10:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/26 23:04:22 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/16 15:36:32 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/09/08 15:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009/08/31 05:31:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/29 17:53:20 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/05/21 14:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/17 16:17:02 | 000,636,144 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/03/30 12:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2006/11/02 21:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 14:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 14:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/03/02 12:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2010/02/16 13:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/08/30 05:46:14 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/11 07:18:44 | 000,036,352 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tap0901.sys -- (tap0901)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/06 14:28:38 | 005,263,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2009/05/06 14:28:38 | 005,263,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/04/29 04:20:06 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/04/27 15:05:56 | 000,230,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/04/11 13:40:06 | 000,694,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BTHport.sys -- (BthPort)
DRV:64bit: - [2009/04/11 13:39:57 | 000,178,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV:64bit: - [2009/04/11 13:39:55 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\BthEnum.sys -- (BthEnum)
DRV:64bit: - [2009/04/11 13:39:53 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BTHUSB.sys -- (BTHUSB)
DRV:64bit: - [2009/04/11 13:39:51 | 000,275,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/04/11 13:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/30 20:25:34 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/03/15 18:32:56 | 000,085,424 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/03/09 00:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2009/03/06 14:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2008/12/31 03:00:22 | 000,172,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2008/12/22 17:26:28 | 004,735,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/08/25 18:35:36 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2008/07/17 18:59:12 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/07/17 18:59:10 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/07/17 18:59:08 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/07/16 19:50:42 | 000,239,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2008/06/27 14:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/06/16 17:25:20 | 000,019,880 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/06/16 17:25:14 | 000,036,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/06/16 17:25:12 | 000,120,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/06/16 17:25:10 | 000,092,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/01/21 10:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/21 10:47:27 | 000,168,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2008/01/21 10:47:02 | 000,115,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV:64bit: - [2008/01/21 10:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2008/01/21 10:46:51 | 000,017,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV - [2009/08/19 22:26:39 | 000,000,000 | ---D | M] [Kernel | On_Demand | Running] -- C:\Windows\ITECIR -- (itecir)
DRV - [2008/08/14 14:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\adfs.sys -- (adfs)
DRV - [2006/09/19 05:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/19 05:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.6313.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: ivacyproxy@ivacy.com:1.1.8
FF - prefs.js..extensions.enabledItems: {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}:1.4.5
FF - prefs.js..network.proxy.http: "202.240.224.5"
FF - prefs.js..network.proxy.http_port: 8080

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/05 02:43:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/05 02:43:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009/08/25 20:27:47 | 000,000,000 | ---D | M] -- C:\Users\DrLexy\AppData\Roaming\Mozilla\Extensions
[2010/04/14 23:01:39 | 000,000,000 | ---D | M] -- C:\Users\DrLexy\AppData\Roaming\Mozilla\Firefox\Profiles\zcwqsfdi.default\extensions
[2009/08/26 02:16:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\DrLexy\AppData\Roaming\Mozilla\Firefox\Profiles\zcwqsfdi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/24 12:25:41 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\DrLexy\AppData\Roaming\Mozilla\Firefox\Profiles\zcwqsfdi.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2009/08/25 21:24:33 | 000,000,000 | ---D | M] -- C:\Users\DrLexy\AppData\Roaming\Mozilla\Firefox\Profiles\zcwqsfdi.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009/11/10 23:56:14 | 000,000,000 | ---D | M] -- C:\Users\DrLexy\AppData\Roaming\Mozilla\Firefox\Profiles\zcwqsfdi.default\extensions\ivacyproxy@ivacy.com
[2009/09/20 01:42:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/01/14 06:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2009/07/31 06:24:36 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/07/31 06:24:36 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/07/31 06:24:36 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/07/31 06:24:36 | 000,000,831 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/03/21 14:55:31 | 000,000,791 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000..\Run: [Octoshape Streaming Services] C:\Users\DrLexy\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\DrLexy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\postgres.DrLexy-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-21-3228512399-1494745669-1716558871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe (Microgaming)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.co...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 180.168.255.18 116.228.111.118
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{1d723323-d091-11de-8b4c-002219ead854}\Shell\AutoRun\command - "" = G:\wd_windows_tools\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/12 22:02:33 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\Documents\Cross Fire
[2010/04/12 22:02:28 | 000,000,000 | ---D | C] -- C:\CFLog
[2010/04/12 20:47:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Z8Games
[2010/04/10 22:30:26 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\AppData\Roaming\Malwarebytes
[2010/04/10 22:30:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/10 22:30:15 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/10 22:30:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/04/10 22:30:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/10 15:22:17 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2010/04/10 15:22:17 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/04/10 15:22:17 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2010/04/10 15:22:17 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2010/04/10 15:22:16 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2010/04/10 15:22:16 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2010/04/10 15:22:16 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2010/04/10 15:22:16 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010/04/10 15:22:16 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2010/04/10 15:22:16 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2010/04/10 15:22:15 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2010/04/10 15:22:15 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010/04/10 15:22:10 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010/04/10 15:22:10 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/04/10 15:22:07 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2010/04/10 15:22:07 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010/04/10 15:22:06 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2010/04/10 15:22:06 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010/04/10 15:22:04 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2010/04/10 15:22:04 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010/04/10 15:22:02 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2010/04/10 15:22:02 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2010/04/10 15:22:02 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2010/04/10 15:22:02 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2010/04/10 15:22:02 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010/04/10 15:22:02 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2010/04/10 13:19:33 | 000,000,000 | ---D | C] -- C:\Call of Duty Modern Warfare 2
[2010/04/09 01:21:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/04/09 01:21:58 | 000,000,000 | ---D | C] -- C:\Windows\Content.IE5
[2010/04/09 01:21:50 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\AppData\Local\Temp
[2010/04/09 01:18:26 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/04/09 01:11:36 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\Desktop\smitRem
[2010/04/08 21:09:31 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\Documents\Downloads
[2010/04/08 20:45:32 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\AppData\Local\Google
[2010/04/06 11:40:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veoh Networks
[2010/04/06 02:05:33 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\Desktop\zhongwen rom
[2010/04/06 02:02:18 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\Desktop\patcher
[2010/04/06 01:00:46 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\Documents\Insanity Progress Pics
[2010/04/05 19:03:04 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\Desktop\Logs for posting
[2010/04/03 22:22:40 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\Desktop\Worms Armageddon
[2010/04/03 21:29:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2010/04/03 19:04:29 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\Documents\Bioshock2
[2010/04/03 19:04:29 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\AppData\Roaming\Bioshock2
[2010/04/03 13:53:31 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\Desktop\Red Alert 2
[2010/04/01 14:02:34 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\Desktop\ADRIAN'S FILMS
[2010/03/31 01:34:43 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\AppData\Roaming\IObit
[2010/03/31 01:34:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2010/03/27 23:19:00 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/03/27 23:19:00 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010/03/27 23:19:00 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010/03/27 23:19:00 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/03/27 23:19:00 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/03/27 23:18:59 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/03/26 23:14:36 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\Desktop\Rapid Downloads
[2010/03/26 23:12:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Download Manager
[2010/03/26 22:40:01 | 000,000,000 | ---D | C] -- C:\ProgramData\2DBoy
[2010/03/26 22:38:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WorldOfGoo
[2010/03/25 13:40:22 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\AppData\Roaming\Avira
[2010/03/25 12:17:52 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010/03/25 12:17:52 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010/03/25 12:17:52 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010/03/24 17:36:18 | 000,000,000 | -H-D | C] -- C:\Windows\SysWow64\FD0D90
[2010/03/24 17:36:18 | 000,000,000 | -H-D | C] -- C:\Windows\SysWow64\391573
[2010/03/21 15:00:48 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\Desktop\passport etc
[2010/03/19 12:14:06 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2010/03/17 18:11:36 | 000,000,000 | ---D | C] -- C:\Users\DrLexy\AppData\Roaming\Facebook
[2009/08/25 21:25:17 | 008,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\DrLexy\AppData\Roaming\DataSafeDotNet.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/15 13:16:48 | 003,932,160 | -HS- | M] () -- C:\Users\DrLexy\NTUSER.DAT
[2010/04/15 12:50:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3228512399-1494745669-1716558871-1000UA.job
[2010/04/15 12:47:49 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D62474E6-5A7C-444C-AFD0-B07AF7149413}.job
[2010/04/15 12:42:36 | 000,757,016 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/04/15 12:42:36 | 000,647,086 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/04/15 12:42:36 | 000,123,734 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/04/15 12:36:23 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/15 12:36:23 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/15 12:36:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/15 12:36:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/15 12:36:09 | 4289,609,728 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/15 08:00:55 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/04/15 08:00:54 | 000,524,288 | -HS- | M] () -- C:\Users\DrLexy\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/04/15 08:00:54 | 000,065,536 | -HS- | M] () -- C:\Users\DrLexy\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/04/14 19:49:40 | 003,146,752 | -H-- | M] () -- C:\Users\DrLexy\AppData\Local\IconCache.db
[2010/04/13 20:50:00 | 000,000,858 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3228512399-1494745669-1716558871-1000Core.job
[2010/04/12 22:13:17 | 000,010,915 | ---- | M] () -- C:\Users\DrLexy\Documents\Shanghai Weight.xlsx
[2010/04/12 20:49:39 | 000,000,973 | ---- | M] () -- C:\Users\DrLexy\Desktop\CrossFire.lnk
[2010/04/11 01:07:56 | 000,002,392 | ---- | M] () -- C:\Users\DrLexy\Desktop\malware log
[2010/04/11 00:58:55 | 009,178,746 | ---- | M] () -- C:\Users\DrLexy\Documents\Companion_to_Mathematics2.pdf
[2010/04/10 22:30:20 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/10 16:55:38 | 000,001,144 | ---- | M] () -- C:\Users\DrLexy\Desktop\copypaste4.text
[2010/04/10 16:53:21 | 000,001,144 | ---- | M] () -- C:\Users\DrLexy\Desktop\copypaste3.text
[2010/04/09 01:10:23 | 000,383,836 | ---- | M] () -- C:\Users\DrLexy\Desktop\smitRem.exe
[2010/04/09 00:58:01 | 000,001,726 | ---- | M] () -- C:\Users\DrLexy\Desktop\CCleaner.lnk
[2010/04/09 00:52:10 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/04/08 20:46:58 | 000,002,049 | ---- | M] () -- C:\Users\DrLexy\Desktop\Google Chrome.lnk
[2010/04/08 16:09:40 | 000,215,160 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/04/08 15:58:15 | 000,215,160 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/04/05 01:26:18 | 000,000,680 | ---- | M] () -- C:\Users\DrLexy\AppData\Local\d3d9caps.dat
[2010/04/03 18:49:35 | 000,001,803 | ---- | M] () -- C:\Program Files (x86)\Internet Explorer.lnk
[2010/04/03 18:48:04 | 000,000,202 | ---- | M] () -- C:\Windows\win.ini
[2010/04/03 18:48:03 | 000,001,803 | R-S- | M] () -- C:\Users\Public\Desktop\Internet Explorer.lnk
[2010/04/03 15:28:26 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/03/31 01:34:48 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/30 00:45:56 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/29 21:36:20 | 000,000,903 | ---- | M] () -- C:\Users\DrLexy\Desktop\Ivacy Monitor.lnk
[2010/03/28 14:10:42 | 000,079,743 | ---- | M] () -- C:\Users\DrLexy\Documents\Chinese Leeds Exam Texts Translated [1-6].docx
[2010/03/28 14:09:16 | 000,079,751 | ---- | M] () -- C:\Users\DrLexy\Documents\Chinese Leeds Exam Texts Translated.docx
[2010/03/27 18:11:13 | 000,012,010 | ---- | M] () -- C:\Users\DrLexy\Documents\leeds text 5.docx
[2010/03/26 22:06:40 | 000,061,952 | ---- | M] () -- C:\Users\DrLexy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/21 15:43:04 | 000,033,280 | ---- | M] () -- C:\Users\DrLexy\Documents\Curriculum Vitae - Alexander Schultz.doc
[2010/03/21 10:28:07 | 000,002,451 | ---- | M] () -- C:\Users\DrLexy\Desktop\TableNinja.lnk
[2010/03/18 15:06:21 | 000,000,751 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/12 20:49:39 | 000,000,973 | ---- | C] () -- C:\Users\DrLexy\Desktop\CrossFire.lnk
[2010/04/11 01:07:56 | 000,002,392 | ---- | C] () -- C:\Users\DrLexy\Desktop\malware log
[2010/04/11 00:48:16 | 009,178,746 | ---- | C] () -- C:\Users\DrLexy\Documents\Companion_to_Mathematics2.pdf
[2010/04/10 22:30:20 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/10 16:55:38 | 000,001,144 | ---- | C] () -- C:\Users\DrLexy\Desktop\copypaste4.text
[2010/04/10 16:53:21 | 000,001,144 | ---- | C] () -- C:\Users\DrLexy\Desktop\copypaste3.text
[2010/04/10 15:19:12 | 000,359,942 | ---- | C] () -- C:\Users\DrLexy\AppData\Local\dd_vcredistMSI1A6B.txt
[2010/04/10 15:19:12 | 000,011,194 | ---- | C] () -- C:\Users\DrLexy\AppData\Local\dd_vcredistUI1A6B.txt
[2010/04/09 01:49:15 | 4289,609,728 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/09 01:10:16 | 000,383,836 | ---- | C] () -- C:\Users\DrLexy\Desktop\smitRem.exe
[2010/04/09 00:58:01 | 000,001,726 | ---- | C] () -- C:\Users\DrLexy\Desktop\CCleaner.lnk
[2010/04/08 20:46:58 | 000,002,049 | ---- | C] () -- C:\Users\DrLexy\Desktop\Google Chrome.lnk
[2010/04/08 20:45:34 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3228512399-1494745669-1716558871-1000UA.job
[2010/04/08 20:45:33 | 000,000,858 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3228512399-1494745669-1716558871-1000Core.job
[2010/04/03 18:49:35 | 000,001,803 | ---- | C] () -- C:\Program Files (x86)\Internet Explorer
[2010/04/03 18:48:03 | 000,001,803 | R-S- | C] () -- C:\Users\Public\Desktop\Internet Explorer.lnk
[2010/03/31 01:34:48 | 000,001,058 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2010/03/28 14:10:41 | 000,079,743 | ---- | C] () -- C:\Users\DrLexy\Documents\Chinese Leeds Exam Texts Translated [1-6].docx
[2010/03/25 12:16:48 | 000,441,270 | ---- | C] () -- C:\Users\DrLexy\AppData\Local\dd_vcredistMSI2CAD.txt
[2010/03/25 12:16:47 | 000,011,714 | ---- | C] () -- C:\Users\DrLexy\AppData\Local\dd_vcredistUI2CAD.txt
[2010/03/25 00:28:52 | 000,012,010 | ---- | C] () -- C:\Users\DrLexy\Documents\leeds text 5.docx
[2010/02/24 20:48:05 | 000,000,045 | ---- | C] () -- C:\Users\DrLexy\AppData\Local\machpro.dat
[2010/02/02 05:37:24 | 000,065,399 | ---- | C] () -- C:\Users\DrLexy\100201-213616.jpg
[2010/01/26 21:46:19 | 000,002,233 | ---- | C] () -- C:\Users\DrLexy\pokerclient.log
[2010/01/23 23:45:12 | 000,364,678 | ---- | C] () -- C:\Users\DrLexy\AppData\Local\dd_vcredistMSI1D72.txt
[2010/01/23 23:45:11 | 000,011,210 | ---- | C] () -- C:\Users\DrLexy\AppData\Local\dd_vcredistUI1D72.txt
[2009/12/03 15:01:13 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 14:59:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/11/11 00:55:45 | 000,028,707 | ---- | C] () -- C:\Users\DrLexy\weight.jpg
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/11/06 02:23:56 | 000,000,680 | ---- | C] () -- C:\Users\DrLexy\AppData\Local\d3d9caps.dat
[2009/10/04 16:14:48 | 000,335,806 | ---- | C] () -- C:\Users\DrLexy\AppData\Local\dd_vcredistMSI63F9.txt
[2009/10/04 16:14:48 | 000,012,546 | ---- | C] () -- C:\Users\DrLexy\AppData\Local\dd_vcredistUI63F9.txt
[2009/10/04 15:56:14 | 000,425,916 | ---- | C] () -- C:\Users\DrLexy\AppData\Local\dd_vcredistMSI55C3.txt
[2009/10/04 15:56:14 | 000,012,770 | ---- | C] () -- C:\Users\DrLexy\AppData\Local\dd_vcredistUI55C3.txt
[2009/09/20 16:25:39 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/09/06 19:09:22 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2009/09/02 00:14:31 | 000,700,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/08/31 09:35:27 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2009/08/29 00:18:06 | 000,000,325 | ---- | C] () -- C:\Windows\game.ini
[2009/08/25 23:06:22 | 000,061,952 | ---- | C] () -- C:\Users\DrLexy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/25 20:10:27 | 000,000,020 | -HS- | C] () -- C:\Users\DrLexy\ntuser.ini
[2009/08/25 20:10:26 | 003,932,160 | -HS- | C] () -- C:\Users\DrLexy\NTUSER.DAT
[2009/08/25 20:10:26 | 000,524,288 | -HS- | C] () -- C:\Users\DrLexy\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2009/08/25 20:10:26 | 000,524,288 | -HS- | C] () -- C:\Users\DrLexy\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2009/08/25 20:10:26 | 000,262,144 | -H-- | C] () -- C:\Users\DrLexy\ntuser.dat.LOG2
[2009/08/25 20:10:26 | 000,262,144 | -H-- | C] () -- C:\Users\DrLexy\ntuser.dat.LOG1
[2009/08/25 20:10:26 | 000,065,536 | -HS- | C] () -- C:\Users\DrLexy\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2009/08/20 07:47:36 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\zwjy06r.dll
[2009/08/20 07:47:36 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll
[2009/08/20 07:47:36 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll
[2009/08/20 07:47:36 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2009/08/20 07:47:36 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2009/08/20 07:47:36 | 000,000,340 | ---- | C] () -- C:\Windows\SysWow64\g0nj28s.dll
[2009/08/20 07:47:36 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll
[2009/08/20 07:47:36 | 000,000,072 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2009/08/20 07:47:36 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\v16qi5y.dll
[2008/01/21 10:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== Files - Unicode (All) ==========
[2010/04/04 23:09:08 | 000,001,038 | R-S- | M] ()(C:\Users\Public\Desktop\????.lnk) -- C:\Users\Public\Desktop\淘宝导购.lnk
[2010/04/04 23:09:08 | 000,001,038 | R-S- | C] ()(C:\Users\Public\Desktop\????.lnk) -- C:\Users\Public\Desktop\淘宝导购.lnk
[2010/03/29 23:41:31 | 000,014,099 | ---- | M] ()(C:\Users\DrLexy\Documents\???????????????.docx) -- C:\Users\DrLexy\Documents\我在中国碰到的一个最有意思的人.docx
[2010/03/29 20:43:59 | 000,014,099 | ---- | C] ()(C:\Users\DrLexy\Documents\???????????????.docx) -- C:\Users\DrLexy\Documents\我在中国碰到的一个最有意思的人.docx
[2010/01/10 18:24:05 | 000,011,780 | ---- | M] ()(C:\Users\DrLexy\Documents\[describing sentences]?????????.docx) -- C:\Users\DrLexy\Documents\[describing sentences]这只猫想吃那些葡萄.docx
[2010/01/10 18:16:38 | 000,011,780 | ---- | C] ()(C:\Users\DrLexy\Documents\[describing sentences]?????????.docx) -- C:\Users\DrLexy\Documents\[describing sentences]这只猫想吃那些葡萄.docx
[2010/01/06 01:45:11 | 000,015,621 | ---- | M] ()(C:\Users\DrLexy\Desktop\???????[JT].docx) -- C:\Users\DrLexy\Desktop\我对中国的印象[JT].docx
[2010/01/06 01:45:09 | 000,015,621 | ---- | C] ()(C:\Users\DrLexy\Desktop\???????[JT].docx) -- C:\Users\DrLexy\Desktop\我对中国的印象[JT].docx
[2010/01/04 03:28:19 | 000,015,805 | ---- | M] ()(C:\Users\DrLexy\Documents\finished???????bar version.docx) -- C:\Users\DrLexy\Documents\finished我对中国的印象bar version.docx
[2010/01/03 22:37:41 | 000,015,805 | ---- | C] ()(C:\Users\DrLexy\Documents\finished???????bar version.docx) -- C:\Users\DrLexy\Documents\finished我对中国的印象bar version.docx
[2010/01/03 21:39:36 | 000,014,712 | ---- | M] ()(C:\Users\DrLexy\Documents\finished???????.docx) -- C:\Users\DrLexy\Documents\finished我对中国的印象.docx
[2010/01/02 13:36:09 | 000,014,712 | ---- | C] ()(C:\Users\DrLexy\Documents\finished???????.docx) -- C:\Users\DrLexy\Documents\finished我对中国的印象.docx
[2010/01/02 13:35:41 | 000,014,674 | ---- | M] ()(C:\Users\DrLexy\Documents\???????.docx) -- C:\Users\DrLexy\Documents\我对中国的印象.docx
[2009/12/21 19:32:36 | 000,014,674 | ---- | C] ()(C:\Users\DrLexy\Documents\???????.docx) -- C:\Users\DrLexy\Documents\我对中国的印象.docx
[2009/12/10 22:47:10 | 000,011,250 | ---- | M] ()(C:\Users\DrLexy\Documents\????.docx) -- C:\Users\DrLexy\Documents\十个句子.docx
[2009/12/10 22:11:27 | 000,011,250 | ---- | C] ()(C:\Users\DrLexy\Documents\????.docx) -- C:\Users\DrLexy\Documents\十个句子.docx
[2009/12/01 23:15:57 | 000,011,655 | ---- | M] ()(C:\Users\DrLexy\Documents\????????????.docx) -- C:\Users\DrLexy\Documents\上个周末我参加了一个婚礼.docx
[2009/12/01 22:50:13 | 000,011,655 | ---- | C] ()(C:\Users\DrLexy\Documents\????????????.docx) -- C:\Users\DrLexy\Documents\上个周末我参加了一个婚礼.docx
[2009/11/25 20:56:13 | 013,535,642 | ---- | M] ()(C:\Users\DrLexy\Documents\?? 07v.pptx) -- C:\Users\DrLexy\Documents\流行 07v.pptx
[2009/11/25 20:54:29 | 013,681,664 | ---- | M] ()(C:\Users\DrLexy\Documents\?? 96-03v.ppt) -- C:\Users\DrLexy\Documents\流行 96-03v.ppt
[2009/11/25 20:54:24 | 013,681,664 | ---- | C] ()(C:\Users\DrLexy\Documents\?? 96-03v.ppt) -- C:\Users\DrLexy\Documents\流行 96-03v.ppt
[2009/11/24 20:25:41 | 013,535,642 | ---- | C] ()(C:\Users\DrLexy\Documents\?? 07v.pptx) -- C:\Users\DrLexy\Documents\流行 07v.pptx
[2009/11/19 23:40:28 | 000,011,305 | ---- | M] ()(C:\Users\DrLexy\Documents\????.docx) -- C:\Users\DrLexy\Documents\我的身体.docx
[2009/11/19 21:12:53 | 000,011,305 | ---- | C] ()(C:\Users\DrLexy\Documents\????.docx) -- C:\Users\DrLexy\Documents\我的身体.docx
[2009/11/11 15:16:56 | 000,011,945 | ---- | M] ()(C:\Users\DrLexy\Documents\?????????????.docx) -- C:\Users\DrLexy\Documents\你的国家和中国有什么不一样.docx
[2009/11/11 12:29:56 | 000,011,945 | ---- | C] ()(C:\Users\DrLexy\Documents\?????????????.docx) -- C:\Users\DrLexy\Documents\你的国家和中国有什么不一样.docx
[2009/10/18 18:20:25 | 000,011,113 | ---- | M] ()(C:\Users\DrLexy\Documents\?????.docx) -- C:\Users\DrLexy\Documents\特别的同屋.docx
[2009/10/18 17:05:10 | 000,011,113 | ---- | C] ()(C:\Users\DrLexy\Documents\?????.docx) -- C:\Users\DrLexy\Documents\特别的同屋.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
< End of report >


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:12 PM

Posted 15 April 2010 - 05:21 AM


OTL FIX
------------
Hello again,

First of all, clean all your flash drives using Flash Disinfector.

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.


We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :otl
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.6313.com/
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

    :commands
    [emptytemp]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 drlxy

drlxy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 17 April 2010 - 07:49 AM

Unfortunately, Flash Disinfector will not run. I download it and try and run it, but nothing happens. Rebooting in Safe mode does nothing.

Here is the report:

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DrLexy
->Temp folder emptied: 6586019 bytes
->Temporary Internet Files folder emptied: 6858908 bytes
->Java cache emptied: 63635226 bytes
->FireFox cache emptied: 55577295 bytes
->Google Chrome cache emptied: 355009424 bytes
->Flash cache emptied: 17425 bytes

User: postgres
->Temp folder emptied: 33237 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: postgres.DrLexy-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes

User: Public

User: TEMP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26876 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3787089611 bytes

Total Files Cleaned = 4,077.00 mb


OTL by OldTimer - Version 3.2.1.1 log created on 04172010_204058

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:12 PM

Posted 17 April 2010 - 08:04 AM

In that case best is to reformat any flashdrives you have to make sure they are clean.

How are things running now?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:12 PM

Posted 26 April 2010 - 02:10 PM

Hello, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users