Trojan Problem

View previous topic View next topic Go down

Trojan Problem

Post by dychang on 20th April 2010, 2:06 pm

Pop ups and Unknown Virus Detector popping up

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 9:59:30 AM, on 4/20/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Stephanie\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Stephanie\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [Google Update] "C:\Users\Stephanie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [googletalk] C:\Users\Stephanie\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [SansaDispatch] C:\Users\Stephanie\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [riduqtqp] C:\Users\Stephanie\AppData\Local\lcykohynw\sxjiqedtssd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - [You must be registered and logged in to see this link.]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe (file missing)
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13876 bytes


Thanks!

dychang
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-01-13
OS OS : Windows XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Problem

Post by Dr Jay on 20th April 2010, 4:27 pm

Hi.

Are you only able to run in Safe Mode?

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan Problem

Post by dychang on 20th April 2010, 6:05 pm

Malwarebytes' Anti-Malware 1.44
Database version: 3792
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4/20/2010 2:03:25 PM
mbam-log-2010-04-20 (14-03-24).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 281592
Time elapsed: 1 hour(s), 19 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

dychang
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-01-13
OS OS : Windows XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Problem

Post by Dr Jay on 20th April 2010, 6:45 pm

Are you only able to run in Safe Mode?

Your log reports that you ran HijackThis in Safe Mode with Networking.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan Problem

Post by dychang on 20th April 2010, 7:44 pm

Correct. I can only run in safemode. No programs are able to open in regular mode.

dychang
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-01-13
OS OS : Windows XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Problem

Post by Dr Jay on 21st April 2010, 2:41 am

In Normal Mode, what message do you get that causes them not to open?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan Problem

Post by dychang on 21st April 2010, 3:12 am

I don't get any message. it just wont open. the program will flash on and disappear. task manager will not run. nothing runs. just get pop ups and antivirus software installation warnings come.

dychang
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-01-13
OS OS : Windows XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Problem

Post by dychang on 21st April 2010, 4:34 am

Malwarebytes' Anti-Malware 1.45
[You must be registered and logged in to see this link.]

Database version: 3930

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18882

4/21/2010 12:31:06 AM
mbam-log-2010-04-21 (00-31-06).txt

Scan type: Quick scan
Objects scanned: 106268
Time elapsed: 4 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


However when i reboot the computer in normal mode i am still unable to open any programs. Programs open and disappear.

dychang
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-01-13
OS OS : Windows XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Problem

Post by dychang on 21st April 2010, 5:19 am

Just ran it again for sh*ts and giggles. But found another problem.





Malwarebytes' Anti-Malware 1.45
[You must be registered and logged in to see this link.]

Database version: 3930

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18882

4/21/2010 12:32:10 AM
mbam-log-2010-04-21 (00-32-10).txt

Scan type: Quick scan
Objects scanned: 106318
Time elapsed: 4 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zyncm (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\drivers\qbbteo.sys (Rootkit.Agent) -> Quarantined and deleted successfully.



Still unable to open any programs in normal mode. Only programs that work are internet explorer and all addresses get redirected.

dychang
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-01-13
OS OS : Windows XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Problem

Post by Dr Jay on 21st April 2010, 5:32 am

GMER

Note about this tool:
  • This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes.
  • This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know.
  • No matter what is in the log, please post all the information/contents of the log.


Please download the [You must be registered and logged in to see this link.]. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan Problem

Post by dychang on 21st April 2010, 6:18 am

GMER 1.0.15.15281 - [You must be registered and logged in to see this link.]
Rootkit scan 2010-04-21 02:09:40
Windows 6.0.6002 Service Pack 2
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186cab1d2
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186cab1d2 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

dychang
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-01-13
OS OS : Windows XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Problem

Post by Dr Jay on 21st April 2010, 1:20 pm

Please download [You must be registered and logged in to see this link.]

  • Save it to your desktop.
  • Please double-click OTM to run it. (Note for Vista: Right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose CopyCrying

    :reg
    [-HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186cab1d2]
    [-HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186cab1d2]

    :Commands
    [emptytemp]
    [purity]
    [Reboot]

  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and
open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan Problem

Post by dychang on 21st April 2010, 3:25 pm

All processes killed
========== REGISTRY ==========
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186cab1d2\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186cab1d2\ scheduled to be deleted on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Stephanie
->Temp folder emptied: 436197 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 367 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 285 bytes

Total Files Cleaned = 0.00 mb


OTM by OldTimer - Version 3.1.10.2 log created on 04212010_125442

dychang
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-01-13
OS OS : Windows XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Problem

Post by Dr Jay on 22nd April 2010, 1:13 am

Ok. That did not work.

Please download [You must be registered and logged in to see this link.], and save it to your Desktop.
  • Double-click on RegASSASSIN.exe, read the license agreement, and continue by clicking I Agree.
  • Leave all items checkmarked. Then, copy and paste the following lines, ONE at a time, in to the box, and hit Delete:


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT


Finally, let me know if a message popped up, and if so, tell me what it said.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan Problem

Post by dychang on 22nd April 2010, 3:57 am

When I delete and yes, it says Regassasin cannot delete the registry key.

dychang
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-01-13
OS OS : Windows XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Problem

Post by Dr Jay on 22nd April 2010, 4:11 am

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan Problem

Post by dychang on 22nd April 2010, 4:23 am

Malwarebytes' Anti-Malware 1.45
[You must be registered and logged in to see this link.]

Database version: 4020

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18882

4/22/2010 12:20:54 AM
mbam-log-2010-04-22 (00-20-54).txt

Scan type: Quick scan
Objects scanned: 107157
Time elapsed: 3 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\riduqtqp (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Stephanie\AppData\Local\lcykohynw\sxjiqedtssd.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

dychang
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-01-13
OS OS : Windows XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Problem

Post by Dr Jay on 22nd April 2010, 4:29 am

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan Problem

Post by dychang on 22nd April 2010, 4:53 am

When I press start it says Cannot get Update is Proxy configured. Then I press Yes and it comes up with the same alert. so pretty much I am unable to even get past the first step.

dychang
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-01-13
OS OS : Windows XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Problem

Post by Dr Jay on 22nd April 2010, 5:26 am

Please run the [You must be registered and logged in to see this link.]

  • Follow the Instruction [You must be registered and logged in to see this link.] for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan Problem

Post by dychang on 22nd April 2010, 5:58 am

This does not work either. The Applet disappears. The web browsers do not really work. Internet explorer can not display any pages. I can however run in normal windows mode now.

dychang
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-01-13
OS OS : Windows XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Problem

Post by Dr Jay on 22nd April 2010, 1:23 pm

See if the proxy is configured.

Please start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options.
  • Now click on the Connections tab and then the Lan Settings button
  • Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen. Then press the Apply button and then the OK button to close the Internet Options screen.


Let me know if that was configured as a proxy or not.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan Problem

Post by dychang on 22nd April 2010, 1:31 pm

nope. that didn't change anything. browser still not functional and the virus scan websites do not work. Firefox works, and can go to every website, but the virus scan does not work. Proxy settings don't work.

dychang
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-01-13
OS OS : Windows XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Problem

Post by Dr Jay on 22nd April 2010, 4:23 pm

Ok.

Please download the latest version of Kaspersky GetSystemInfo (GSI) from [You must be registered and logged in to see this link.] and save it to your Desktop.
Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.



Set it to Maximum



IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.


Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to [You must be registered and logged in to see this link.] and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan Problem

Post by dychang on 22nd April 2010, 5:23 pm

[You must be registered and logged in to see this link.]

dychang
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-01-13
OS OS : Windows XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Problem

Post by Dr Jay on 22nd April 2010, 11:52 pm

Your logs are clean. How is your computer running?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan Problem

Post by dychang on 23rd April 2010, 12:43 am

internet explorer and google chrome do not work. firefox works.

dychang
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-01-13
OS OS : Windows XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Problem

Post by Dr Jay on 23rd April 2010, 1:01 am

Download [You must be registered and logged in to see this link.]

  • Extract it to Desktop and double click SREngLdr.EXE to run it
  • Select System Repair from the left pane.
  • Click on File Association
  • Select all entries that has an Error status click [Repair]
  • Refer to this image for an example:


  • Close SREng now.


Let me know what was fixed.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan Problem

Post by dychang on 23rd April 2010, 1:27 am

There was an error with .JS
But when i click repair nothing happened. Still says error.

dychang
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-01-13
OS OS : Windows XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Problem

Post by Dr Jay on 23rd April 2010, 1:36 am

Ok.

Let's go out on a limb.

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

[You must be registered and logged in to see this link.]

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

  • At the bottom of the page

    • Hidden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The
    log will be saved automatically in the same folder Sysprot.exe was
    extracted to. Open the text file and copy/paste the log here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan Problem

Post by dychang on 23rd April 2010, 1:49 am

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found

dychang
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-01-13
OS OS : Windows XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Problem

Post by Dr Jay on 23rd April 2010, 1:56 am

Please download [You must be registered and logged in to see this link.] and save it to your Desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS to start the program (if you are running on Vista then right-click the program and
    choose Run as Administrator).
  • At the top, tick on Scan All Users section and Include MD5.
  • At File Age set it to 90 Days
  • In the Processes, Modules, Services, Drivers, and Registry
    section, please set on Safe List.
  • In the Files Created Within and Files Modified Within section, set it to File Age
  • At the bottom, tick on all Safe List and Use Company Name WhiteList option
  • Under Additional Scans, tick on the "Extras" button and then click the checkboxes in front of the following items to select them:
      Reg - Disabled MS Config Items
      Reg - Drivers32
      Reg - Ext
      Reg - IE
      Explorer Bar
      Reg - NetSvcs
      Reg - Safeboot Minimal
      Reg - Safeboot Network
      File - Lop Check
      File - Purity Scan
  • Do NOT change any other settings.
  • Then, in the Custom Scans box, place this in:

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\System32\*.sys
    %systemroot%\System32\drivers\*.dll
    %systemroot%\System32\drivers\*.ini
    %systemroot%\System32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*


  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan Problem

Post by dychang on 23rd April 2010, 2:21 am

[code]
OTS logfile created on: 4/22/2010 10:10:40 PM - Run 1
OTS by OldTimer - Version 3.1.29.0 Folder = C:\Users\Stephanie\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 48.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.39 Gb Total Space | 27.88 Gb Free Space | 9.80% Space Free | Partition Type: NTFS
Drive D: | 13.70 Gb Total Space | 2.10 Gb Free Space | 15.32% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEPHANIE-PC
Current User Name: Stephanie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 90 Days

[Processes - Safe List]
ots (2).exe -> C:\Users\Stephanie\Downloads\OTS (2).exe -> [2010/04/22 22:01:54 | 000,638,976 | ---- | M | MD5 = DB2AB821FA03D3E233BE4F64B6D83320] (OldTimer Tools)
applemobiledeviceservice.exe -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/03/19 10:49:20 | 000,144,672 | ---- | M | MD5 = ACB095E7E1663F1B83A41C22C5D75F90] (Apple Inc.)
googlecrashhandler.exe -> C:\Users\Stephanie\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe -> [2010/03/18 04:03:07 | 000,136,176 | ---- | M | MD5 = 5466909C288218D868AAB8061D308E71] (Google Inc.)
sansadispatch.exe -> C:\Users\Stephanie\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe -> [2010/03/12 03:13:55 | 000,079,872 | ---- | M | MD5 = E5F661A0A9689AF91FD293BB983E3EAD] (SanDisk Corporation)
rimautoupdate.exe -> C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe -> [2010/03/10 22:32:26 | 000,648,536 | ---- | M | MD5 = F19C447D7DA713D3FBAA672D0CDA9D94] (Research In Motion Limited)
googledesktop.exe -> C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe -> [2010/01/23 18:22:26 | 000,030,192 | ---- | M | MD5 = F0187E45268E86AAAA932CBD9087BEA8] (Google)
sidebar.exe -> C:\Program Files (x86)\Windows Sidebar\sidebar.exe -> [2009/04/11 02:28:03 | 001,233,920 | ---- | M | Unable to obtain MD5] (Microsoft Corporation)
tvcapsvc.exe -> C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -> [2009/02/09 18:14:02 | 000,296,320 | ---- | M | MD5 = 862E9DEC4B802DD58D897A151A17C527] ()
tvsched.exe -> C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -> [2009/02/09 18:14:02 | 000,116,096 | ---- | M | MD5 = 5DCE4656BF1EBA4EB475D192F23B0B56] ()
tvagent.exe -> C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe -> [2009/02/09 18:13:36 | 000,206,120 | ---- | M | MD5 = A7A5FC14A6D2A400AB8F2E0FA58D82FD] (CyberLink Corp.)
clmlsvc.exe -> C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe -> [2008/12/25 16:41:20 | 000,189,736 | ---- | M | MD5 = 498A9E93BCBBB3FBCEAB2ADA3B66658E] (CyberLink)
tsmagent.exe -> C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe -> [2008/12/25 16:41:16 | 001,316,136 | ---- | M | MD5 = 1131F49F162539DD4834C67B4E93CD89] (CyberLink Corp.)
blservice.exe -> C:\Program Files (x86)\SMINST\BLService.exe -> [2008/12/17 20:11:40 | 000,365,952 | ---- | M | MD5 = BC0A4D47472B042537F4E57B950415FA] ()
dvdagent.exe -> C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe -> [2008/11/28 21:04:26 | 001,148,200 | ---- | M | MD5 = B6F6228AB545E2819A60C0D63A84E52E] (CyberLink Corp.)
viewpointservice.exe -> C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 17:38:08 | 000,024,652 | ---- | M | MD5 = 5F974FDE801C73952770736BECDE11E7] (Viewpoint Corporation)
googletalk.exe -> C:\Users\Stephanie\AppData\Roaming\Google\Google Talk\googletalk.exe -> [2007/01/01 17:22:02 | 003,739,648 | ---- | M | MD5 = BCD9CBF0621F9A6767276A2E0BF1DD15] (Google)

[Modules - Safe List]
ots (2).exe -> C:\Users\Stephanie\Downloads\OTS (2).exe -> [2010/04/22 22:01:54 | 000,638,976 | ---- | M | MD5 = DB2AB821FA03D3E233BE4F64B6D83320] (OldTimer Tools)
comdlg32.dll -> C:\Windows\SysWOW64\comdlg32.dll -> [2009/04/11 02:28:18 | 000,450,560 | ---- | M | MD5 = 4AA2A0E26CEF1A803741253DCF9A1503] (Microsoft Corporation)

[Win32 Services - Safe List]
(Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/03/19 10:49:20 | 000,144,672 | ---- | M | MD5 = ACB095E7E1663F1B83A41C22C5D75F90] (Apple Inc.)
(GoogleDesktopManager-110309-193829) Google Desktop Manager 5.9.911.3589 [On_Demand | Stopped] -> C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe -> [2010/01/23 18:22:26 | 000,030,192 | ---- | M | MD5 = F0187E45268E86AAAA932CBD9087BEA8] (Google)
(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2009/03/30 00:39:54 | 000,089,920 | ---- | M | MD5 = CE07A466201096F021CD09D631B21540] (Microsoft Corporation)
(TVCapSvc) TV Background Capture Service (TVBCS) [Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -> [2009/02/09 18:14:02 | 000,296,320 | ---- | M | MD5 = 862E9DEC4B802DD58D897A151A17C527] ()
(TVSched) TV Task Scheduler (TVTS) [Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -> [2009/02/09 18:14:02 | 000,116,096 | ---- | M | MD5 = 5DCE4656BF1EBA4EB475D192F23B0B56] ()
(Recovery Service for Windows) Recovery Service for Windows [Auto | Running] -> C:\Program Files (x86)\SMINST\BLService.exe -> [2008/12/17 20:11:40 | 000,365,952 | ---- | M | MD5 = BC0A4D47472B042537F4E57B950415FA] ()
(Microsoft Office Groove Audit Service) Microsoft Office Groove Audit Service [On_Demand | Stopped] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -> [2008/10/25 11:44:08 | 000,065,888 | ---- | M | MD5 = 7C4C76B39D5525C4A465E0BE32528E19] (Microsoft Corporation)
(Viewpoint Manager Service) Viewpoint Manager Service [Auto | Running] -> C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 17:38:08 | 000,024,652 | ---- | M | MD5 = 5F974FDE801C73952770736BECDE11E7] (Viewpoint Corporation)
(MSDTC) Distributed Transaction Coordinator [Unknown | Stopped] -> C:\Windows\SysWOW64\Msdtc -> [2006/11/02 09:34:14 | 000,000,000 | ---D | M]
(vds) Virtual Disk [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vds.mof -> [2006/11/02 02:35:15 | 000,060,994 | ---- | M | MD5 = 21A96F0C1B123F2463C6D624F125EAC9] ()
(VSS) Volume Shadow Copy [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vss.mof -> [2006/11/02 02:35:15 | 000,055,846 | ---- | M | MD5 = 9E4414C27EEC14EAF36A4BD24CFEEA93] ()

[Driver Services - Safe List]
({55662437-DA8C-40c0-AADA-2C816A897A49}) Power Control [2009/05/21 20:32:39] [Kernel | Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -> [2008/11/28 21:04:24 | 000,146,928 | ---- | M | MD5 = 1CACFEF9E5DD866C5B79A135EE729E18] (CyberLink Corp.)
(Tcpip) TCP/IP Protocol Driver [Kernel | Boot | Running] -> C:\Windows\SysWOW64\wbem\tcpip.mof -> [2006/09/18 17:36:40 | 000,003,066 | ---- | M | MD5 = EEC4A068DE477651214F6C8014ECBEC0] ()
(mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> C:\Windows\SysWOW64\wbem\mpsdrv.mof -> [2006/09/18 17:35:23 | 000,001,088 | ---- | M | MD5 = 74D68CB40BCD45AAE89A8BECC87D3868] ()
(ASPI) Advanced SCSI Programming Interface Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\ASPI32.SYS -> [2002/07/17 16:20:32 | 000,084,832 | ---- | M | MD5 = E54E27976E2C5A6465D44C10B1D87AC0] (Adaptec)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> [You must be registered and logged in to see this link.] ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\] > -> ->
HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\: Main\\"Default_Page_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\: Main\\"Default_Search_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\: Main\\"Search Page" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\: Main\\"Start Page" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\: Main\\"StartPageCache" -> 1 ->
HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\: Search\\"Default_Search_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\: Search\\"SearchAssistant" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\: SearchURL\\"" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\: "ProxyOverride" -> ->
HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\: "ProxyServer" -> http=127.0.0.1:5555 ->
< FireFox Settings [Prefs.js] > -> C:\Users\Stephanie\AppData\Roaming\Mozilla\FireFox\Profiles\kofsij80.default\prefs.js ->
extensions.enabledItems -> [You must be registered and logged in to see this link.]:1.0.0.586 ->
extensions.enabledItems -> [You must be registered and logged in to see this link.]:7 ->
network.proxy.type -> 4 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2010/04/21 00:32:05 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2010/04/21 00:32:05 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Users\Stephanie\AppData\Roaming\Mozilla\Extensions -> [2009/10/11 21:19:46 | 000,000,000 | ---D | M]
-> C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\kofsij80.default\extensions -> [2010/04/22 00:57:48 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant -> C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\kofsij80.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/10/11 21:41:39 | 000,000,000 | ---D | M]
-> C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\kofsij80.default\extensions\LogMeInClient@logmein.com -> [2010/03/08 11:12:27 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2010/04/21 00:42:10 | 000,000,000 | ---D | M]
~[Filtered]~
Reset Hosts
127.0.0.1 localhost
::1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> [2009/06/02 11:56:14 | 001,082,880 | ---- | M | MD5 = CE16731D20BC8AFD532AC7A526D809A9] (Skype Technologies S.A.)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M | MD5 = A6B5A41C0ED007AB6C43CAD899E533D8] (Microsoft Corporation)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 15:41:30 | 000,408,448 | ---- | M | MD5 = B7899C3E21B299D7A3C0DA96CAE340BD] (Microsoft Corporation)
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [Microsoft Live Search Toolbar Helper] -> [2008/08/29 00:09:08 | 000,086,032 | ---- | M | MD5 = C12121B120411F2C9A457AF8339AB6C6] (Microsoft Corp.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}" [HKLM] -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [Microsoft Live Search Toolbar] -> [2008/08/29 00:09:08 | 000,086,032 | ---- | M | MD5 = C12121B120411F2C9A457AF8339AB6C6] (Microsoft Corp.)
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\] > -> HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"" -> [] -> File not found
"BlackBerryAutoUpdate" -> C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background] -> [2010/03/10 22:32:26 | 000,648,536 | ---- | M | MD5 = F19C447D7DA713D3FBAA672D0CDA9D94] (Research In Motion Limited)
"CLMLServer for HP TouchSmart" -> C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe ["C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"] -> [2008/12/25 16:41:20 | 000,189,736 | ---- | M | MD5 = 498A9E93BCBBB3FBCEAB2ADA3B66658E] (CyberLink)
"DVDAgent" -> C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe ["C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"] -> [2008/11/28 21:04:26 | 001,148,200 | ---- | M | MD5 = B6F6228AB545E2819A60C0D63A84E52E] (CyberLink Corp.)
"Google Desktop Search" -> C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> [2010/01/23 18:22:26 | 000,030,192 | ---- | M | MD5 = F0187E45268E86AAAA932CBD9087BEA8] (Google)
"GrooveMonitor" -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe ["C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"] -> [2008/10/25 11:44:34 | 000,031,072 | ---- | M | MD5 = 644795F6985C740F5E36E9336B837D0B] (Microsoft Corporation)
"HP Health Check Scheduler" -> c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe] -> [2008/10/09 11:58:56 | 000,075,008 | ---- | M | MD5 = AE37F6508716D2DD6122744C46686BEC] (Hewlett-Packard)
"Malwarebytes Anti-Malware (reboot)" -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2010/03/30 00:46:02 | 001,086,856 | ---- | M | MD5 = 6FD614E7109CC0A3DAFE65F9D394F66E] (Malwarebytes Corporation)
"RoxWatchTray" -> C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe ["C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"] -> [2009/07/08 13:31:24 | 000,236,016 | ---- | M | MD5 = BC9884D6D1D66993733B802E3F24B6B3] (Sonic Solutions)
"TSMAgent" -> C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe ["C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"] -> [2008/12/25 16:41:16 | 001,316,136 | ---- | M | MD5 = 1131F49F162539DD4834C67B4E93CD89] (CyberLink Corp.)
"TVAgent" -> C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe ["C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"] -> [2009/02/09 18:13:36 | 000,206,120 | ---- | M | MD5 = A7A5FC14A6D2A400AB8F2E0FA58D82FD] (CyberLink Corp.)
"UCam_Menu" -> C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe ["C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"] -> [2008/11/15 01:02:14 | 000,218,408 | ---- | M | MD5 = E86D6EEABEF5596F95E3810DB26948C8] (CyberLink Corp.)
"UpdateLBPShortCut" -> C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe ["C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"] -> [2008/06/13 22:11:32 | 000,210,216 | ---- | M | MD5 = 601D77C0AA637A99073210894554B6BA] (CyberLink Corp.)
"UpdateP2GoShortCut" -> C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe ["C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"] -> [2008/10/30 15:51:46 | 000,210,216 | ---- | M | MD5 = 4B57A44B5DDFDE882A050CDA5FC3E092] (CyberLink Corp.)
"UpdatePDIRShortCut" -> C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe ["C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"] -> [2008/06/13 22:11:32 | 000,210,216 | ---- | M | MD5 = 601D77C0AA637A99073210894554B6BA] (CyberLink Corp.)
"UpdatePSTShortCut" -> C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe ["C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"] -> [2008/11/26 15:34:22 | 000,210,216 | ---- | M | MD5 = 82A3031F7FAA61CB5E040B0D98A104AF] (CyberLink Corp.)
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2009/04/11 02:28:03 | 001,233,920 | ---- | M | Unable to obtain MD5] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2009/04/11 02:28:23 | 002,153,472 | ---- | M | MD5 = 16FC5B430123238E522B18E63C257AF8] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2009/04/11 02:28:03 | 001,233,920 | ---- | M | Unable to obtain MD5] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2009/04/11 02:28:23 | 002,153,472 | ---- | M | MD5 = 16FC5B430123238E522B18E63C257AF8] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\] > -> HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Aim6" -> C:\Program Files (x86)\AIM6\aim6.exe ["C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.] -> [2009/05/19 01:23:16 | 000,049,968 | ---- | M | MD5 = 5B4AF27E83DA8385A9B08E76DA730C91] (AOL LLC)
"googletalk" -> C:\Users\Stephanie\AppData\Roaming\Google\Google Talk\googletalk.exe [C:\Users\Stephanie\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart] -> [2007/01/01 17:22:02 | 003,739,648 | ---- | M | MD5 = BCD9CBF0621F9A6767276A2E0BF1DD15] (Google)
"msnmsgr" -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background] -> [2009/07/26 16:44:34 | 003,883,856 | ---- | M | MD5 = D39DA5B7139B4B5147B3C6A94978B5AA] (Microsoft Corporation)
"SansaDispatch" -> C:\Users\Stephanie\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [C:\Users\Stephanie\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe] -> [2010/03/12 03:13:55 | 000,079,872 | ---- | M | MD5 = E5F661A0A9689AF91FD293BB983E3EAD] (SanDisk Corporation)
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\sidebar.exe [C:\Program Files (x86)\Windows Sidebar\sidebar.exe] -> [2009/04/11 02:28:03 | 001,233,920 | ---- | M | Unable to obtain MD5] (Microsoft Corporation)
"WMPNSCFG" -> C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000] > -> HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000] > -> HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Google Photos Screensa&ver -> C:\Windows\SysWow64\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/02/19 19:47:50 | 003,604,480 | ---- | M | MD5 = D909DFE8CA0FA8E505B7C6B4621AF745] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Google Photos Screensa&ver -> C:\Windows\SysWow64\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/02/19 19:47:50 | 003,604,480 | ---- | M | MD5 = D909DFE8CA0FA8E505B7C6B4621AF745] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\] > -> HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Google Photos Screensa&ver -> C:\Windows\SysWow64\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/02/19 19:47:50 | 003,604,480 | ---- | M | MD5 = D909DFE8CA0FA8E505B7C6B4621AF745] (Google Inc.)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2008/10/25 07:52:00 | 000,604,056 | ---- | M | MD5 = E003E1BE8780DD39DF02C3F06CDEDF04] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2008/10/25 07:52:00 | 000,604,056 | ---- | M | MD5 = E003E1BE8780DD39DF02C3F06CDEDF04] (Microsoft Corporation)
{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Button: Skype] -> [2009/06/02 11:56:14 | 001,082,880 | ---- | M | MD5 = CE16731D20BC8AFD532AC7A526D809A9] (Skype Technologies S.A.)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> [You must be registered and logged in to see this link.]
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. ->
Range1 [:Range = 127.0.0.1] -> http = Local intranet | ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. ->
Range1 [:Range = 127.0.0.1] -> http = Local intranet | ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\] > -> HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
localhost .[http] -> Local intranet ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\] > -> HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 2 range(s) found. ->
GD [:Range = 127.0.0.1] -> http = Local intranet | ->
Range1 [:Range = 127.0.0.1] -> http = Local intranet | ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> [You must be registered and logged in to see this link.] [Java Plug-in 1.6.0_18] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> [You must be registered and logged in to see this link.] [Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> [You must be registered and logged in to see this link.] [Java Plug-in 1.6.0_18] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> [You must be registered and logged in to see this link.] [Java Plug-in 1.6.0_18] ->
{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} [HKLM] -> [You must be registered and logged in to see this link.] [Performance Viewer Activex Control] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.2.50 216.220.96.17 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{75B191AD-E0A8-438A-BDB2-EC5D29142D7C}\\DhcpNameServer -> 192.168.2.50 216.220.96.17 (Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)) ->
{F90732FA-B7B2-4A3E-AF2F-E22A3F22891F}\\DhcpNameServer -> 208.59.247.45 208.59.247.46 192.168.1.1 208.59.247.45 208.59.247.46 (Broadcom 802.11b/g WLAN) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/04/11 02:27:36 | 002,926,592 | ---- | M | MD5 = D07D4C3038F3578FFCE1C0237F2A1253] (Microsoft Corporation)
*MultiFile Done* -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M | MD5 = A6B5A41C0ED007AB6C43CAD899E533D8] (Microsoft Corporation)
< Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications ->
< Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications ->
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{02B048F8-F6B9-4D25-82C1-B8167CA72757} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{CBC50CB0-34DD-42BD-A53A-0539C0B7DD98} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
{F306F0B2-151E-404C-8AB1-5B4C5435E727} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{086254D1-F936-426F-A55F-A0DF29F7EF5D} -> profile=private | protocol=6 | dir=in | action=allow | name=bittorrent | app=c:\program files (x86)\bittorrent\bittorrent.exe |
{0D967056-9663-40DE-80FE-55DECAE2E3CF} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{0F4B7AA6-9DDF-4A1A-9492-4C4E8BD50EC9} -> dir=in | action=allow | name=hp touchsmart photo | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
{0F8B2BCE-1BEC-4CBA-923C-89D2A232392B} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe |
{11D22930-C2B3-4FE7-B162-5C8154035993} -> profile=private | protocol=6 | dir=in | action=allow | name=google talk plugin | app=c:\users\stephanie\appdata\local\google\google talk plugin\googletalkplugin.dll |
{15CCAD21-727A-43F9-914F-C0054864FC88} -> dir=in | action=allow | name=quick play resident program | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
{200FAD99-AAB3-49D0-9739-9A2205C23CB0} -> dir=in | action=allow | name=hp touchsmart photo | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
{2348E35A-4BE7-4D26-BCC1-366B06FF2731} -> profile=private | dir=in | action=allow | name=avgnsa.exe | app=c:\program files (x86)\avg\avg8\avgnsa.exe |
{2C687107-B50A-40CD-80D6-25C671B2B8F8} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{2ECFC0E1-13E1-4932-A1A5-2DFC005CD989} -> dir=in | action=allow | name=hp touchsmart music | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
{3259AE1C-4E15-4747-96E0-54D2DA313D6E} -> profile=public | protocol=6 | dir=in | action=allow | name=aol loader | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
{39AAB840-CE72-4C9B-B9DF-85198DC9E692} -> dir=in | action=allow | name=cyberlink powerdirector | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
{3D3C88B7-04C1-4018-BB3C-6C192393F47B} -> profile=public | protocol=6 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim6\aim6.exe |
{4582FB5B-96FA-45B1-960C-168BB811524E} -> profile=public | protocol=17 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim6\aim6.exe |
{477CA2AA-7D2C-4A6B-B52A-E23DBBA52CB4} -> profile=private | protocol=17 | dir=in | action=allow | name=bittorrent | app=c:\program files (x86)\bittorrent\bittorrent.exe |
{4C1D311C-2200-4732-ADF1-FFA74ECDA443} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{5E455DE9-48A1-4EBA-B9F0-7A84C4A09B78} -> profile=private | protocol=17 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe |
{6E75C581-47AC-4B5E-B6EA-E391ED6978AC} -> dir=in | action=allow | name=hp touchsmart video | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
{6FAC5DDB-BAE0-4551-8AFC-F172F377DB83} -> dir=in | action=allow | name=cyberlink media service | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
{77FF893B-F222-49F7-A421-8ADDF920D4FE} -> dir=in | action=allow | name=quick play | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
{7CEC41B6-70D0-454E-A547-A39A71D7496C} -> dir=in | action=allow | name=hp touchsmart media resident program | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
{8463B747-15D6-40BE-90D9-5257AEB63E80} -> profile=private | protocol=17 | dir=in | action=allow | name=google talk plugin | app=c:\users\stephanie\appdata\local\google\google talk plugin\googletalkplugin.exe |
{866F0DA9-C9AE-4537-BB6A-A7864AD29C18} -> dir=in | action=allow | name=hp touchsmart video | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
{8AE82D9F-5804-4745-9195-E91048D360D5} -> profile=public | protocol=17 | dir=in | action=allow | name=aol loader | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
{8B32D8F0-58F9-4019-912F-455AE1CC3E75} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{983EDF57-EAD1-458A-8088-8C89C935F3FE} -> dir=in | action=allow | name=cyberlink media service | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
{AC65BCDA-1D41-4B24-ACAE-843D1DBA71AB} -> profile=private | protocol=17 | dir=in | action=allow | name=google talk plugin | app=c:\users\stephanie\appdata\local\google\google talk plugin\googletalkplugin.dll |
{AE170123-B28F-4BF0-AFFD-295D046F0DA8} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe |
{BA0219BB-CC78-4666-B89F-6DDF3CEEBAEA} -> dir=in | action=allow | name=hp touchsmart music | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
{C41AD297-B324-474E-9E83-1F9945E78E3E} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{C5E8FEC8-07D7-42E4-935E-A045190E68D2} -> profile=private | protocol=6 | dir=in | action=allow | name=google talk plugin | app=c:\users\stephanie\appdata\local\google\google talk plugin\googletalkplugin.exe |
{C6A42D09-22C6-4873-9D4F-65C11A6E765F} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
{D0C143BF-8AA7-4B9D-A010-C65DA5D30EC2} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
{D100FBDC-756F-4C5D-A438-93E90595523C} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe |
{D90ECFCA-B27E-4FF1-9A0C-8E2F23C024FE} -> profile=private | protocol=6 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe |
{E35B4941-7F76-4125-A82D-EBC183C94FA5} -> profile=private | dir=in | action=allow | name=avgupd.exe | app=c:\program files (x86)\avg\avg8\avgupd.exe |
{E787A46D-9C9D-4E35-8381-6DE7B599BC87} -> dir=in | action=allow | name=hp mediasmart dvd | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
{EBE4DD6E-2AAC-499D-9902-7AD8820D02F4} -> dir=in | action=allow | name=windows live call | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
{FF6C964B-56E1-43C8-A46B-4E03CE14817E} -> dir=in | action=allow | name=hp touchsmart media resident program | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
TCP Query User{45417DC6-7EFD-45BE-A516-78A54C872C2D}C:\program files (x86)\java\jre6\bin\java.exe -> profile=private | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\java.exe |
TCP Query User{7E0EFB4E-7ADA-4235-A246-EB05903D5FA1}C:\program files (x86)\aim6\aim6.exe -> profile=private | protocol=6 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim6\aim6.exe |
TCP Query User{7FB3BCD4-0D26-407D-8A53-CD89E7E256B7}C:\program files (x86)\bittorrent\bittorrent.exe -> profile=public | protocol=6 | dir=in | action=allow | name=bittorrent | app=c:\program files (x86)\bittorrent\bittorrent.exe |
TCP Query User{9457EAEA-C797-4D2E-A724-F3D74AE60ABA}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=6 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe |
TCP Query User{A4064BF3-CEA7-4B45-8976-9F09626C9DF7}C:\program files (x86)\mozilla firefox\firefox.exe -> profile=private | protocol=6 | dir=in | action=allow | name=firefox | app=c:\program files (x86)\mozilla firefox\firefox.exe |
UDP Query User{4F37351A-0692-4AB5-9F6A-692AE64DB899}C:\program files (x86)\aim6\aim6.exe -> profile=private | protocol=17 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim6\aim6.exe |
UDP Query User{83CDB6F1-0813-4D1F-9506-4B6B58B45E8F}C:\program files (x86)\bittorrent\bittorrent.exe -> profile=public | protocol=17 | dir=in | action=allow | name=bittorrent | app=c:\program files (x86)\bittorrent\bittorrent.exe |
UDP Query User{A635F32F-716E-459C-BD3D-17EC26EE89F3}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=17 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe |
UDP Query User{A8F6E8A7-543B-40DB-A3FC-20C6A4A56C73}C:\program files (x86)\java\jre6\bin\java.exe -> profile=private | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\java.exe |
UDP Query User{E3AFCA6A-E683-450B-93A2-1441AFE7FB19}C:\program files (x86)\mozilla firefox\firefox.exe -> profile=private | protocol=17 | dir=in | action=allow | name=firefox | app=c:\program files (x86)\mozilla firefox\firefox.exe |
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->

dychang
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-01-13
OS OS : Windows XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Problem

Post by dychang on 23rd April 2010, 2:22 am

"ImagePath" -> C:\Windows\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/04/11 01:34:39 | 000,079,872 | ---- | M | MD5 = C025AA69BE3D0D25C7A2E746EF6F94FC] (Microsoft Corporation)
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{9ae7409b-6795-11de-8296-00235a9e0270}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ae7409b-6795-11de-8296-00235a9e0270}\shell\AutoRun\command
\{9ae7409b-6795-11de-8296-00235a9e0270}\shell\AutoRun\command\\"" -> F:\WD_Windows_Tools\Setup.exe [F:\WD_Windows_Tools\Setup.exe] -> File not found
\{b9d0a090-229b-11df-9500-00235a9e0270}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9d0a090-229b-11df-9500-00235a9e0270}\shell\AutoRun\command
\{b9d0a090-229b-11df-9500-00235a9e0270}\shell\AutoRun\command\\"" -> F:\setup.exe [F:\setup.exe] -> File not found
\{ff292315-702b-11de-9ad9-00235a9e0270}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff292315-702b-11de-9ad9-00235a9e0270}\shell\AutoRun\command
\{ff292315-702b-11de-9ad9-00235a9e0270}\shell\AutoRun\command\\"" -> G:\slacker.synclauncher.exe [G:\slacker.synclauncher.exe] -> File not found
\{ff292315-702b-11de-9ad9-00235a9e0270}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff292315-702b-11de-9ad9-00235a9e0270}\shell\slacker\command
\{ff292315-702b-11de-9ad9-00235a9e0270}\shell\slacker\command\\"" -> G:\slacker.synclauncher.exe [G:\slacker.synclauncher.exe] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command ->
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->

[Registry - Additional Scans - Safe List]
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 ->
"msacm.l3acm" -> C:\Windows\SysWOW64\l3codeca.acm [C:\Windows\SysWOW64\l3codeca.acm] -> [2008/01/20 22:51:46 | 000,062,464 | ---- | M | MD5 = 733A9243A14753652F9FA9C8BBC44F98] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.l3codecp" -> C:\Windows\SysWow64\l3codecp.acm [l3codecp.acm] -> [2008/01/20 22:51:46 | 000,220,672 | ---- | M | MD5 = 95A6DAE184FC86AB9215374B7C6390F9] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.siren" -> C:\Windows\SysWow64\sirenacm.dll [sirenacm.dll] -> [2009/07/26 16:44:56 | 000,048,448 | ---- | M | MD5 = CF1C4265A73D50A1CE97FD308CE1AFC9] (Microsoft Corporation)
"vidc.cvid" -> C:\Windows\SysWow64\iccvid.dll [iccvid.dll] -> [2006/11/02 11:02:31 | 000,081,920 | ---- | M | MD5 = 81ECD1670CD56677FC124B9479DBE5F0] (Radius Inc.)
"vidc.XVID" -> C:\Windows\SysWow64\xvidvfw.dll [xvidvfw.dll] -> [2006/02/28 21:17:30 | 000,159,744 | ---- | M | MD5 = 1F4E1A1E9F8C7C0EE4CFA7743527ED96] ()
< Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ ->
{02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\IEAWSDC.DLL [Microsoft Office Template and Media Control] -> [2008/10/25 06:18:50 | 000,172,880 | ---- | M | MD5 = E6BC6BA065287D7B6C22D9231E80AF3B] ()
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> C:\Program Files (x86)\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2010/03/17 23:28:24 | 000,800,048 | ---- | M | MD5 = AD99EC8908185A02307CF071EF7BD9CF] (Apple Inc.)
{03D19749-C5FA-4CCC-99AB-00AB2AF45ACD} [HKLM] -> C:\Windows\Downloaded Program Files\CONFLICT.1\RACtrl.dll [File Transfer ActiveX Client] -> [2009/09/24 11:06:36 | 004,023,624 | ---- | M | MD5 = F386CDC88689C67B30BD313EA5A4DE1D] ()
{03F998B2-0E00-11D3-A498-00104B6EB52E} [HKLM] -> C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\AxMetaStream.dll [MetaStreamCtl Class] -> [2008/02/06 20:58:48 | 000,262,214 | ---- | M | MD5 = B683D285F81C01F2A0EED59E79C35C77] (Viewpoint Corporation)
{07B06095-5687-4D13-9E32-12B4259C9813} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\STSUPLD.DLL [STSUpld UploadCtl Class] -> [2006/10/26 23:59:30 | 000,227,128 | ---- | M | MD5 = 40A2F9DBE7434EB9B866D4B67FCA6C5B] (Microsoft Corporation)
{0D012ABD-CEED-11D2-9C76-00105AA73033} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveDocumentShareTool.dll [Groove DocumentShareView] -> [2009/02/14 06:03:38 | 003,070,832 | ---- | M | MD5 = ECA43292F8C283A96756A95DAA2BF93B] (Microsoft Corporation)
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{19916E01-B44E-4E31-94A4-4696DF46157B} [HKLM] -> C:\Windows\SysWOW64\icardie.dll [InformationCardSigninHelper Class] -> [2009/03/08 07:31:51 | 000,059,904 | ---- | M | MD5 = 17A6B9EFC1D37368379F4E77EC3F2761] (Microsoft Corporation)
{1B00725B-C455-4DE6-BFB6-AD540AD427CD} [HKLM] -> C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\AxMetaStream.dll [MetaStreamCtl Class] -> [2008/02/06 20:58:48 | 000,262,214 | ---- | M | MD5 = B683D285F81C01F2A0EED59E79C35C77] (Viewpoint Corporation)
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{3050F819-98B5-11CF-BB82-00AA00BDCE0B} [HKLM] -> C:\Windows\SysWOW64\mshtmled.dll [HtmlDlgSafeHelper Class] -> [2009/03/08 07:31:24 | 000,066,560 | ---- | M | MD5 = 7C9AAF547A0AF93C3F1BB7DC3AED4ECC] (Microsoft Corporation)
{333C7BC4-460F-11D0-BC04-0080C7055A83} [HKLM] -> C:\Windows\SysWOW64\tdc.ocx [Tabular Data Control] -> [2009/03/08 07:30:54 | 000,066,560 | ---- | M | MD5 = 9BAA9D6879028C32FCE8808C4C7E86BE] (Microsoft Corporation)
{3FD37ABB-F90A-4DE5-AA38-179629E64C2F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Spreadsheet Launcher] -> [2009/03/06 04:23:08 | 000,140,168 | ---- | M | MD5 = 29598106730A792694FA91E1184E5501] (Microsoft Corporation)
{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> C:\Program Files (x86)\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2010/03/17 23:28:24 | 000,800,048 | ---- | M | MD5 = AD99EC8908185A02307CF071EF7BD9CF] (Apple Inc.)
{4849E17D-2DEF-40D7-98DE-DB555B4A589C} [HKLM] -> C:\Windows\Downloaded Program Files\CONFLICT.1\RACtrl.dll [Telnet ActiveX Client] -> [2009/09/24 11:06:36 | 004,023,624 | ---- | M | MD5 = F386CDC88689C67B30BD313EA5A4DE1D] ()
{4F07F79F-087F-42cf-8B36-7A88D06088E9} [HKLM] -> C:\Program Files (x86)\Windows Live\Messenger\msgsc.14.0.8089.0726.dll [Reg Error: Value error.] -> [2009/07/26 16:44:56 | 000,221,520 | ---- | M | MD5 = 7EE6C2556E674AB1A6EBF89C1800302F] (Microsoft Corporation)
{556EEC63-31E2-47C3-BF29-DFF799D2FE04} [HKLM] -> C:\Windows\Downloaded Program Files\CONFLICT.1\RACtrl.dll [Remote Access ActiveX Client] -> [2009/09/24 11:06:36 | 004,023,624 | ---- | M | MD5 = F386CDC88689C67B30BD313EA5A4DE1D] ()
{56A58823-AE99-11D5-B90B-0050DACD1F75} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveCommonComponents.dll [Groove Data List Display] -> [2009/02/14 06:03:28 | 002,687,336 | ---- | M | MD5 = 9E1E3647CDE6AF66D3CD634624A99365] (Microsoft Corporation)
{5852F5ED-8BF4-11D4-A245-0080C6F74284} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\wsdetect.dll [isInstalled Class] -> [2009/12/17 18:14:04 | 000,108,320 | ---- | M | MD5 = 6C51E76334351F609DD152611709AE2A] (Sun Microsystems, Inc.)
{62B4D041-4667-40B6-BB50-4BC0A5043A73} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Export Database Launcher] -> [2009/03/06 04:23:08 | 000,140,168 | ---- | M | MD5 = 29598106730A792694FA91E1184E5501] (Microsoft Corporation)
{65BCBEE4-7728-41A0-97BE-14E1CAE36AAE} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\STSLIST.DLL [Microsoft Office List 12.0] -> [2009/03/06 03:01:06 | 002,335,648 | ---- | M | MD5 = 573689497BF82AD0FEAF4581AB6E4042] (Microsoft Corporation)
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} [HKLM] -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [DivXBrowserPlugin Object] -> [2009/11/13 20:47:26 | 002,471,224 | ---- | M | MD5 = EDBA797E78300759A09AF77C77F5D9E7] (DivX,Inc.)
{6BF52A52-394A-11d3-B153-00C04F79FAA6} [HKLM] -> C:\Windows\SysWOW64\wmp.dll [Windows Media Player] -> [2009/09/10 12:49:49 | 010,626,560 | ---- | M | MD5 = 2DF7EC6673A1CB823A73C6AFFD54CF66] (Microsoft Corporation)
{760C4B83-E211-11D2-BF3E-00805FBE84A6} [HKLM] -> C:\Windows\SysWOW64\msnetobj.dll [Windows Media Services DRM Storage object] -> [2009/04/11 02:28:21 | 000,179,712 | ---- | M | MD5 = 584C4A26F210B823BBF73BB985CAA2CE] (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{8075631E-5146-11D5-A672-00B0D022E945} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\INLAUNCH.DLL [SharepointOpenXMLDocuments] -> [2009/03/06 04:26:06 | 000,065,400 | ---- | M | MD5 = E34C3EAC482B0FE3913E23FC2E85424C] (Microsoft Corporation)
{88d969c0-f192-11d4-a65f-0040963251e5} [HKLM] -> c:\Windows\SysWOW64\msxml4.dll [XML DOM Document 4.0] -> [2009/07/21 01:05:40 | 001,348,432 | ---- | M | MD5 = 09DEF3ABB6A196749299359AC5578DD8] (Microsoft Corporation)
{88d969c1-f192-11d4-a65f-0040963251e5} [HKLM] -> c:\Windows\SysWOW64\msxml4.dll [Free Threaded XML DOM Document 4.0] -> [2009/07/21 01:05:40 | 001,348,432 | ---- | M | MD5 = 09DEF3ABB6A196749299359AC5578DD8] (Microsoft Corporation)
{88d969c2-f192-11d4-a65f-0040963251e5} [HKLM] -> c:\Windows\SysWOW64\msxml4.dll [XML Schema Cache 4.0] -> [2009/07/21 01:05:40 | 001,348,432 | ---- | M | MD5 = 09DEF3ABB6A196749299359AC5578DD8] (Microsoft Corporation)
{88d969c3-f192-11d4-a65f-0040963251e5} [HKLM] -> c:\Windows\SysWOW64\msxml4.dll [XSL Template 4.0] -> [2009/07/21 01:05:40 | 001,348,432 | ---- | M | MD5 = 09DEF3ABB6A196749299359AC5578DD8] (Microsoft Corporation)
{88d969c4-f192-11d4-a65f-0040963251e5} [HKLM] -> c:\Windows\SysWOW64\msxml4.dll [XML Data Source Object 4.0] -> [2009/07/21 01:05:40 | 001,348,432 | ---- | M | MD5 = 09DEF3ABB6A196749299359AC5578DD8] (Microsoft Corporation)
{88d969c5-f192-11d4-a65f-0040963251e5} [HKLM] -> c:\Windows\SysWOW64\msxml4.dll [XML HTTP 4.0] -> [2009/07/21 01:05:40 | 001,348,432 | ---- | M | MD5 = 09DEF3ABB6A196749299359AC5578DD8] (Microsoft Corporation)
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_18] -> [2009/12/17 18:14:04 | 000,108,320 | ---- | M | MD5 = AD9E4059789D2389B746C58421194722] ()
{8E4062D9-FE1B-4b9e-AA16-5E8EEF68F48E} [HKLM] -> C:\Windows\SysWOW64\RegCtrl.dll [Registration Control] -> [2008/01/20 22:49:42 | 000,040,960 | ---- | M | MD5 = 355B623E5E870E2166AAF997DBAE9C89] (Microsoft Corporation)
{9203C2CB-1DC1-482D-967E-597AFF270F0D} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint OpenDocuments Class] -> [2009/03/06 04:23:08 | 000,140,168 | ---- | M | MD5 = 29598106730A792694FA91E1184E5501] (Microsoft Corporation)
{9F9C4924-C3F3-4459-A396-9E9E0D8B83D1} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [HKLM] -> C:\Windows\SysWOW64\msnetobj.dll [RMGetLicense Class] -> [2009/04/11 02:28:21 | 000,179,712 | ---- | M | MD5 = 584C4A26F210B823BBF73BB985CAA2CE] (Microsoft Corporation)
{BAEB32D0-732D-11d2-8BF4-0060B0A4A9EA} [HKLM] -> C:\Program Files (x86)\AIM6\services\imApp\ver6_9_15_1\isAim.dll [aimlocator Class] -> [2009/05/19 01:18:18 | 000,062,256 | ---- | M | MD5 = 55C0A183F02DF1A0AD491DE93FDF1DEB] (AOL LLC)
{BDEADE3E-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [OWSClientEventSubscription Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE3F-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [OWSClientMiscApis Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE40-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [OWSClientCommentThread Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE42-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [OWSClientComment Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE43-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [OWSBrowserUI Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE98-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [OWS Post Data] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE9E-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [SharePoint Spreadsheet Launcher] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEB3-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEB4-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEB5-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEB7-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [OWSDiscussionServers Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEB8-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [OWSClientCollaboration Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEDA-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [OSE.Discussion] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEDB-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [OSE.Discussions] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEDC-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [OSE.DiscussionServer] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEDD-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [OSE.DiscussionServers] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEDE-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [OSE Global Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEE0-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [OWSDiscussionBar Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEF2-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found
{BDEADEF4-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint Stssync Handler] -> File not found
{BDEADEF5-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Stssync Handler] -> [2009/03/06 04:23:08 | 000,140,168 | ---- | M | MD5 = 29598106730A792694FA91E1184E5501] (Microsoft Corporation)
{C2828995-4A83-4100-A212-3024BA117356} [HKLM] -> C:\Program Files (x86)\Windows Live SkyDrive\Microsoft.Live.Folders.RichUpload.3.dll [Windows Live Upload Tool] -> [2008/10/29 11:46:56 | 000,245,112 | ---- | M | MD5 = DA204A2BAB5780A0DF37EB5BE58FCA57] (Microsoft Corporation)
{C9712B19-838B-45A5-ABF2-9A315DDDED50} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\AUTHZAX.DLL [Microsoft Office 12 Authorization Control] -> [2008/10/25 06:18:46 | 000,054,152 | ---- | M | MD5 = 96ED72080E20A360AB0D2597D1AC4EF6] (Microsoft Corporation)
{CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll [Adobe PDF Reader] -> [2010/04/03 19:22:06 | 000,660,912 | ---- | M | MD5 = 5EB22D662FA979B2F83BF0E71DC58C78] (Adobe Systems, Inc.)
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_07] -> [2009/12/17 18:14:04 | 000,108,320 | ---- | M | MD5 = AD9E4059789D2389B746C58421194722] ()
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_07] -> [2009/12/17 18:14:04 | 000,108,320 | ---- | M | MD5 = AD9E4059789D2389B746C58421194722] ()
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_07] -> [2009/12/17 18:14:04 | 000,108,320 | ---- | M | MD5 = AD9E4059789D2389B746C58421194722] ()
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_18] -> [2009/12/17 18:14:04 | 000,108,320 | ---- | M | MD5 = AD9E4059789D2389B746C58421194722] ()
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_18] -> [2009/12/17 18:14:04 | 000,108,320 | ---- | M | MD5 = AD9E4059789D2389B746C58421194722] ()
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_18] -> [2009/12/17 18:14:04 | 000,108,320 | ---- | M | MD5 = AD9E4059789D2389B746C58421194722] ()
{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} [HKLM] -> C:\Windows\SysWOW64\deploytk.dll [Deployment Toolkit] -> [2009/12/17 18:14:00 | 000,411,368 | ---- | M | MD5 = E0BBCEC12A1DE6E25C612AD205B719B4] (Sun Microsystems, Inc.)
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CB927D12-4FF7-4A9E-A169-56E4B8A75598} [HKLM] -> C:\Program Files (x86)\QuickTime\QTPlugin.ocx [Behavior Object] -> [2010/03/17 23:28:24 | 000,800,048 | ---- | M | MD5 = AD99EC8908185A02307CF071EF7BD9CF] (Apple Inc.)
{CDEC13B2-0B3C-400E-B909-E27EE89C6799} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\STSUPLD.DLL [STSUpld CopyCtl Class] -> [2006/10/26 23:59:30 | 000,227,128 | ---- | M | MD5 = 40A2F9DBE7434EB9B866D4B67FCA6C5B] (Microsoft Corporation)
{CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D2517915-48CE-4286-970F-921E881B8C5C} [HKLM] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Control] -> [2009/01/22 15:41:30 | 000,408,448 | ---- | M | MD5 = B7899C3E21B299D7A3C0DA96CAE340BD] (Microsoft Corporation)
{D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] -> C:\Windows\SysWOW64\Macromed\Flash\Flash10a.ocx [Shockwave Flash Object] -> [2008/09/10 22:10:10 | 003,787,168 | R--- | M | MD5 = C0A6D238F9E2F89571F7D026DDD305DB] (Adobe Systems, Inc.)
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [HKLM] -> C:\Program Files (x86)\iTunes\ITDetector.ocx [iTunesDetector Class] -> [2010/03/26 01:09:52 | 000,111,912 | ---- | M | MD5 = 396E2789307D32DDE30D932891AE5A63] (Apple Inc.)
{DFEAF541-F3E1-4c24-ACAC-99C30715084A} [HKLM] -> c:\Program Files (x86)\Microsoft Silverlight\3.0.50106.0\npctrl.dll [Microsoft Silverlight] -> [2010/01/06 01:33:56 | 000,876,872 | ---- | M | MD5 = 98C15480C8AD4FEF5CF62769FAE65C92] ( Microsoft Corporation)
{E01D1C6A-4F40-11D3-8958-00105A272DCF} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveTextTools.dll [Groove Text View] -> [2009/02/14 06:03:54 | 001,161,568 | ---- | M | MD5 = 53BABBB23E0A507C79D2FB488EABBBD9] (Microsoft Corporation)
{E13AAC70-70AE-4988-808C-B267F2C20E79} [HKLM] -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [Reg Error: Value error.] -> [2009/07/26 16:44:34 | 003,883,856 | ---- | M | MD5 = D39DA5B7139B4B5147B3C6A94978B5AA] (Microsoft Corporation)
{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [HKLM] -> C:\Program Files (x86)\Windows Live\Messenger\msgsc.14.0.8089.0726.dll [Reg Error: Value error.] -> [2009/07/26 16:44:56 | 000,221,520 | ---- | M | MD5 = 7EE6C2556E674AB1A6EBF89C1800302F] (Microsoft Corporation)
{E543A17A-F212-49C0-B63D-BF09B460250E} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\oisctrl.dll [OISClientLauncher Class] -> [2009/03/06 04:23:50 | 000,022,432 | ---- | M | MD5 = EA9E5B8D043D01851977B6D4C4C8F2A8] (Microsoft Corporation)
{E7339A62-0E31-4A5E-BA3D-F2FEDFBF8BE5} [HKLM] -> C:\Program Files (x86)\Common Files\microsoft shared\Portal\PortalConnectCore.dll [PersonalSite Class] -> [2008/10/26 05:42:16 | 000,482,656 | ---- | M | MD5 = 2569192656E36C43D807DC37D5335919] ()
{EE09B103-97E0-11CF-978F-00A02463E06F} [HKLM] -> C:\Windows\SysWOW64\scrrun.dll [scripting.Dictionary] -> [2009/04/11 02:28:24 | 000,172,032 | ---- | M | MD5 = 3DB1530CDD7AEF2BCFA6FB77D097CDDA] (Microsoft Corporation)
{F06608C7-1874-4EEA-B3B2-DF99EBB144B8} [HKLM] -> C:\Program Files (x86)\Windows Live\Messenger\msgsc.14.0.8089.0726.dll [Reg Error: Value error.] -> [2009/07/26 16:44:56 | 000,221,520 | ---- | M | MD5 = 7EE6C2556E674AB1A6EBF89C1800302F] (Microsoft Corporation)
{FA5369ED-D19A-434C-8F59-EE90D690D36C} [HKLM] -> C:\Windows\Downloaded Program Files\CONFLICT.1\RACtrl.dll [Chat Activex Control] -> [2009/09/24 11:06:36 | 004,023,624 | ---- | M | MD5 = F386CDC88689C67B30BD313EA5A4DE1D] ()
{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} [HKLM] -> C:\Windows\Downloaded Program Files\CONFLICT.1\RACtrl.dll [Performance Viewer Activex Control] -> [2009/09/24 11:06:36 | 004,023,624 | ---- | M | MD5 = F386CDC88689C67B30BD313EA5A4DE1D] ()
3E4D4F1C-2AEE-11D1-9D3D-00C04FC30DF6 [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
435899C9-44AB-11D1-AF00-080036234103 [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
4F664F91-FF01-11D0-8AED-00C04FD7B597 [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
65303443-AD66-11D1-9D65-00C04FC30DF6 [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
92337A8C-E11D-11D0-BE48-00C04FC30DF6 [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
C3701884-B39B-11D1-9D68-00C04FC30DF6 [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Ext (Settings) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\ ->
{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414} [HKLM] -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [Microsoft Live Search Toolbar] -> [2008/08/29 00:09:08 | 000,086,032 | ---- | M | MD5 = C12121B120411F2C9A457AF8339AB6C6] (Microsoft Corp.)
{22BF413B-C6D2-4D91-82A9-A0F997BA588C} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> [2009/06/02 11:56:14 | 001,082,880 | ---- | M | MD5 = CE16731D20BC8AFD532AC7A526D809A9] (Skype Technologies S.A.)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{556EEC63-31E2-47C3-BF29-DFF799D2FE04} [HKLM] -> C:\Windows\Downloaded Program Files\CONFLICT.1\RACtrl.dll [Remote Access ActiveX Client] -> [2009/09/24 11:06:36 | 004,023,624 | ---- | M | MD5 = F386CDC88689C67B30BD313EA5A4DE1D] ()
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M | MD5 = A6B5A41C0ED007AB6C43CAD899E533D8] (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 15:41:30 | 000,408,448 | ---- | M | MD5 = B7899C3E21B299D7A3C0DA96CAE340BD] (Microsoft Corporation)
{A3BC75A2-1F87-4686-AA43-5347D756017C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\Windows\SysWOW64\Macromed\Flash\Flash10a.ocx [Shockwave Flash Object] -> [2008/09/10 22:10:10 | 003,787,168 | R--- | M | MD5 = C0A6D238F9E2F89571F7D026DDD305DB] (Adobe Systems, Inc.)
{D2CE3E00-F94A-4740-988E-03DC2F38C34F} [HKLM] -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [Microsoft Live Search Toolbar Helper] -> [2008/08/29 00:09:08 | 000,086,032 | ---- | M | MD5 = C12121B120411F2C9A457AF8339AB6C6] (Microsoft Corp.)
{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} [HKLM] -> C:\Windows\Downloaded Program Files\CONFLICT.1\RACtrl.dll [Performance Viewer Activex Control] -> [2009/09/24 11:06:36 | 004,023,624 | ---- | M | MD5 = F386CDC88689C67B30BD313EA5A4DE1D] ()
< Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found
{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414} [HKLM] -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [Microsoft Live Search Toolbar] -> [2008/08/29 00:09:08 | 000,086,032 | ---- | M | MD5 = C12121B120411F2C9A457AF8339AB6C6] (Microsoft Corp.)
{22BF413B-C6D2-4D91-82A9-A0F997BA588C} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> [2009/06/02 11:56:14 | 001,082,880 | ---- | M | MD5 = CE16731D20BC8AFD532AC7A526D809A9] (Skype Technologies S.A.)
{2670000A-7350-4F3C-8081-5663EE0C6C49} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{39125640-8D80-11DC-A2FE-C5C455D89593} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> C:\Program Files (x86)\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2010/03/17 23:28:24 | 000,800,048 | ---- | M | MD5 = AD99EC8908185A02307CF071EF7BD9CF] (Apple Inc.)
{53DBCD97-3FDF-4B60-975B-2596B57482EF} [HKLM] -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\BBWebSLLauncher.dll [WebSLLauncher Class] -> [2010/03/10 18:57:32 | 000,124,248 | ---- | M | MD5 = C514D0F7D692B11CB1E8D5DB50EC29F2] (Research In Motion Limited)
{556EEC63-31E2-47C3-BF29-DFF799D2FE04} [HKLM] -> C:\Windows\Downloaded Program Files\CONFLICT.1\RACtrl.dll [Remote Access ActiveX Client] -> [2009/09/24 11:06:36 | 004,023,624 | ---- | M | MD5 = F386CDC88689C67B30BD313EA5A4DE1D] ()
{5C255C8A-E604-49B4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{6BF52A52-394A-11D3-B153-00C04F79FAA6} [HKLM] -> C:\Windows\SysWOW64\wmp.dll [Windows Media Player] -> [2009/09/10 12:49:49 | 010,626,560 | ---- | M | MD5 = 2DF7EC6673A1CB823A73C6AFFD54CF66] (Microsoft Corporation)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M | MD5 = A6B5A41C0ED007AB6C43CAD899E533D8] (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2009/06/02 11:56:14 | 001,082,880 | ---- | M | MD5 = CE16731D20BC8AFD532AC7A526D809A9] (Skype Technologies S.A.)
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 15:41:30 | 000,408,448 | ---- | M | MD5 = B7899C3E21B299D7A3C0DA96CAE340BD] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{A3BC75A2-1F87-4686-AA43-5347D756017C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll [Adobe PDF Reader] -> [2010/04/03 19:22:06 | 000,660,912 | ---- | M | MD5 = 5EB22D662FA979B2F83BF0E71DC58C78] (Adobe Systems, Inc.)
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\Windows\SysWOW64\Macromed\Flash\Flash10a.ocx [Shockwave Flash Object] -> [2008/09/10 22:10:10 | 003,787,168 | R--- | M | MD5 = C0A6D238F9E2F89571F7D026DDD305DB] (Adobe Systems, Inc.)
{D2CE3E00-F94A-4740-988E-03DC2F38C34F} [HKLM] -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [Microsoft Live Search Toolbar Helper] -> [2008/08/29 00:09:08 | 000,086,032 | ---- | M | MD5 = C12121B120411F2C9A457AF8339AB6C6] (Microsoft Corp.)
{DFEAF541-F3E1-4C24-ACAC-99C30715084A} [HKLM] -> c:\Program Files (x86)\Microsoft Silverlight\3.0.50106.0\npctrl.dll [Microsoft Silverlight] -> [2010/01/06 01:33:56 | 000,876,872 | ---- | M | MD5 = 98C15480C8AD4FEF5CF62769FAE65C92] ( Microsoft Corporation)
{e3e02f12-2adb-478c-8742-5f0819f9f0f4} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{e473a65c-8087-49a3-affd-c5bc4a10669b} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{fc345d4c-b8f4-4674-bff7-3c37d2e535ee} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} [HKLM] -> C:\Windows\Downloaded Program Files\CONFLICT.1\RACtrl.dll [Performance Viewer Activex Control] -> [2009/09/24 11:06:36 | 004,023,624 | ---- | M | MD5 = F386CDC88689C67B30BD313EA5A4DE1D] ()
{fd6484ed-ebe3-4c3d-938a-8238003b41b7} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{FF4E22ED-17D0-4D43-AD6F-E53D11FA3C61} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ ->
.bat [@ = batfile] -> "%1" %* ->
.cmd [@ = cmdfile] -> "%1" %* ->
.com [@ = comfile] -> "%1" %* ->
.cpl [@ = cplfile] -> C:\Windows\SysWow64\control.exe -> [2006/11/02 05:44:59 | 000,211,968 | ---- | M | MD5 = 027E5E14C9CFF810377701BDEAD8210F] (Microsoft Corporation)
.exe [@ = exefile] -> "%1" %* ->
.pif [@ = piffile] -> "%1" %* ->
.scr [@ = scrfile] -> "%1" /S ->
< File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\SOFTWARE\Classes\\ ->
.html [@ = FirefoxHTML] -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> [2010/04/21 00:31:58 | 000,910,296 | ---- | M | MD5 = 49958506B773E40D31832E3EEDA522E7] (Mozilla Corporation)
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
Ias -> C:\Windows\SysWOW64\ias -> [2008/01/20 23:08:35 | 000,000,000 | ---D | M]
Wmi -> C:\Windows\SysWOW64\wmi.dll -> [2006/11/02 05:44:15 | 000,005,120 | ---- | M | MD5 = BFE74095684093F14D24801C8C0D16E3] (Microsoft Corporation)
*MultiFile Done* -> ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll[Local Groove Web Services Protocol] -> [2009/02/12 15:19:38 | 000,178,040 | ---- | M | MD5 = 68747446F9D982938DB6B110F2908271] (Microsoft Corporation)
livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll[Reg Error: Value error.] -> [2009/07/26 16:44:54 | 000,061,264 | ---- | M | MD5 = 61B0C981F7C10B8861809ADC1B31E8E5] (Microsoft Corporation)
msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll[Reg Error: Value error.] -> [2009/07/26 16:44:54 | 000,061,264 | ---- | M | MD5 = 61B0C981F7C10B8861809ADC1B31E8E5] (Microsoft Corporation)
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKLM] -> C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll[IEProtocolHandler Class] -> [2009/06/02 11:56:14 | 001,942,824 | R--- | M | MD5 = BE8FC3EF67D58F8D711EA94F8C17D8F7] (Skype Technologies)
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{6BDD1FC1-810F-11D0-BEC7-08002BE2092F} -> IEEE 1394 Bus host controllers
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
{D48179BE-EC20-11D1-B6B8-00C04FA372A7} -> SBP2 IEEE 1394 Devices
{D94EE5D8-D189-4994-83D2-F68D7D41B0E6} -> SecurityDevices
AppInfo -> 64bit -> File not found
AppMgmt -> Service
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
DcomLaunch -> 64bit -> File not found
EventLog -> 64bit -> File not found
File system -> Driver Group
Filter -> Driver Group
HelpSvc -> Service
NTDS -> 64bit -> File not found
PCI Configuration -> Driver Group
PEVSystemStart -> Service
PlugPlay -> 64bit -> File not found
PNP Filter -> Driver Group
Primary disk -> Driver Group
procexp90.Sys -> Driver
ProfSvc -> 64bit -> File not found
RpcSs -> 64bit -> File not found
sacsvr -> Service
SCSI Class -> Driver Group
sermouse.sys -> 64bit -> File not found
SWPRV -> 64bit -> File not found
System Bus Extender -> Driver Group
TabletInputService -> 64bit -> File not found
TBS -> 64bit -> File not found
VDS -> C:\Windows\SysWOW64\wbem\vds.mof -> [2006/11/02 02:35:15 | 000,060,994 | ---- | M | MD5 = 21A96F0C1B123F2463C6D624F125EAC9] ()
vga.sys -> 64bit -> File not found
vgasave.sys -> 64bit -> File not found
volmgr.sys -> 64bit -> File not found
volmgrx.sys -> 64bit -> File not found
Wdf01000.sys -> 64bit -> File not found
WinDefend -> 64bit -> File not found
WinMgmt -> 64bit -> File not found
< SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318} -> Net
{4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService
{4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{50DD5230-BA8A-11D1-BF5D-0000F805F530} -> Smart card readers
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{6BDD1FC1-810F-11D0-BEC7-08002BE2092F} -> IEEE 1394 Bus host controllers
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
{D48179BE-EC20-11D1-B6B8-00C04FA372A7} -> SBP2 IEEE 1394 Devices
{D94EE5D8-D189-4994-83D2-F68D7D41B0E6} -> SecurityDevices
AFD -> 64bit -> File not found
AppInfo -> 64bit -> File not found
AppMgmt -> Service
Base -> Driver Group
BFE -> 64bit -> File not found
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
bowser -> 64bit -> File not found
Browser -> 64bit -> File not found
DcomLaunch -> 64bit -> File not found
dfsc -> 64bit -> File not found
DnsCache -> 64bit -> File not found
Dot3Svc -> 64bit -> File not found
Eaphost -> 64bit -> File not found
EventLog -> 64bit -> File not found
File system -> Driver Group
Filter -> Driver Group
HelpSvc -> Service
IKEEXT -> 64bit -> File not found
ipnat.sys -> 64bit -> File not found
LanmanServer -> 64bit -> File not found
LanmanWorkstation -> 64bit -> File not found
LmHosts -> 64bit -> File not found
Messenger -> Service
MPSDrv -> C:\Windows\SysWOW64\wbem\mpsdrv.mof -> [2006/09/18 17:35:23 | 000,001,088 | ---- | M | MD5 = 74D68CB40BCD45AAE89A8BECC87D3868] ()
MPSSvc -> 64bit -> File not found
mrxsmb -> 64bit -> File not found
mrxsmb10 -> 64bit -> File not found
mrxsmb20 -> 64bit -> File not found
NativeWifiP -> 64bit -> File not found
NDIS -> 64bit -> File not found
NDIS Wrapper -> Driver Group
Ndisuio -> 64bit -> File not found
NetBIOS -> 64bit -> File not found
NetBIOSGroup -> Driver Group
NetBT -> 64bit -> File not found
NetDDEGroup -> Driver Group
NetMan -> 64bit -> File not found
Network -> Driver Group
NetworkProvider -> Driver Group
NlaSvc -> 64bit -> File not found
Nsi -> 64bit -> File not found
nsiproxy.sys -> 64bit -> File not found
NTDS -> 64bit -> File not found
PCI Configuration -> Driver Group
PEVSystemStart -> Service
PlugPlay -> 64bit -> File not found
PNP Filter -> Driver Group
PNP_TDI -> Driver Group
PolicyAgent -> 64bit -> File not found
Primary disk -> Driver Group
procexp90.Sys -> Driver
ProfSvc -> 64bit -> File not found
rdbss -> 64bit -> File not found
rdpencdd.sys -> 64bit -> File not found
rdsessmgr -> Service
RpcSs -> 64bit -> File not found
sacsvr -> Service
SCSI Class -> Driver Group
sermouse.sys -> 64bit -> File not found
SharedAccess -> 64bit -> File not found
Streams Drivers -> Driver Group
SWPRV -> 64bit -> File not found
System Bus Extender -> Driver Group
TabletInputService -> 64bit -> File not found
TBS -> 64bit -> File not found
Tcpip -> C:\Windows\SysWOW64\wbem\tcpip.mof -> [2006/09/18 17:36:40 | 000,003,066 | ---- | M | MD5 = EEC4A068DE477651214F6C8014ECBEC0] ()
TDI -> Driver Group
VDS -> C:\Windows\SysWOW64\wbem\vds.mof -> [2006/11/02 02:35:15 | 000,060,994 | ---- | M | MD5 = 21A96F0C1B123F2463C6D624F125EAC9] ()
vga.sys -> 64bit -> File not found
vgasave.sys -> 64bit -> File not found
volmgr.sys -> 64bit -> File not found
volmgrx.sys -> 64bit -> File not found
Wdf01000.sys -> 64bit -> File not found
WinDefend -> 64bit -> File not found
WinMgmt -> 64bit -> File not found
Wlansvc -> 64bit -> File not found
WudfPf -> Driver
WudfRd -> 64bit -> File not found
WudfSvc -> 64bit -> File not found
WudfUsbccidDriver -> Driver
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
\Svc\\"oobe_av" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\\"EnableFirewall" -> [1] -> File not found
\\"DisableNotifications" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\ -> ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000005 [Bluetooth Namespace] -> C:\Windows\SysWOW64\wshbth.dll -> [2009/04/11 02:28:26 | 000,034,304 | ---- | M | MD5 = EFA80360111D8D179E39E314A49C9ED4] (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000008 [mdnsNSP] -> C:\Program Files (x86)\Bonjour\mdnsNSP.dll -> [2010/02/12 11:46:12 | 000,152,864 | ---- | M | MD5 = 109D9238C7DA72F9733D3DB85A31F5C4] (Apple Inc.)
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
ldap -> 4 = Restricted sites (Not a Default Protocol) ->
news -> 4 = Restricted sites (Not a Default Protocol) ->
nntp -> 4 = Restricted sites (Not a Default Protocol) ->
oecmd -> 4 = Restricted sites (Not a Default Protocol) ->
snews -> 4 = Restricted sites (Not a Default Protocol) ->
< Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
@ivt -> @ivt protocol not assigned ->
file -> file protocol not assigned ->
ftp -> ftp protocol not assigned ->
http -> http protocol not assigned ->
https -> https protocol not assigned ->
shell -> shell protocol not assigned ->
< Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
@ivt -> @ivt protocol not assigned ->
file -> file protocol not assigned ->
ftp -> ftp protocol not assigned ->
http -> http protocol not assigned ->
https -> https protocol not assigned ->
shell -> shell protocol not assigned ->
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{00203668-8170-44A0-BE44-B632FA4D780F} -> Adobe AIR
{004B0DCB-4C60-465B-8F01-44B0A4111187} -> SlingPlayer
{0054A0F6-00C9-4498-B821-B5C9578F433E} -> HP Help and Support
{01FB4998-33C4-4431-85ED-079E3EEFE75D} -> HP MediaSmart Webcam
{082702D5-5DD8-4600-BCE5-48B15174687F} -> HP Doc Viewer
{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB} -> LightScribe System Software 1.14.17.1
{154A4184-1A3D-4BF9-A5AE-4FA1660445F3} -> HP Total Care Advisor
{15BC8CD0-A65B-47D0-A2DD-90A824590FA8} -> Microsoft Works
{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} -> CyberLink DVD Suite
{205A5182-EFC8-4C25-B61D-C164F8FF4048} -> BlackBerry Desktop Software 5.0.1
{205C6BDD-7B73-42DE-8505-9A093F35A238} -> Windows Live Upload Tool
{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} -> MSVCRT
{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D} -> Skype™ 4.0
{254C37AA-6B72-4300-84F6-98A82419187E} -> ActiveCheck component for HP Active Support Library
{26604C7E-A313-4D12-867F-7C6E7820BE4C} -> JMicron JMB38X Flash Media Controller
{26A24AE4-039D-4CA4-87B4-2F83216015FF} -> Java(TM) 6 Update 18
{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD} -> QuickTime
{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D} -> Visual C++ 8.0 Runtime Setup Package (x64)
{3248F0A8-6813-11D6-A77B-00B0D0160070} -> Java(TM) 6 Update 7
{32A640BD-4244-4FAF-8796-EA401652E26A} -> BlackBerry Device Software v4.6.0 for the BlackBerry 9000 smartphone
{34D2AB40-150D-475D-AE32-BD23FB5EE355} -> HP Quick Launch Buttons 6.40 L1
{352310C3-E46B-42D3-8F32-54721FDD72D9} -> NetZero Preloader
{3877C901-7B90-4727-A639-B6ED2DD59D43} -> ESU for Microsoft Vista
{3B4E636E-9D65-4D67-BA61-189800823F52} -> Windows Live Communications Platform
{40BF1E83-20EB-11D8-97C5-0009C5020658} -> Power2Go
{45338B07-A236-4270-9A77-EBB4115517B5} -> Windows Live Sign-in Assistant
{45A136EC-88BF-4B95-99F5-C45D3930E1CC} -> HP MULTIPLE MODEM INSTALLER for VISTA
{47F36D92-E58E-456D-B73C-3382737E4C42} -> HP Update
{4916DFBD-403B-4707-AA64-294DC082B99F} -> HP Total Care Setup
{4A03706F-666A-4037-7777-5F2748764D10} -> Java Auto Updater
{553255F3-78FD-40F1-A6F8-6882140265FE} -> Apple Application Support
{57A5AEC1-97FC-474D-92C4-908FCC2253D4} -> HP Customer Experience Enhancements
{5EE7D259-D137-4438-9A5F-42F432EC0421} -> VC80CRTRedist - 8.0.50727.4053
{62880A3B-2F9C-4C58-8FFA-1DA280262B5E} -> BlackBerry Device Software Updater
{6423EF83-6E1D-4D22-A36F-689CD19FD4D2} -> Juno Preloader
{65DA2EC9-0642-47E9-AAE2-B5267AA14D75} -> Activation Assistant for the 2007 Microsoft Office suites
{669D4A35-146B-4314-89F1-1AC3D7B88367} -> HPAsset component for HP Active Support Library
{67626E09-5366-4480-8F1E-93FADF50CA15} -> HP MediaSmart TV
{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314} -> BlackBerry® Media Sync
{6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update
{6A370610-3778-44AF-9AAC-69B2FD1A3356} -> Microsoft Live Search Toolbar
{732A3F80-008B-4350-BD58-EC5AE98707B8} -> HP Common Access Service Library
{770657D0-A123-3C07-8E44-1C83EC895118} -> Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
{77DCDCE3-2DED-62F3-8154-05E745472D07} -> Acrobat.com
{7B798B31-2F33-4DC8-BDA4-D36488E86636} -> Slingbox - Watch Your TV Anywhere
{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71} -> Windows Live Essentials
{837b34e3-7c30-493c-8f6a-2b0f04e2912c} -> Microsoft Visual C++ 2005 Redistributable
{8833FFB6-5B0C-4764-81AA-06DFEED9A476} -> Realtek 8169 8168 8101E 8102E Ethernet Driver
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
{90120000-0015-0409-0000-0000000FF1CE} -> Microsoft Office Access MUI (English) 2007
{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0016-0409-0000-0000000FF1CE} -> Microsoft Office Excel MUI (English) 2007
{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0018-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (English) 2007
{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0019-0409-0000-0000000FF1CE} -> Microsoft Office Publisher MUI (English) 2007
{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001A-0409-0000-0000000FF1CE} -> Microsoft Office Outlook MUI (English) 2007
{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001B-0409-0000-0000000FF1CE} -> Microsoft Office Word MUI (English) 2007
{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2007
{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-001F-040C-0000-0000000FF1CE} -> Microsoft Office Proof (French) 2007
{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-001F-0C0A-0000-0000000FF1CE} -> Microsoft Office Proof (Spanish) 2007
{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-0020-0409-0000-0000000FF1CE} -> Compatibility Pack for the 2007 Office system
{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-002C-0409-0000-0000000FF1CE} -> Microsoft Office Proofing (English) 2007
{90120000-0030-0000-0000-0000000FF1CE} -> Microsoft Office Enterprise 2007
{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF} -> Security Update for Microsoft Office system 2007 (972581)
{90120000-0044-0409-0000-0000000FF1CE} -> Microsoft Office InfoPath MUI (English) 2007
{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-006E-0409-0000-0000000FF1CE} -> Microsoft Office Shared MUI (English) 2007
{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-00A1-0409-0000-0000000FF1CE} -> Microsoft Office OneNote MUI (English) 2007
{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-00BA-0409-0000-0000000FF1CE} -> Microsoft Office Groove MUI (English) 2007
{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0114-0409-0000-0000000FF1CE} -> Microsoft Office Groove Setup Metadata MUI (English) 2007
{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0115-0409-0000-0000000FF1CE} -> Microsoft Office Shared Setup Metadata MUI (English) 2007
{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0117-0409-0000-0000000FF1CE} -> Microsoft Office Access Setup Metadata MUI (English) 2007
{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{91120000-002F-0000-0000-0000000FF1CE} -> Microsoft Office Home and Student 2007
{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} -> Microsoft Office 2007 Service Pack 2 (SP2)
{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF} -> Security Update for Microsoft Office system 2007 (972581)
{95120000-00AF-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint Viewer 2007 (English)
{A49F249F-0C91-497F-86DF-B2585E8E76B7} -> Microsoft Visual C++ 2005 Redistributable

dychang
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-01-13
OS OS : Windows XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Problem

Post by dychang on 23rd April 2010, 2:22 am

{A85FD55B-891B-4314-97A5-EA96C0BD80B5} -> Windows Live Messenger
{AC76BA86-7AD7-1033-7B44-A93000000001} -> Adobe Reader 9.3.2
{AC76BA86-7AD7-2448-0000-900000000003} -> Chinese Traditional Fonts Support For Adobe Reader 9
{B2EE25B9-5B00-4ACF-94F0-92433C28C39E} -> HP MediaSmart Music/Photo/Video
{B7050CBDB2504B34BC2A9CA0A692CC29} -> DivX Plus Web Player
{B98BE95C-E76F-4246-B8E6-BEB8EE791D06} -> Roxio Media Manager
{BBF6D0CD-A081-369F-B0B8-F168594CBB6B} -> Google Talk Plugin
{C4124E95-5061-4776-8D5D-E3D931C778E1} -> Microsoft VC9 runtime libraries
{C4CF43CE-94AE-498E-9EB1-C804E05CB3CA} -> HP User Guides 0125
{C59C179C-668D-49A9-B6EA-0121CCFC1243} -> LabelPrint
{CB099890-1D5F-11D5-9EA9-0050BAE317E1} -> PowerDirector
{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF} -> HP Active Support Library
{DCCAD079-F92C-44DA-B258-624FC6517A5A} -> HP MediaSmart DVD
{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001} -> IDT Audio
{E5E29403-3D25-40C6-892B-F9FEE2A95585} -> HP Wireless Assistant
{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6} -> muvee Reveal
{ECEE0279-785F-4CB3-9F28-E69813234BF8} -> SPORE Creature Creator Trial Edition
{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} -> Microsoft Choice Guard
{F6BD194C-4190-4D73-B1B1-C48C99921BFE} -> Windows Live Call
{FC053571-8507-44E4-8B6D-AACEAB8CA57C} -> Sansa Media Converter
Activation Assistant for the 2007 Microsoft Office suites -> Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR -> Adobe AIR
Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin
AIM_6 -> AIM 6
Any Video Converter Professional_is1 -> Any Video Converter Professional 3.0.3
Aura Video Converter_is1 -> Aura Video Converter 1.2.1
BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048} -> BlackBerry Desktop Software 5.0.1
com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> Acrobat.com
ENTERPRISE -> Microsoft Office Enterprise 2007
Free DVD Ripper 2.25_is1 -> Free DVD Ripper Version 2.25
Google Desktop -> Google Desktop
Handbrake -> Handbrake 0.9.4
HOMESTUDENTR -> Microsoft Office Home and Student 2007
HP.MediaSmartSlingPlayer_is1 -> HP MediaSmart SlingPlayer
InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187} -> SlingPlayer
InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D} -> HP MediaSmart Webcam
InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} -> CyberLink DVD Suite
InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658} -> Power2Go
InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15} -> HP MediaSmart TV
InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E} -> HP MediaSmart Music/Photo/Video
InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243} -> LabelPrint
InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1} -> PowerDirector
InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A} -> HP MediaSmart DVD
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
Mozilla Firefox (3.6.3) -> Mozilla Firefox (3.6.3)
NSS -> Norton Security Scan
Picasa 3 -> Picasa 3
Samsung ML-1740 Series -> Samsung ML-1740 Series
ViewpointMediaPlayer -> Viewpoint Media Player
VLC media player -> VLC media player 1.0.0
WildTangent hp Master Uninstall -> My HP Games
WinLiveSuite_Wave3 -> Windows Live Essentials
< Uninstall List [HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\] > -> HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk -> Google Talk (remove only)
BitTorrent -> BitTorrent
Google Chrome -> Google Chrome
Move Media Player -> Move Media Player
Sansa Updater -> Sansa Updater
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 4/22/2010 9:28:52 AM Computer Name = Stephanie-PC | Source = SideBySide | ID = 16842830 -> Description = Activation context generation failed for "C:\Users\Stephanie\Downloads\esetsmartinstaller_enu(7).exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Application [ Error ] 4/22/2010 11:04:41 AM Computer Name = Stephanie-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: Continuously busy for more than a second
Application [ Error ] 4/22/2010 11:04:41 AM Computer Name = Stephanie-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledEvent 5683460
Application [ Error ] 4/22/2010 11:04:41 AM Computer Name = Stephanie-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledSPRetry 5683460
Application [ Error ] 4/22/2010 11:04:47 AM Computer Name = Stephanie-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: Continuously busy for more than a second
Application [ Error ] 4/22/2010 11:04:48 AM Computer Name = Stephanie-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledEvent 5689310
Application [ Error ] 4/22/2010 11:04:48 AM Computer Name = Stephanie-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledSPRetry 5689310
Application [ Error ] 4/22/2010 11:04:49 AM Computer Name = Stephanie-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: Continuously busy for more than a second
Application [ Error ] 4/22/2010 11:04:50 AM Computer Name = Stephanie-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledEvent 5691728
Application [ Error ] 4/22/2010 11:04:50 AM Computer Name = Stephanie-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledSPRetry 5691728
Media Center [ Error ] 10/11/2009 9:57:02 PM Computer Name = Stephanie-PC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
System [ Error ] 11/27/2009 2:53:28 AM Computer Name = Stephanie-PC | Source = PlugPlayManager | ID = 12 -> Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&02E4) disappeared from the system without first being prepared for removal.
System [ Error ] 11/27/2009 2:53:29 AM Computer Name = Stephanie-PC | Source = PlugPlayManager | ID = 12 -> Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&03E4) disappeared from the system without first being prepared for removal.
System [ Error ] 11/27/2009 2:53:29 AM Computer Name = Stephanie-PC | Source = PlugPlayManager | ID = 12 -> Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&04E4) disappeared from the system without first being prepared for removal.
System [ Error ] 11/30/2009 3:10:57 AM Computer Name = Stephanie-PC | Source = HTTP | ID = 15016 -> Description =
System [ Error ] 11/30/2009 3:12:18 AM Computer Name = Stephanie-PC | Source = Service Control Manager | ID = 7000 -> Description =
System [ Error ] 11/30/2009 3:12:18 AM Computer Name = Stephanie-PC | Source = Service Control Manager | ID = 7009 -> Description =
System [ Error ] 11/30/2009 3:15:27 AM Computer Name = Stephanie-PC | Source = PlugPlayManager | ID = 12 -> Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&00E4) disappeared from the system without first being prepared for removal.
System [ Error ] 11/30/2009 3:15:27 AM Computer Name = Stephanie-PC | Source = PlugPlayManager | ID = 12 -> Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&02E4) disappeared from the system without first being prepared for removal.
System [ Error ] 11/30/2009 3:15:27 AM Computer Name = Stephanie-PC | Source = PlugPlayManager | ID = 12 -> Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&03E4) disappeared from the system without first being prepared for removal.
System [ Error ] 11/30/2009 3:15:27 AM Computer Name = Stephanie-PC | Source = PlugPlayManager | ID = 12 -> Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&04E4) disappeared from the system without first being prepared for removal.

[Files/Folders - Created Within 90 Days]
SysProt -> C:\Users\Stephanie\Desktop\SysProt -> [2010/04/22 21:46:00 | 000,000,000 | ---D | C]
SREngLdr.EXE -> C:\Users\Stephanie\Desktop\SREngLdr.EXE -> [2010/04/22 21:23:49 | 001,830,424 | ---- | C | MD5 = EA58EC54663535B38BD5B7E976BABAC3] (Smallfrogs Studio)
Upload -> C:\Users\Stephanie\Desktop\Upload -> [2010/04/22 21:23:49 | 000,000,000 | ---D | C]
hijackthis -> C:\Users\Stephanie\Desktop\hijackthis -> [2010/04/22 01:37:39 | 000,000,000 | ---D | C]
WinRAR -> C:\Users\Stephanie\AppData\Roaming\WinRAR -> [2010/04/22 01:35:29 | 000,000,000 | ---D | C]
ESET -> C:\Program Files (x86)\ESET -> [2010/04/22 00:31:37 | 000,000,000 | ---D | C]
32788R22FWJFW -> C:\32788R22FWJFW -> [2010/04/21 01:07:40 | 000,000,000 | ---D | C]
Malwarebytes -> C:\Users\Stephanie\AppData\Roaming\Malwarebytes -> [2010/04/20 00:06:36 | 000,000,000 | ---D | C]
mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2010/04/20 00:06:17 | 000,038,224 | ---- | C | MD5 = 75B8EF2A089127E8A3B38F46CC366D79] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2010/04/20 00:06:15 | 000,000,000 | ---D | C]
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2010/04/20 00:06:15 | 000,000,000 | ---D | C]
lcykohynw -> C:\Users\Stephanie\AppData\Local\lcykohynw -> [2010/04/19 22:59:12 | 000,000,000 | ---D | C]
iTunes -> C:\Program Files (x86)\iTunes -> [2010/04/05 21:07:18 | 000,000,000 | ---D | C]
{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> [2010/04/05 21:07:18 | 000,000,000 | ---D | C]
QuickTime -> C:\Program Files (x86)\QuickTime -> [2010/04/05 21:00:39 | 000,000,000 | ---D | C]
Bonjour -> C:\Program Files (x86)\Bonjour -> [2010/04/05 20:56:46 | 000,000,000 | ---D | C]
NYAWC Volunteer Council -> C:\Users\Stephanie\Documents\NYAWC Volunteer Council -> [2010/04/03 19:42:01 | 000,000,000 | ---D | C]
nshhttp.dll -> C:\Windows\SysWow64\nshhttp.dll -> [2010/03/15 20:52:08 | 000,024,064 | ---- | C | MD5 = 478ABCCF01166AC6D6AD0FA188051418] (Microsoft Corporation)
httpapi.dll -> C:\Windows\SysWow64\httpapi.dll -> [2010/03/15 20:52:01 | 000,030,720 | ---- | C | MD5 = F86293D93760C70ADF4F19E66E3FA5E8] (Microsoft Corporation)
Config.Msi -> C:\Config.Msi -> [2010/03/15 20:50:45 | 000,000,000 | -HSD | C]
Taxes 2009 -> C:\Users\Stephanie\Documents\Taxes 2009 -> [2010/03/14 23:01:17 | 000,000,000 | ---D | C]
Aura Video Converter -> C:\Users\Stephanie\Documents\Aura Video Converter -> [2010/03/12 10:39:51 | 000,000,000 | ---D | C]
Aura4You -> C:\Users\Stephanie\AppData\Roaming\Aura4You -> [2010/03/12 10:39:26 | 000,000,000 | ---D | C]
Aura4You -> C:\Program Files (x86)\Aura4You -> [2010/03/12 10:39:24 | 000,000,000 | ---D | C]
Any Video Converter Professional -> C:\Users\Stephanie\Documents\Any Video Converter Professional -> [2010/03/12 04:29:57 | 000,000,000 | ---D | C]
AnvSoft -> C:\Users\Stephanie\AppData\Roaming\AnvSoft -> [2010/03/12 04:29:26 | 000,000,000 | ---D | C]
AnvSoft -> C:\Program Files (x86)\AnvSoft -> [2010/03/12 04:29:21 | 000,000,000 | ---D | C]
Sansa Media Converter -> C:\Users\Stephanie\Documents\Sansa Media Converter -> [2010/03/12 03:24:13 | 000,000,000 | ---D | C]
xactengine2_0.dll -> C:\Windows\SysWow64\xactengine2_0.dll -> [2010/03/12 03:23:27 | 000,230,096 | ---- | C | MD5 = 2112FE0C46662D429347A7D7B49E3ECE] (Microsoft Corporation)
x3daudio1_0.dll -> C:\Windows\SysWow64\x3daudio1_0.dll -> [2010/03/12 03:23:27 | 000,014,032 | ---- | C | MD5 = 4E961525CC7FF0E5D7DA19E170B7C14C] (Microsoft Corporation)
d3dx9_29.dll -> C:\Windows\SysWow64\d3dx9_29.dll -> [2010/03/12 03:23:15 | 002,332,368 | ---- | C | MD5 = 99F4FC172A5ACE36CF00AA7038D23F2C] (Microsoft Corporation)
d3dx9_28.dll -> C:\Windows\SysWow64\d3dx9_28.dll -> [2010/03/12 03:23:14 | 002,323,664 | ---- | C | MD5 = BE19B603DFBAA829EE5B7749B3BA97DB] (Microsoft Corporation)
d3dx9_26.dll -> C:\Windows\SysWow64\d3dx9_26.dll -> [2010/03/12 03:23:09 | 002,297,552 | ---- | C | MD5 = 523AB607EEF81CC4D909E7FEBD8A788E] (Microsoft Corporation)
d3dx9_25.dll -> C:\Windows\SysWow64\d3dx9_25.dll -> [2010/03/12 03:22:59 | 002,337,488 | ---- | C | MD5 = 5B48FE9D6686F0D54B26A005ACE24D1D] (Microsoft Corporation)
d3dx9_24.dll -> C:\Windows\SysWow64\d3dx9_24.dll -> [2010/03/12 03:22:50 | 002,222,800 | ---- | C | MD5 = BC831661963763AC4D504C5CABB1FDD9] (Microsoft Corporation)
iviaspi.sys -> C:\Windows\SysWow64\iviaspi.sys -> [2010/03/12 03:22:05 | 000,014,608 | ---- | C | MD5 = 3FF38C4092E47392E815F4D44266BDD7] (InterVideo, Inc.)
SanDisk -> C:\Program Files (x86)\SanDisk -> [2010/03/12 03:21:55 | 000,000,000 | ---D | C]
SanDisk -> C:\Users\Stephanie\AppData\Roaming\SanDisk -> [2010/03/12 03:13:42 | 000,000,000 | ---D | C]
jscript.dll -> C:\Windows\SysWow64\jscript.dll -> [2010/02/23 23:05:53 | 000,726,528 | ---- | C | MD5 = 46E35CDEA68DFCE274BE2B51EB9F0D36] (Microsoft Corporation)
secproc_isv.dll -> C:\Windows\SysWow64\secproc_isv.dll -> [2010/02/23 23:05:36 | 000,471,552 | ---- | C | MD5 = F4BFD5330DA0899771EB24A0DDEF87AF] (Microsoft Corporation)
secproc.dll -> C:\Windows\SysWow64\secproc.dll -> [2010/02/23 23:05:34 | 000,471,552 | ---- | C | MD5 = C7EF2D81B9AC543DA9205701C45F62BD] (Microsoft Corporation)
RMActivate_isv.exe -> C:\Windows\SysWow64\RMActivate_isv.exe -> [2010/02/23 23:05:23 | 000,526,336 | ---- | C | MD5 = 447D3599FA65A9A8BCF7F9048BDB7035] (Microsoft Corporation)
RMActivate.exe -> C:\Windows\SysWow64\RMActivate.exe -> [2010/02/23 23:05:22 | 000,518,144 | ---- | C | MD5 = 8FB90F7CFBCCF50DF2E3080A2BC6F23B] (Microsoft Corporation)
RMActivate_ssp.exe -> C:\Windows\SysWow64\RMActivate_ssp.exe -> [2010/02/23 23:05:22 | 000,347,136 | ---- | C | MD5 = D1194E75C78C451698D7DFFDAB22C5DA] (Microsoft Corporation)
RMActivate_ssp_isv.exe -> C:\Windows\SysWow64\RMActivate_ssp_isv.exe -> [2010/02/23 23:05:22 | 000,346,624 | ---- | C | MD5 = A64C3712DF40DF6BD489A98E280130E7] (Microsoft Corporation)
msdrm.dll -> C:\Windows\SysWow64\msdrm.dll -> [2010/02/23 23:05:21 | 000,332,288 | ---- | C | MD5 = 2D74D853886BDD0CDE60BE5FDF22AD9A] (Microsoft Corporation)
secproc_ssp_isv.dll -> C:\Windows\SysWow64\secproc_ssp_isv.dll -> [2010/02/23 23:05:21 | 000,152,576 | ---- | C | MD5 = 7857CFD06825D710E18793D5306C7724] (Microsoft Corporation)
secproc_ssp.dll -> C:\Windows\SysWow64\secproc_ssp.dll -> [2010/02/23 23:05:21 | 000,152,064 | ---- | C | MD5 = B385C4E499591941E362E324969BB6FB] (Microsoft Corporation)
gameux.dll -> C:\Windows\SysWow64\gameux.dll -> [2010/02/23 23:05:14 | 001,696,256 | ---- | C | MD5 = 9C92BDBD4B2930DE83053D851D90B409] (Microsoft Corporation)
Apphlpdm.dll -> C:\Windows\SysWow64\Apphlpdm.dll -> [2010/02/23 23:05:13 | 000,028,672 | ---- | C | MD5 = 00AD6E3868B390745F9E3C58A557BC31] (Microsoft Corporation)
GameUXLegacyGDFs.dll -> C:\Windows\SysWow64\GameUXLegacyGDFs.dll -> [2010/02/23 23:05:12 | 004,240,384 | ---- | C | MD5 = 7EE94754C9AF5B8A4A97E620C4C07541] (Microsoft)
InstallShield -> C:\Users\Stephanie\AppData\Roaming\InstallShield -> [2010/02/23 21:41:00 | 000,000,000 | ---D | C]
PX Storage Engine -> C:\Program Files (x86)\Common Files\PX Storage Engine -> [2010/02/23 21:36:40 | 000,000,000 | ---D | C]
Sonic Shared -> C:\Program Files (x86)\Common Files\Sonic Shared -> [2010/02/23 21:30:18 | 000,000,000 | ---D | C]
Roxio -> C:\Program Files (x86)\Roxio -> [2010/02/23 21:30:18 | 000,000,000 | ---D | C]
Research In Motion -> C:\ProgramData\Research In Motion -> [2010/02/23 21:09:56 | 000,000,000 | ---D | C]
$AVG -> C:\$AVG -> [2010/02/20 03:05:35 | 000,000,000 | -H-D | C]
avg9 -> C:\ProgramData\avg9 -> [2010/02/20 03:04:39 | 000,000,000 | ---D | C]
Norton Security Scan -> C:\Program Files (x86)\Norton Security Scan -> [2010/02/20 02:55:12 | 000,000,000 | ---D | C]
NortonInstaller -> C:\Program Files (x86)\NortonInstaller -> [2010/02/20 02:55:10 | 000,000,000 | ---D | C]
DivX Shared -> C:\Program Files (x86)\Common Files\DivX Shared -> [2010/02/15 12:55:48 | 000,000,000 | ---D | C]
DivX -> C:\Program Files (x86)\DivX -> [2010/02/15 12:55:35 | 000,000,000 | ---D | C]
quartz.dll -> C:\Windows\SysWow64\quartz.dll -> [2010/02/10 01:05:57 | 001,314,816 | ---- | C | MD5 = EDA91FB72ED5F9B16B8AF72C2E68583C] (Microsoft Corporation)
msvfw32.dll -> C:\Windows\SysWow64\msvfw32.dll -> [2010/02/10 01:05:56 | 000,123,904 | ---- | C | MD5 = EACACA0F2FF4CC54A909E3C5721FCDE8] (Microsoft Corporation)
avifil32.dll -> C:\Windows\SysWow64\avifil32.dll -> [2010/02/10 01:05:56 | 000,091,136 | ---- | C | MD5 = 9EFDF7F0153C066BE619450E3D5D59DD] (Microsoft Corporation)
mciavi32.dll -> C:\Windows\SysWow64\mciavi32.dll -> [2010/02/10 01:05:56 | 000,082,944 | ---- | C | MD5 = 49481223D2451181266FD6BA51ACACAC] (Microsoft Corporation)
Cooliris -> C:\Users\Stephanie\AppData\Local\Cooliris -> [2010/02/02 23:56:28 | 000,000,000 | ---D | C]
Sun -> C:\ProgramData\Sun -> [2010/01/27 20:56:38 | 000,000,000 | ---D | C]
My Google Gadgets -> C:\Users\Stephanie\Documents\My Google Gadgets -> [2010/01/23 18:24:16 | 000,000,000 | ---D | C]

[Files/Folders - Modified Within 90 Days]
ntuser.dat -> C:\Users\Stephanie\ntuser.dat -> [2010/04/22 22:13:04 | 003,145,728 | -HS- | M | Unable to obtain MD5] ()
User_Feed_Synchronization-{89441D96-6562-40FB-A12A-527F67025E10}.job -> C:\Windows\tasks\User_Feed_Synchronization-{89441D96-6562-40FB-A12A-527F67025E10}.job -> [2010/04/22 22:12:59 | 000,000,438 | -H-- | M | MD5 = 4B751A9EF1B8CEE7E710024B4C2CA0C8] ()
GoogleUpdateTaskUserS-1-5-21-1413613182-2839125087-4029887168-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1413613182-2839125087-4029887168-1000UA.job -> [2010/04/22 22:08:00 | 000,000,924 | ---- | M | MD5 = 13AAED837E4BFD6D2AC06A77F84843CB] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2010/04/22 21:21:00 | 000,067,584 | --S- | M | MD5 = 9C9C00EAF2491E7BB0C85879982B2C76] ()
GetSystemInfo_STEPHANIE-PC_Stephanie_2010_04_22_12_59_26.zip -> C:\Users\Stephanie\Desktop\GetSystemInfo_STEPHANIE-PC_Stephanie_2010_04_22_12_59_26.zip -> [2010/04/22 13:06:18 | 000,279,877 | ---- | M | MD5 = 4023A210D5AE204622DF12A9C2C7324B] ()
GoogleUpdateTaskUserS-1-5-21-1413613182-2839125087-4029887168-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1413613182-2839125087-4029887168-1000Core.job -> [2010/04/22 04:08:00 | 000,000,872 | ---- | M | MD5 = BDBB33E9CC54E376952ADE7BF9BF20BB] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/04/22 01:41:54 | 000,000,006 | -H-- | M | MD5 = F1A6CD5ADAAB953A6764EA364E17BFB8] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/04/22 01:41:48 | 4193,210,368 | -HS- | M | Unable to obtain MD5] ()
bthservsdp.dat -> C:\Windows\bthservsdp.dat -> [2010/04/22 01:41:07 | 000,000,012 | ---- | M | Unable to obtain MD5] ()
ntuser.dat{8e63ebe6-9241-11de-91c1-00235a9e0270}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Stephanie\ntuser.dat{8e63ebe6-9241-11de-91c1-00235a9e0270}.TMContainer00000000000000000001.regtrans-ms -> [2010/04/22 01:41:06 | 000,524,288 | -HS- | M | Unable to obtain MD5] ()
ntuser.dat{8e63ebe6-9241-11de-91c1-00235a9e0270}.TM.blf -> C:\Users\Stephanie\ntuser.dat{8e63ebe6-9241-11de-91c1-00235a9e0270}.TM.blf -> [2010/04/22 01:41:06 | 000,065,536 | -HS- | M | Unable to obtain MD5] ()
IconCache.db -> C:\Users\Stephanie\AppData\Local\IconCache.db -> [2010/04/22 01:41:02 | 003,287,713 | -H-- | M | MD5 = EDD3588AF0ECE6C201D9CDC78C5A0E41] ()
hijackthis.rar -> C:\Users\Stephanie\Desktop\hijackthis.rar -> [2010/04/22 01:32:25 | 089,958,810 | ---- | M | MD5 = A56DCAA39473BE3E7548B369A4187F19] ()
d3d9caps.dat -> C:\Users\Stephanie\AppData\Local\d3d9caps.dat -> [2010/04/22 00:21:45 | 000,000,680 | ---- | M | MD5 = 5C9E9DEFB8661AE0500BF7456CC5D797] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Stephanie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/04/21 02:24:59 | 000,243,200 | ---- | M | MD5 = F26329FCBA46D8DDF8816FD9871177B2] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/04/20 00:06:19 | 000,000,848 | ---- | M | MD5 = 14E021DF7641A3BF8216BBE58FF3C868] ()
Adobe Reader 9.lnk -> C:\Users\Public\Desktop\Adobe Reader 9.lnk -> [2010/04/19 23:27:56 | 000,001,917 | ---- | M | MD5 = 9854B1DE380BCDB1A848E5197C7CE219] ()
Norton Security Scan for Stephanie.job -> C:\Windows\tasks\Norton Security Scan for Stephanie.job -> [2010/04/19 04:50:21 | 000,000,506 | -H-- | M | MD5 = FED19157691F30D9A10231B79BA2793C] ()
HPCeeScheduleForStephanie.job -> C:\Windows\tasks\HPCeeScheduleForStephanie.job -> [2010/04/16 06:45:08 | 000,000,350 | ---- | M | MD5 = 02E4075D8D6DD182ABF170CD04262217] ()
iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2010/04/05 21:08:56 | 000,001,804 | ---- | M | MD5 = 5E8DBC4AF36B6774C5999823DE3F51F8] ()
QuickTime Player.lnk -> C:\Users\Public\Desktop\QuickTime Player.lnk -> [2010/04/05 21:01:15 | 000,001,756 | ---- | M | MD5 = E3485FDDEB9DD97BDEDFC77076D58E0E] ()
Google Chrome.lnk -> C:\Users\Stephanie\Desktop\Google Chrome.lnk -> [2010/04/02 02:08:33 | 000,002,062 | ---- | M | MD5 = 020BBE059F79A5734FD7AAFA75A54CB6] ()
mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2010/03/30 00:46:30 | 000,038,224 | ---- | M | MD5 = 75B8EF2A089127E8A3B38F46CC366D79] (Malwarebytes Corporation)
Desktop Manager.lnk -> C:\Users\Public\Desktop\Desktop Manager.lnk -> [2010/03/26 01:05:29 | 000,001,899 | ---- | M | MD5 = 3B6F9534FCC915FC91A0431E8D266C37] ()
i hate my life.xlsx -> C:\Users\Stephanie\Desktop\i hate my life.xlsx -> [2010/03/25 01:15:44 | 000,009,949 | ---- | M | MD5 = 14401A3354C18A3B06F6E0216730C35D] ()
Aura Video Converter.lnk -> C:\Users\Stephanie\Desktop\Aura Video Converter.lnk -> [2010/03/12 10:39:34 | 000,000,976 | ---- | M | MD5 = D2B9096C12857773DC72C42A4A5055D5] ()
Any Video Converter Professional.lnk -> C:\Users\Stephanie\Desktop\Any Video Converter Professional.lnk -> [2010/03/12 04:29:32 | 000,001,024 | ---- | M | MD5 = 1D5E8EDC17D735883FD829613AD06A36] ()
Sansa Media Converter.lnk -> C:\Users\Public\Desktop\ Sansa Media Converter.lnk -> [2010/03/12 03:22:27 | 000,002,084 | ---- | M | MD5 = B8C88BA6C9C8D1396EBF3E26560E52C2] ()
MVI_7876.AVI -> C:\Users\Stephanie\Desktop\MVI_7876.AVI -> [2010/02/28 17:29:29 | 164,960,746 | ---- | M | MD5 = 54DCCFC4932597C77772CF6E2275E94F] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Stephanie\AppData\Local\GDIPFONTCACHEV1.DAT -> [2010/02/26 02:02:21 | 000,122,976 | ---- | M | MD5 = 9A05C5B504E970892079B82813B989CA] ()
nshhttp.dll -> C:\Windows\SysWow64\nshhttp.dll -> [2010/02/20 19:06:41 | 000,024,064 | ---- | M | MD5 = 478ABCCF01166AC6D6AD0FA188051418] (Microsoft Corporation)
httpapi.dll -> C:\Windows\SysWow64\httpapi.dll -> [2010/02/20 19:05:14 | 000,030,720 | ---- | M | MD5 = F86293D93760C70ADF4F19E66E3FA5E8] (Microsoft Corporation)
Norton Security Scan.lnk -> C:\Users\Public\Desktop\Norton Security Scan.lnk -> [2010/02/20 02:55:17 | 000,001,179 | ---- | M | MD5 = B9C2B3B4B5F9A278232AAF3699DD1C08] ()
DivX Movies.lnk -> C:\Users\Stephanie\Desktop\DivX Movies.lnk -> [2010/02/15 12:55:36 | 000,001,422 | ---- | M | MD5 = 15B10441F6CCC11B0DA46B4EB8BF1C4C] ()
MVI_0207.zip -> C:\Users\Stephanie\Desktop\MVI_0207.zip -> [2010/01/30 02:28:38 | 080,505,574 | ---- | M | MD5 = 07CA751517416AE3E29D5001858F8FED] ()
secproc_isv.dll -> C:\Windows\SysWow64\secproc_isv.dll -> [2010/01/25 08:00:35 | 000,471,552 | ---- | M | MD5 = F4BFD5330DA0899771EB24A0DDEF87AF] (Microsoft Corporation)
secproc_ssp_isv.dll -> C:\Windows\SysWow64\secproc_ssp_isv.dll -> [2010/01/25 08:00:35 | 000,152,576 | ---- | M | MD5 = 7857CFD06825D710E18793D5306C7724] (Microsoft Corporation)
secproc_ssp.dll -> C:\Windows\SysWow64\secproc_ssp.dll -> [2010/01/25 08:00:35 | 000,152,064 | ---- | M | MD5 = B385C4E499591941E362E324969BB6FB] (Microsoft Corporation)
secproc.dll -> C:\Windows\SysWow64\secproc.dll -> [2010/01/25 08:00:22 | 000,471,552 | ---- | M | MD5 = C7EF2D81B9AC543DA9205701C45F62BD] (Microsoft Corporation)
msdrm.dll -> C:\Windows\SysWow64\msdrm.dll -> [2010/01/25 07:58:52 | 000,332,288 | ---- | M | MD5 = 2D74D853886BDD0CDE60BE5FDF22AD9A] (Microsoft Corporation)
RMActivate_isv.exe -> C:\Windows\SysWow64\RMActivate_isv.exe -> [2010/01/25 04:21:20 | 000,526,336 | ---- | M | MD5 = 447D3599FA65A9A8BCF7F9048BDB7035] (Microsoft Corporation)
RMActivate_ssp_isv.exe -> C:\Windows\SysWow64\RMActivate_ssp_isv.exe -> [2010/01/25 04:21:20 | 000,346,624 | ---- | M | MD5 = A64C3712DF40DF6BD489A98E280130E7] (Microsoft Corporation)
RMActivate.exe -> C:\Windows\SysWow64\RMActivate.exe -> [2010/01/25 04:21:18 | 000,518,144 | ---- | M | MD5 = 8FB90F7CFBCCF50DF2E3080A2BC6F23B] (Microsoft Corporation)
RMActivate_ssp.exe -> C:\Windows\SysWow64\RMActivate_ssp.exe -> [2010/01/25 04:21:18 | 000,347,136 | ---- | M | MD5 = D1194E75C78C451698D7DFFDAB22C5DA] (Microsoft Corporation)
Google Desktop.lnk -> C:\Users\Public\Desktop\Google Desktop.lnk -> [2010/01/23 18:23:09 | 000,001,125 | ---- | M | MD5 = 098FD1F39DD1BFB69F63B38A44472EC1] ()
11 C:\Users\Stephanie\AppData\Local\Temp\*.tmp files -> C:\Users\Stephanie\AppData\Local\Temp\*.tmp ->
11 C:\Users\Stephanie\AppData\Local\Temp\*.tmp files -> C:\Users\Stephanie\AppData\Local\Temp\*.tmp ->

[Files - No Company Name]
GetSystemInfo_STEPHANIE-PC_Stephanie_2010_04_22_12_59_26.zip -> C:\Users\Stephanie\Desktop\GetSystemInfo_STEPHANIE-PC_Stephanie_2010_04_22_12_59_26.zip -> [2010/04/22 13:03:27 | 000,279,877 | ---- | C | MD5 = 4023A210D5AE204622DF12A9C2C7324B] ()
IconCache.db -> C:\Users\Stephanie\AppData\Local\IconCache.db -> [2010/04/22 01:41:02 | 003,287,713 | -H-- | C | MD5 = EDD3588AF0ECE6C201D9CDC78C5A0E41] ()
hijackthis.rar -> C:\Users\Stephanie\Desktop\hijackthis.rar -> [2010/04/22 01:19:14 | 089,958,810 | ---- | C | MD5 = A56DCAA39473BE3E7548B369A4187F19] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/04/22 00:36:42 | 4193,210,368 | -HS- | C | Unable to obtain MD5] ()
d3d9caps.dat -> C:\Users\Stephanie\AppData\Local\d3d9caps.dat -> [2010/04/20 09:27:32 | 000,000,680 | ---- | C | MD5 = 5C9E9DEFB8661AE0500BF7456CC5D797] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/04/20 00:06:19 | 000,000,848 | ---- | C | MD5 = 14E021DF7641A3BF8216BBE58FF3C868] ()
iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2010/04/05 21:08:56 | 000,001,804 | ---- | C | MD5 = 5E8DBC4AF36B6774C5999823DE3F51F8] ()
QuickTime Player.lnk -> C:\Users\Public\Desktop\QuickTime Player.lnk -> [2010/04/05 21:01:15 | 000,001,756 | ---- | C | MD5 = E3485FDDEB9DD97BDEDFC77076D58E0E] ()
Desktop Manager.lnk -> C:\Users\Public\Desktop\Desktop Manager.lnk -> [2010/03/26 01:05:29 | 000,001,899 | ---- | C | MD5 = 3B6F9534FCC915FC91A0431E8D266C37] ()
i hate my life.xlsx -> C:\Users\Stephanie\Desktop\i hate my life.xlsx -> [2010/03/22 21:55:00 | 000,009,949 | ---- | C | MD5 = 14401A3354C18A3B06F6E0216730C35D] ()
Aura Video Converter.lnk -> C:\Users\Stephanie\Desktop\Aura Video Converter.lnk -> [2010/03/12 10:39:34 | 000,000,976 | ---- | C | MD5 = D2B9096C12857773DC72C42A4A5055D5] ()
Any Video Converter Professional.lnk -> C:\Users\Stephanie\Desktop\Any Video Converter Professional.lnk -> [2010/03/12 04:29:32 | 000,001,024 | ---- | C | MD5 = 1D5E8EDC17D735883FD829613AD06A36] ()
Sansa Media Converter.lnk -> C:\Users\Public\Desktop\ Sansa Media Converter.lnk -> [2010/03/12 03:22:27 | 000,002,084 | ---- | C | MD5 = B8C88BA6C9C8D1396EBF3E26560E52C2] ()
MVI_7876.AVI -> C:\Users\Stephanie\Desktop\MVI_7876.AVI -> [2010/02/28 17:25:58 | 164,960,746 | ---- | C | MD5 = 54DCCFC4932597C77772CF6E2275E94F] ()
Norton Security Scan for Stephanie.job -> C:\Windows\tasks\Norton Security Scan for Stephanie.job -> [2010/02/20 02:55:21 | 000,000,506 | -H-- | C | MD5 = FED19157691F30D9A10231B79BA2793C] ()
Norton Security Scan.lnk -> C:\Users\Public\Desktop\Norton Security Scan.lnk -> [2010/02/20 02:55:17 | 000,001,179 | ---- | C | MD5 = B9C2B3B4B5F9A278232AAF3699DD1C08] ()
DivX Movies.lnk -> C:\Users\Stephanie\Desktop\DivX Movies.lnk -> [2010/02/15 12:55:36 | 000,001,422 | ---- | C | MD5 = 15B10441F6CCC11B0DA46B4EB8BF1C4C] ()
Adobe Reader 9.lnk -> C:\Users\Public\Desktop\Adobe Reader 9.lnk -> [2010/01/31 22:37:20 | 000,001,917 | ---- | C | MD5 = 9854B1DE380BCDB1A848E5197C7CE219] ()
MVI_0207.zip -> C:\Users\Stephanie\Desktop\MVI_0207.zip -> [2010/01/30 02:28:29 | 080,505,574 | ---- | C | MD5 = 07CA751517416AE3E29D5001858F8FED] ()
Google Desktop.lnk -> C:\Users\Public\Desktop\Google Desktop.lnk -> [2010/01/23 18:23:09 | 000,001,125 | ---- | C | MD5 = 098FD1F39DD1BFB69F63B38A44472EC1] ()
EhStorAuthn.dll -> C:\Windows\SysWow64\EhStorAuthn.dll -> [2009/12/03 02:06:21 | 000,117,248 | ---- | C | MD5 = 358A03A7A47F0AD71E84306AC635A626] ()
msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/12/03 02:04:10 | 000,368,640 | ---- | C | MD5 = 52CB0185C73E1BA86CC7F726F22523C3] ()
ractrlkeyhook.dll -> C:\Windows\SysWow64\ractrlkeyhook.dll -> [2009/09/10 11:21:44 | 000,008,520 | ---- | C | MD5 = 7628119761CD4C1E2FDC54A8DAB1606D] ()
tcpmon.ini -> C:\Windows\SysWow64\tcpmon.ini -> [2008/01/20 22:50:05 | 000,060,124 | ---- | C | MD5 = 47F22CAD4A16BB40153555D631546B94] ()
GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/11/02 11:07:25 | 000,037,665 | ---- | C | MD5 = E3E173CDA7B3982D762143BE19047ED5] ()
GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2006/11/02 11:07:25 | 000,029,779 | ---- | C | MD5 = B77AB4697B17FBBB25E41A15CC31D94E] ()
GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/11/02 11:07:25 | 000,026,489 | ---- | C | MD5 = D6B2075824BA9FAA4B37D98B13447F32] ()
GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2006/11/02 11:07:25 | 000,026,040 | ---- | C | MD5 = B7F882C45E520600053327AA42FA3A4F] ()
xvidvfw.dll -> C:\Windows\SysWow64\xvidvfw.dll -> [2006/02/28 21:17:30 | 000,159,744 | ---- | C | MD5 = 1F4E1A1E9F8C7C0EE4CFA7743527ED96] ()
xvidcore.dll -> C:\Windows\SysWow64\xvidcore.dll -> [2005/12/30 20:10:30 | 000,761,856 | ---- | C | MD5 = 81CCA8C60DD2EDAF394B6E75FF8E325F] ()

[File - Lop Check]
acccore -> C:\Users\Stephanie\AppData\Roaming\acccore -> [2009/06/18 20:59:33 | 000,000,000 | ---D | M]
AnvSoft -> C:\Users\Stephanie\AppData\Roaming\AnvSoft -> [2010/03/12 04:29:26 | 000,000,000 | ---D | M]
Aura4You -> C:\Users\Stephanie\AppData\Roaming\Aura4You -> [2010/03/12 10:39:26 | 000,000,000 | ---D | M]
BitTorrent -> C:\Users\Stephanie\AppData\Roaming\BitTorrent -> [2009/08/26 13:07:28 | 000,000,000 | ---D | M]
HandBrake -> C:\Users\Stephanie\AppData\Roaming\HandBrake -> [2009/11/24 20:30:23 | 000,000,000 | ---D | M]
Research In Motion -> C:\Users\Stephanie\AppData\Roaming\Research In Motion -> [2009/07/14 00:13:51 | 000,000,000 | ---D | M]
SanDisk -> C:\Users\Stephanie\AppData\Roaming\SanDisk -> [2010/03/12 03:13:42 | 000,000,000 | ---D | M]
SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2010/04/22 01:41:08 | 000,032,558 | ---- | M | Unable to obtain MD5] ()
User_Feed_Synchronization-{89441D96-6562-40FB-A12A-527F67025E10}.job -> C:\Windows\Tasks\User_Feed_Synchronization-{89441D96-6562-40FB-A12A-527F67025E10}.job -> [2010/04/22 22:12:59 | 000,000,438 | -H-- | M | MD5 = 4B751A9EF1B8CEE7E710024B4C2CA0C8] ()

[File - Purity Scan]

[Custom Scans]
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
dxtmsft.dll : Unable to obtain MD5 -> C:\Windows\SysWOW64\dxtmsft.dll -> [2009/03/08 07:31:42 | 000,348,160 | ---- | M | Unable to obtain MD5] (Microsoft Corporation)
dxtrans.dll : Unable to obtain MD5 -> C:\Windows\SysWOW64\dxtrans.dll -> [2009/03/08 07:31:37 | 000,216,064 | ---- | M | Unable to obtain MD5] (Microsoft Corporation)
iepeers.dll : Unable to obtain MD5 -> C:\Windows\SysWOW64\iepeers.dll -> [2010/01/02 02:32:32 | 000,184,320 | ---- | M | Unable to obtain MD5] (Microsoft Corporation)
< %systemroot%\system32\*.exe /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\System32\*.sys >
iviaspi.sys -> C:\Windows\SysWOW64\iviaspi.sys -> [2008/10/14 13:01:30 | 000,014,608 | ---- | M | MD5 = 3FF38C4092E47392E815F4D44266BDD7] (InterVideo, Inc.)
< %systemroot%\System32\drivers\*.dll >
< %systemroot%\System32\drivers\*.ini >
< %systemroot%\System32\drivers\*.exe >
< %SYSTEMDRIVE%\*.* >
bootmgr -> C:\bootmgr -> [2009/04/11 02:36:36 | 000,333,257 | RHS- | M | MD5 = 14B9D882551EC9FFB3C51A7D94C4266C] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/04/22 01:41:48 | 4193,210,368 | -HS- | M | Unable to obtain MD5] ()
IPH.PH -> C:\IPH.PH -> [2009/06/18 20:59:15 | 000,000,367 | -H-- | M | MD5 = D68D4E12A7B9A9DE17DD55A347C7F5AE] ()
msdia80.dll -> C:\msdia80.dll -> [2006/12/02 03:37:14 | 000,904,704 | ---- | M | MD5 = 800B746FDC4D80469AFC7E5E9B510C9C] (Microsoft Corporation)
pagefile.sys -> C:\pagefile.sys -> [2010/04/22 01:41:46 | 211,832,831 | -HS- | M | Unable to obtain MD5] ()
< %PROGRAMFILES%\*. >
Activation Assistant for the 2007 Microsoft Office suites -> C:\Program Files (x86)\Activation Assistant for the 2007 Microsoft Office suites -> [2009/02/23 01:54:37 | 000,000,000 | ---D | M]
Adobe -> C:\Program Files (x86)\Adobe -> [2010/01/31 22:37:14 | 000,000,000 | ---D | M]
AIM6 -> C:\Program Files (x86)\AIM6 -> [2009/06/18 20:59:14 | 000,000,000 | ---D | M]
AnvSoft -> C:\Program Files (x86)\AnvSoft -> [2010/03/12 04:29:21 | 000,000,000 | ---D | M]
Apple Software Update -> C:\Program Files (x86)\Apple Software Update -> [2009/08/22 16:39:39 | 000,000,000 | ---D | M]
Aura4You -> C:\Program Files (x86)\Aura4You -> [2010/03/12 10:39:24 | 000,000,000 | ---D | M]
AVG -> C:\Program Files (x86)\AVG -> [2010/02/20 03:04:39 | 000,000,000 | ---D | M]
BitTorrent -> C:\Program Files (x86)\BitTorrent -> [2009/08/16 02:58:06 | 000,000,000 | ---D | M]
Bonjour -> C:\Program Files (x86)\Bonjour -> [2010/04/05 20:56:46 | 000,000,000 | ---D | M]
Common Files -> C:\Program Files (x86)\Common Files -> [2010/02/23 21:36:40 | 000,000,000 | ---D | M]
CyberLink -> C:\Program Files (x86)\CyberLink -> [2009/02/23 02:09:59 | 000,000,000 | ---D | M]
DivX -> C:\Program Files (x86)\DivX -> [2010/02/15 12:56:32 | 000,000,000 | ---D | M]
ESET -> C:\Program Files (x86)\ESET -> [2010/04/22 00:31:37 | 000,000,000 | ---D | M]
Free DVD Ripper -> C:\Program Files (x86)\Free DVD Ripper -> [2009/11/15 04:46:13 | 000,000,000 | ---D | M]
Google -> C:\Program Files (x86)\Google -> [2010/01/23 18:22:25 | 000,000,000 | ---D | M]
Handbrake -> C:\Program Files (x86)\Handbrake -> [2009/11/24 20:30:17 | 000,000,000 | ---D | M]
Hewlett-Packard -> C:\Program Files (x86)\Hewlett-Packard -> [2009/05/21 23:33:52 | 000,000,000 | ---D | M]
Hewlett-Packard Company -> C:\Program Files (x86)\Hewlett-Packard Company -> [2009/02/23 00:55:57 | 000,000,000 | ---D | M]
Hp -> C:\Program Files (x86)\Hp -> [2009/02/23 02:21:19 | 000,000,000 | ---D | M]
HP Games -> C:\Program Files (x86)\HP Games -> [2009/02/23 01:56:22 | 000,000,000 | ---D | M]
InstallShield Installation Information -> C:\Program Files (x86)\InstallShield Installation Information -> [2010/03/12 03:21:55 | 000,000,000 | -H-D | M]
Intel -> C:\Program Files (x86)\Intel -> [2009/05/21 22:53:07 | 000,000,000 | ---D | M]
Internet Explorer -> C:\Program Files (x86)\Internet Explorer -> [2010/01/27 20:58:46 | 000,000,000 | ---D | M]
iTunes -> C:\Program Files (x86)\iTunes -> [2010/04/05 21:08:45 | 000,000,000 | ---D | M]
Java -> C:\Program Files (x86)\Java -> [2010/01/27 20:55:13 | 000,000,000 | ---D | M]
JunoPreloader -> C:\Program Files (x86)\JunoPreloader -> [2009/02/23 02:13:14 | 000,000,000 | ---D | M]
Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2010/04/20 00:06:20 | 000,000,000 | ---D | M]
Microsoft -> C:\Program Files (x86)\Microsoft -> [2009/10/04 20:51:38 | 000,000,000 | ---D | M]
Microsoft Office -> C:\Program Files (x86)\Microsoft Office -> [2009/07/03 02:39:50 | 000,000,000 | ---D | M]
Microsoft Silverlight -> C:\Program Files (x86)\Microsoft Silverlight -> [2010/01/23 17:59:50 | 000,000,000 | ---D | M]
Microsoft Visual Studio -> C:\Program Files (x86)\Microsoft Visual Studio -> [2009/07/03 02:40:16 | 000,000,000 | ---D | M]
Microsoft Visual Studio 8 -> C:\Program Files (x86)\Microsoft Visual Studio 8 -> [2009/07/03 02:14:28 | 000,000,000 | ---D | M]
Microsoft Works -> C:\Program Files (x86)\Microsoft Works -> [2009/06/19 03:02:55 | 000,000,000 | ---D | M]
Microsoft.NET -> C:\Program Files (x86)\Microsoft.NET -> [2009/02/23 01:53:17 | 000,000,000 | ---D | M]
Mozilla Firefox -> C:\Program Files (x86)\Mozilla Firefox -> [2010/04/21 00:32:07 | 000,000,000 | ---D | M]
MSBuild -> C:\Program Files (x86)\MSBuild -> [2009/07/03 02:40:45 | 000,000,000 | ---D | M]
MSN -> C:\Program Files (x86)\MSN -> [2009/02/23 02:13:27 | 000,000,000 | ---D | M]
MSXML 4.0 -> C:\Program Files (x86)\MSXML 4.0 -> [2009/06/18 19:31:56 | 000,000,000 | ---D | M]
muvee Technologies -> C:\Program Files (x86)\muvee Technologies -> [2009/05/22 00:03:16 | 000,000,000 | ---D | M]
NetZeroPreloader -> C:\Program Files (x86)\NetZeroPreloader -> [2009/02/23 02:13:51 | 000,000,000 | ---D | M]
Norton Security Scan -> C:\Program Files (x86)\Norton Security Scan -> [2010/02/20 02:55:12 | 000,000,000 | ---D | M]
NortonInstaller -> C:\Program Files (x86)\NortonInstaller -> [2010/02/20 02:55:10 | 000,000,000 | ---D | M]
Online Services -> C:\Program Files (x86)\Online Services -> [2009/06/18 18:30:37 | 000,000,000 | R--D | M]
QuickTime -> C:\Program Files (x86)\QuickTime -> [2010/04/05 21:01:44 | 000,000,000 | ---D | M]
Realtek -> C:\Program Files (x86)\Realtek -> [2009/05/21 22:56:13 | 000,000,000 | ---D | M]
Reference Assemblies -> C:\Program Files (x86)\Reference Assemblies -> [2006/11/02 11:07:27 | 000,000,000 | ---D | M]
Research In Motion -> C:\Program Files (x86)\Research In Motion -> [2010/02/23 21:13:42 | 000,000,000 | ---D | M]
Roxio -> C:\Program Files (x86)\Roxio -> [2010/02/23 21:36:32 | 000,000,000 | ---D | M]
SAMSUNG -> C:\Program Files (x86)\SAMSUNG -> [2009/06/18 22:04:20 | 000,000,000 | ---D | M]
SanDisk -> C:\Program Files (x86)\SanDisk -> [2010/03/12 03:21:55 | 000,000,000 | ---D | M]
Skype -> C:\Program Files (x86)\Skype -> [2009/06/18 19:06:18 | 000,000,000 | R--D | M]
Sling Media -> C:\Program Files (x86)\Sling Media -> [2009/02/23 01:55:37 | 000,000,000 | ---D | M]
SMINST -> C:\Program Files (x86)\SMINST -> [2009/06/18 18:37:32 | 000,000,000 | ---D | M]
Uninstall Information -> C:\Program Files (x86)\Uninstall Information -> [2006/11/02 11:36:07 | 000,000,000 | -H-D | M]
VideoLAN -> C:\Program Files (x86)\VideoLAN -> [2009/07/22 23:59:27 | 000,000,000 | ---D | M]
Viewpoint -> C:\Program Files (x86)\Viewpoint -> [2009/06/18 20:59:05 | 000,000,000 | ---D | M]
Windows Calendar -> C:\Program Files (x86)\Windows Calendar -> [2009/12/03 02:59:30 | 000,000,000 | ---D | M]
Windows Collaboration -> C:\Program Files (x86)\Windows Collaboration -> [2008/01/20 23:09:47 | 000,000,000 | ---D | M]
Windows Defender -> C:\Program Files (x86)\Windows Defender -> [2008/01/20 23:09:41 | 000,000,000 | ---D | M]
Windows Live -> C:\Program Files (x86)\Windows Live -> [2009/06/18 21:12:09 | 000,000,000 | ---D | M]
Windows Live SkyDrive -> C:\Program Files (x86)\Windows Live SkyDrive -> [2009/06/18 21:11:57 | 000,000,000 | ---D | M]
Windows Mail -> C:\Program Files (x86)\Windows Mail -> [2010/03/15 21:37:25 | 000,000,000 | ---D | M]
Windows Media Player -> C:\Program Files (x86)\Windows Media Player -> [2009/12/03 02:59:30 | 000,000,000 | ---D | M]
Windows NT -> C:\Program Files (x86)\Windows NT -> [2006/11/02 11:07:27 | 000,000,000 | ---D | M]
Windows Photo Gallery -> C:\Program Files (x86)\Windows Photo Gallery -> [2009/12/03 02:59:27 | 000,000,000 | ---D | M]
Windows Portable Devices -> C:\Program Files (x86)\Windows Portable Devices -> [2009/12/04 03:40:58 | 000,000,000 | ---D | M]
Windows Sidebar -> C:\Program Files (x86)\Windows Sidebar -> [2009/12/03 02:59:30 | 000,000,000 | ---D | M]
< %appdata%\*.* >
desktop.ini -> C:\Users\Stephanie\AppData\Roaming\desktop.ini -> [2009/07/14 00:06:23 | 000,000,006 | -HS- | M | MD5 = BEA07E6D2B8DCE396FE21BAA61B34956] ()
< End of report >
[/code]

dychang
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-01-13
OS OS : Windows XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Problem

Post by Dr Jay on 23rd April 2010, 1:44 pm

I see you are running BitTorrent, a P2P application. I suggest to read the following, and then decide whether you want to keep it or not: [You must be registered and logged in to see this link.]

====================================================

I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program now. Navigate to Start --> Control Panel --> Add or Remove Programs and uninstall the following programs if present.

  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint Toolbar

Let me know if you decided to uninstall it.

===================================================

Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

===================================================

Start OTS. Copy/Paste the information in bold below into the panel where it says "Paste fix here" and then click the Run Fix button.


[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\] > ->
YN -> HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\: "ProxyServer" -> http=127.0.0.1:5555
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{b9d0a090-229b-11df-9500-00235a9e0270} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9d0a090-229b-11df-9500-00235a9e0270}\shell\AutoRun\command ->
YY -> \{b9d0a090-229b-11df-9500-00235a9e0270}\shell\AutoRun\command\\"" -> F:\setup.exe [F:\setup.exe]
YN -> \{ff292315-702b-11de-9ad9-00235a9e0270} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff292315-702b-11de-9ad9-00235a9e0270}\shell\AutoRun\command ->
YY -> \{ff292315-702b-11de-9ad9-00235a9e0270}\shell\AutoRun\command\\"" -> G:\slacker.synclauncher.exe [G:\slacker.synclauncher.exe]
YN -> \{ff292315-702b-11de-9ad9-00235a9e0270} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff292315-702b-11de-9ad9-00235a9e0270}\shell\slacker\command ->
YY -> \{ff292315-702b-11de-9ad9-00235a9e0270}\shell\slacker\command\\"" -> G:\slacker.synclauncher.exe [G:\slacker.synclauncher.exe]
[Files/Folders - Created Within 90 Days]
NY -> lcykohynw -> C:\Users\Stephanie\AppData\Local\lcykohynw
NY -> {93E26451-CD9A-43A5-A2FA-C42392EA4001} -> C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[Purity]
[Empty Temp Folders]
[EmptyFlash]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan Problem

Post by dychang on 24th April 2010, 5:10 am

All Processes Killed
[Registry - Safe List]
Registry value HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9d0a090-229b-11df-9500-00235a9e0270}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9d0a090-229b-11df-9500-00235a9e0270}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9d0a090-229b-11df-9500-00235a9e0270}\shell\AutoRun\command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9d0a090-229b-11df-9500-00235a9e0270}\shell\AutoRun\command not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff292315-702b-11de-9ad9-00235a9e0270}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff292315-702b-11de-9ad9-00235a9e0270}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff292315-702b-11de-9ad9-00235a9e0270}\shell\AutoRun\command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff292315-702b-11de-9ad9-00235a9e0270}\shell\AutoRun\command not found.
File G:\slacker.synclauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff292315-702b-11de-9ad9-00235a9e0270}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff292315-702b-11de-9ad9-00235a9e0270}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff292315-702b-11de-9ad9-00235a9e0270}\shell\slacker\command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff292315-702b-11de-9ad9-00235a9e0270}\shell\slacker\command not found.
File G:\slacker.synclauncher.exe not found.
[Files/Folders - Created Within 90 Days]
C:\Users\Stephanie\AppData\Local\lcykohynw folder moved successfully.
C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\x64 folder moved successfully.
C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64 folder moved successfully.
C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} folder moved successfully.
[Purity]
Purity scan complete.
[Empty Temp Folders]


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Stephanie
->Temp folder emptied: 2308579 bytes
->Temporary Internet Files folder emptied: 978737 bytes
->Java cache emptied: 29626 bytes
->FireFox cache emptied: 85792616 bytes
->Google Chrome cache emptied: 310738606 bytes
->Flash cache emptied: 3814 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15364 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 381.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Stephanie
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.29.0 fix logfile created on 04242010_010120

Files\Folders moved on Reboot...
C:\Users\Stephanie\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...

dychang
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-01-13
OS OS : Windows XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Problem

Post by Dr Jay on 24th April 2010, 5:18 am

Tell me of any issues currently, that are plaguing your computer.

Is the Internet Explorer/Chrome still dysfunctional?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan Problem

Post by dychang on 24th April 2010, 5:35 am

they work fine now. the computer seems to be running at the way it was before the problems. thanks!

dychang
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-01-13
OS OS : Windows XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Problem

Post by Dr Jay on 24th April 2010, 1:29 pm

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


To remove all of the tools we used and the files and folders they created, please do the following:
Please download [You must be registered and logged in to see this link.] by OldTimer:

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


==

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan Problem

Post by dychang on 25th April 2010, 6:00 am


dychang
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-01-13
OS OS : Windows XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Problem

Post by Dr Jay on 25th April 2010, 7:10 pm

You did not post anything. Please re-post.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan Problem

Post by dychang on 26th April 2010, 5:52 am

Results of screen317's Security Check version 0.99.3
Windows Vista (UAC is enabled)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 18
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.3.2
Chinese Traditional Fonts Support For Adobe Reader 9
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

dychang
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-01-13
OS OS : Windows XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Problem

Post by Dr Jay on 27th April 2010, 1:36 am

Please consider updating to Windows Vista Service Packs 1 & 2.
Windows Vista Service Packs 1 & 2 contain all the updates released since the first release plus support for new types of hardware and emerging hardware standards.
It is now available via [You must be registered and logged in to see this link.] or as a standalone installation [You must be registered and logged in to see this link.].

=========================

Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

=====================================

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Antivirus/Antispyware

  • [You must be registered and logged in to see this link.]: this is Microsoft's free antivirus/antispyware program. It equips you with protection against viruses, spyware, trojans, rootkits, and worms. It is also light on the computer's performance. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.
  • [You must be registered and logged in to see this link.]: this is one of the most powerful, and easiest to use security software. The free version equips you with protection against viruses, spyware, trojans, rootkits, worms, and rogue software. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.


Firewall

  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version.
  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • [You must be registered and logged in to see this link.]: free and excellent firewall.


Note: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


See [You must be registered and logged in to see this link.] for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan Problem

Post by dychang on 27th April 2010, 3:05 am

No more questions. I would like to thank you for your time and patience! Thank you very much.

dychang
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-01-13
OS OS : Windows XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Problem

Post by Dr Jay on 27th April 2010, 3:07 am

You're welcome!


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum