Trojan Problem

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Re: Trojan Problem22nd April 2010, 11:52 pm

Your logs are clean. How is your computer running?

Re: Trojan Problem23rd April 2010, 12:43 am

internet explorer and google chrome do not work. firefox works.

Re: Trojan Problem23rd April 2010, 1:01 am

Download SREng

Extract it to Desktop and double click SREngLdr.EXE to run it
Select System Repair from the left pane.
Click on File Association
Select all entries that has an Error status click [Repair]
Refer to this image for an example:
Close SREng now.

Let me know what was fixed.

Re: Trojan Problem23rd April 2010, 1:27 am

There was an error with .JS
But when i click repair nothing happened. Still says error.

Re: Trojan Problem23rd April 2010, 1:36 am

Ok.

Let's go out on a limb.

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
At the bottom of the page
- Hidden Objects Only << Selected
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The
log will be saved automatically in the same folder Sysprot.exe was
extracted to. Open the text file and copy/paste the log here.

Re: Trojan Problem23rd April 2010, 1:49 am

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found

Re: Trojan Problem23rd April 2010, 1:56 am

Please download OTS by OldTimer and save it to your Desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

Close ALL OTHER PROGRAMS.
Double-click on OTS to start the program (if you are running on Vista then right-click the program and
choose Run as Administrator).
At the top, tick on Scan All Users section and Include MD5.
At File Age set it to 90 Days
In the Processes, Modules, Services, Drivers, and Registry
section, please set on Safe List.
In the Files Created Within and Files Modified Within section, set it to File Age
At the bottom, tick on all Safe List and Use Company Name WhiteList option
Under Additional Scans, tick on the "Extras" button and then click the checkboxes in front of the following items to select them:
Do NOT change any other settings.
Then, in the Custom Scans box, place this in:

%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\System32\*.sys
%systemroot%\System32\drivers\*.dll
%systemroot%\System32\drivers\*.ini
%systemroot%\System32\drivers\*.exe
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
%appdata%\*.*
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Re: Trojan Problem23rd April 2010, 2:21 am

[code]
OTS logfile created on: 4/22/2010 10:10:40 PM - Run 1
OTS by OldTimer - Version 3.1.29.0 Folder = C:\Users\Stephanie\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 48.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.39 Gb Total Space | 27.88 Gb Free Space | 9.80% Space Free | Partition Type: NTFS
Drive D: | 13.70 Gb Total Space | 2.10 Gb Free Space | 15.32% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEPHANIE-PC
Current User Name: Stephanie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 90 Days

[Processes - Safe List]
ots (2).exe -> C:\Users\Stephanie\Downloads\OTS (2).exe -> [2010/04/22 22:01:54 | 000,638,976 | ---- | M | MD5 = DB2AB821FA03D3E233BE4F64B6D83320] (OldTimer Tools)
applemobiledeviceservice.exe -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/03/19 10:49:20 | 000,144,672 | ---- | M | MD5 = ACB095E7E1663F1B83A41C22C5D75F90] (Apple Inc.)
googlecrashhandler.exe -> C:\Users\Stephanie\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe -> [2010/03/18 04:03:07 | 000,136,176 | ---- | M | MD5 = 5466909C288218D868AAB8061D308E71] (Google Inc.)
sansadispatch.exe -> C:\Users\Stephanie\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe -> [2010/03/12 03:13:55 | 000,079,872 | ---- | M | MD5 = E5F661A0A9689AF91FD293BB983E3EAD] (SanDisk Corporation)
rimautoupdate.exe -> C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe -> [2010/03/10 22:32:26 | 000,648,536 | ---- | M | MD5 = F19C447D7DA713D3FBAA672D0CDA9D94] (Research In Motion Limited)
googledesktop.exe -> C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe -> [2010/01/23 18:22:26 | 000,030,192 | ---- | M | MD5 = F0187E45268E86AAAA932CBD9087BEA8] (Google)
sidebar.exe -> C:\Program Files (x86)\Windows Sidebar\sidebar.exe -> [2009/04/11 02:28:03 | 001,233,920 | ---- | M | Unable to obtain MD5] (Microsoft Corporation)
tvcapsvc.exe -> C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -> [2009/02/09 18:14:02 | 000,296,320 | ---- | M | MD5 = 862E9DEC4B802DD58D897A151A17C527] ()
tvsched.exe -> C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -> [2009/02/09 18:14:02 | 000,116,096 | ---- | M | MD5 = 5DCE4656BF1EBA4EB475D192F23B0B56] ()
tvagent.exe -> C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe -> [2009/02/09 18:13:36 | 000,206,120 | ---- | M | MD5 = A7A5FC14A6D2A400AB8F2E0FA58D82FD] (CyberLink Corp.)
clmlsvc.exe -> C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe -> [2008/12/25 16:41:20 | 000,189,736 | ---- | M | MD5 = 498A9E93BCBBB3FBCEAB2ADA3B66658E] (CyberLink)
tsmagent.exe -> C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe -> [2008/12/25 16:41:16 | 001,316,136 | ---- | M | MD5 = 1131F49F162539DD4834C67B4E93CD89] (CyberLink Corp.)
blservice.exe -> C:\Program Files (x86)\SMINST\BLService.exe -> [2008/12/17 20:11:40 | 000,365,952 | ---- | M | MD5 = BC0A4D47472B042537F4E57B950415FA] ()
dvdagent.exe -> C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe -> [2008/11/28 21:04:26 | 001,148,200 | ---- | M | MD5 = B6F6228AB545E2819A60C0D63A84E52E] (CyberLink Corp.)
viewpointservice.exe -> C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 17:38:08 | 000,024,652 | ---- | M | MD5 = 5F974FDE801C73952770736BECDE11E7] (Viewpoint Corporation)
googletalk.exe -> C:\Users\Stephanie\AppData\Roaming\Google\Google Talk\googletalk.exe -> [2007/01/01 17:22:02 | 003,739,648 | ---- | M | MD5 = BCD9CBF0621F9A6767276A2E0BF1DD15] (Google)

[Modules - Safe List]
ots (2).exe -> C:\Users\Stephanie\Downloads\OTS (2).exe -> [2010/04/22 22:01:54 | 000,638,976 | ---- | M | MD5 = DB2AB821FA03D3E233BE4F64B6D83320] (OldTimer Tools)
comdlg32.dll -> C:\Windows\SysWOW64\comdlg32.dll -> [2009/04/11 02:28:18 | 000,450,560 | ---- | M | MD5 = 4AA2A0E26CEF1A803741253DCF9A1503] (Microsoft Corporation)

[Win32 Services - Safe List]
(Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/03/19 10:49:20 | 000,144,672 | ---- | M | MD5 = ACB095E7E1663F1B83A41C22C5D75F90] (Apple Inc.)
(GoogleDesktopManager-110309-193829) Google Desktop Manager 5.9.911.3589 [On_Demand | Stopped] -> C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe -> [2010/01/23 18:22:26 | 000,030,192 | ---- | M | MD5 = F0187E45268E86AAAA932CBD9087BEA8] (Google)
(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2009/03/30 00:39:54 | 000,089,920 | ---- | M | MD5 = CE07A466201096F021CD09D631B21540] (Microsoft Corporation)
(TVCapSvc) TV Background Capture Service (TVBCS) [Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -> [2009/02/09 18:14:02 | 000,296,320 | ---- | M | MD5 = 862E9DEC4B802DD58D897A151A17C527] ()
(TVSched) TV Task Scheduler (TVTS) [Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -> [2009/02/09 18:14:02 | 000,116,096 | ---- | M | MD5 = 5DCE4656BF1EBA4EB475D192F23B0B56] ()
(Recovery Service for Windows) Recovery Service for Windows [Auto | Running] -> C:\Program Files (x86)\SMINST\BLService.exe -> [2008/12/17 20:11:40 | 000,365,952 | ---- | M | MD5 = BC0A4D47472B042537F4E57B950415FA] ()
(Microsoft Office Groove Audit Service) Microsoft Office Groove Audit Service [On_Demand | Stopped] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -> [2008/10/25 11:44:08 | 000,065,888 | ---- | M | MD5 = 7C4C76B39D5525C4A465E0BE32528E19] (Microsoft Corporation)
(Viewpoint Manager Service) Viewpoint Manager Service [Auto | Running] -> C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 17:38:08 | 000,024,652 | ---- | M | MD5 = 5F974FDE801C73952770736BECDE11E7] (Viewpoint Corporation)
(MSDTC) Distributed Transaction Coordinator [Unknown | Stopped] -> C:\Windows\SysWOW64\Msdtc -> [2006/11/02 09:34:14 | 000,000,000 | ---D | M]
(vds) Virtual Disk [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vds.mof -> [2006/11/02 02:35:15 | 000,060,994 | ---- | M | MD5 = 21A96F0C1B123F2463C6D624F125EAC9] ()
(VSS) Volume Shadow Copy [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vss.mof -> [2006/11/02 02:35:15 | 000,055,846 | ---- | M | MD5 = 9E4414C27EEC14EAF36A4BD24CFEEA93] ()

[Driver Services - Safe List]
({55662437-DA8C-40c0-AADA-2C816A897A49}) Power Control [2009/05/21 20:32:39] [Kernel | Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -> [2008/11/28 21:04:24 | 000,146,928 | ---- | M | MD5 = 1CACFEF9E5DD866C5B79A135EE729E18] (CyberLink Corp.)
(Tcpip) TCP/IP Protocol Driver [Kernel | Boot | Running] -> C:\Windows\SysWOW64\wbem\tcpip.mof -> [2006/09/18 17:36:40 | 000,003,066 | ---- | M | MD5 = EEC4A068DE477651214F6C8014ECBEC0] ()
(mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> C:\Windows\SysWOW64\wbem\mpsdrv.mof -> [2006/09/18 17:35:23 | 000,001,088 | ---- | M | MD5 = 74D68CB40BCD45AAE89A8BECC87D3868] ()
(ASPI) Advanced SCSI Programming Interface Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\ASPI32.SYS -> [2002/07/17 16:20:32 | 000,084,832 | ---- | M | MD5 = E54E27976E2C5A6465D44C10B1D87AC0] (Adaptec)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\] > -> ->
HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb ->
HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\: Main\\"Default_Search_URL" -> http://www.google.com/ie ->
HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\: Main\\"Search Page" -> http://www.google.com ->
HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\: Main\\"Start Page" -> http://www.google.com/ ->
HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\: Main\\"StartPageCache" -> 1 ->
HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\: Search\\"Default_Search_URL" -> http://www.google.com/ie ->
HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\: Search\\"SearchAssistant" -> http://www.google.com/ie ->
HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\: SearchURL\\"" -> http://www.google.com/search/?q=%s ->
HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\: "ProxyOverride" -> ->
HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\: "ProxyServer" -> http=127.0.0.1:5555 ->
< FireFox Settings [Prefs.js] > -> C:\Users\Stephanie\AppData\Roaming\Mozilla\FireFox\Profiles\kofsij80.default\prefs.js ->
extensions.enabledItems -> LogMeInClient@logmein.com:1.0.0.586 ->
extensions.enabledItems -> moveplayer@movenetworks.com:7 ->
network.proxy.type -> 4 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2010/04/21 00:32:05 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2010/04/21 00:32:05 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Users\Stephanie\AppData\Roaming\Mozilla\Extensions -> [2009/10/11 21:19:46 | 000,000,000 | ---D | M]
-> C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\kofsij80.default\extensions -> [2010/04/22 00:57:48 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant -> C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\kofsij80.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/10/11 21:41:39 | 000,000,000 | ---D | M]
-> C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\kofsij80.default\extensions\LogMeInClient@logmein.com -> [2010/03/08 11:12:27 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2010/04/21 00:42:10 | 000,000,000 | ---D | M]
~[Filtered]~
Reset Hosts
127.0.0.1 localhost
::1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> [2009/06/02 11:56:14 | 001,082,880 | ---- | M | MD5 = CE16731D20BC8AFD532AC7A526D809A9] (Skype Technologies S.A.)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M | MD5 = A6B5A41C0ED007AB6C43CAD899E533D8] (Microsoft Corporation)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 15:41:30 | 000,408,448 | ---- | M | MD5 = B7899C3E21B299D7A3C0DA96CAE340BD] (Microsoft Corporation)
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [Microsoft Live Search Toolbar Helper] -> [2008/08/29 00:09:08 | 000,086,032 | ---- | M | MD5 = C12121B120411F2C9A457AF8339AB6C6] (Microsoft Corp.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}" [HKLM] -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [Microsoft Live Search Toolbar] -> [2008/08/29 00:09:08 | 000,086,032 | ---- | M | MD5 = C12121B120411F2C9A457AF8339AB6C6] (Microsoft Corp.)
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\] > -> HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"" -> [] -> File not found
"BlackBerryAutoUpdate" -> C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background] -> [2010/03/10 22:32:26 | 000,648,536 | ---- | M | MD5 = F19C447D7DA713D3FBAA672D0CDA9D94] (Research In Motion Limited)
"CLMLServer for HP TouchSmart" -> C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe ["C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"] -> [2008/12/25 16:41:20 | 000,189,736 | ---- | M | MD5 = 498A9E93BCBBB3FBCEAB2ADA3B66658E] (CyberLink)
"DVDAgent" -> C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe ["C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"] -> [2008/11/28 21:04:26 | 001,148,200 | ---- | M | MD5 = B6F6228AB545E2819A60C0D63A84E52E] (CyberLink Corp.)
"Google Desktop Search" -> C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> [2010/01/23 18:22:26 | 000,030,192 | ---- | M | MD5 = F0187E45268E86AAAA932CBD9087BEA8] (Google)
"GrooveMonitor" -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe ["C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"] -> [2008/10/25 11:44:34 | 000,031,072 | ---- | M | MD5 = 644795F6985C740F5E36E9336B837D0B] (Microsoft Corporation)
"HP Health Check Scheduler" -> c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe] -> [2008/10/09 11:58:56 | 000,075,008 | ---- | M | MD5 = AE37F6508716D2DD6122744C46686BEC] (Hewlett-Packard)
"Malwarebytes Anti-Malware (reboot)" -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2010/03/30 00:46:02 | 001,086,856 | ---- | M | MD5 = 6FD614E7109CC0A3DAFE65F9D394F66E] (Malwarebytes Corporation)
"RoxWatchTray" -> C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe ["C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"] -> [2009/07/08 13:31:24 | 000,236,016 | ---- | M | MD5 = BC9884D6D1D66993733B802E3F24B6B3] (Sonic Solutions)
"TSMAgent" -> C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe ["C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"] -> [2008/12/25 16:41:16 | 001,316,136 | ---- | M | MD5 = 1131F49F162539DD4834C67B4E93CD89] (CyberLink Corp.)
"TVAgent" -> C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe ["C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"] -> [2009/02/09 18:13:36 | 000,206,120 | ---- | M | MD5 = A7A5FC14A6D2A400AB8F2E0FA58D82FD] (CyberLink Corp.)
"UCam_Menu" -> C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe ["C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"] -> [2008/11/15 01:02:14 | 000,218,408 | ---- | M | MD5 = E86D6EEABEF5596F95E3810DB26948C8] (CyberLink Corp.)
"UpdateLBPShortCut" -> C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe ["C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"] -> [2008/06/13 22:11:32 | 000,210,216 | ---- | M | MD5 = 601D77C0AA637A99073210894554B6BA] (CyberLink Corp.)
"UpdateP2GoShortCut" -> C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe ["C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"] -> [2008/10/30 15:51:46 | 000,210,216 | ---- | M | MD5 = 4B57A44B5DDFDE882A050CDA5FC3E092] (CyberLink Corp.)
"UpdatePDIRShortCut" -> C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe ["C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"] -> [2008/06/13 22:11:32 | 000,210,216 | ---- | M | MD5 = 601D77C0AA637A99073210894554B6BA] (CyberLink Corp.)
"UpdatePSTShortCut" -> C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe ["C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"] -> [2008/11/26 15:34:22 | 000,210,216 | ---- | M | MD5 = 82A3031F7FAA61CB5E040B0D98A104AF] (CyberLink Corp.)
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2009/04/11 02:28:03 | 001,233,920 | ---- | M | Unable to obtain MD5] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2009/04/11 02:28:23 | 002,153,472 | ---- | M | MD5 = 16FC5B430123238E522B18E63C257AF8] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2009/04/11 02:28:03 | 001,233,920 | ---- | M | Unable to obtain MD5] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2009/04/11 02:28:23 | 002,153,472 | ---- | M | MD5 = 16FC5B430123238E522B18E63C257AF8] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\] > -> HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Aim6" -> C:\Program Files (x86)\AIM6\aim6.exe ["C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp] -> [2009/05/19 01:23:16 | 000,049,968 | ---- | M | MD5 = 5B4AF27E83DA8385A9B08E76DA730C91] (AOL LLC)
"googletalk" -> C:\Users\Stephanie\AppData\Roaming\Google\Google Talk\googletalk.exe [C:\Users\Stephanie\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart] -> [2007/01/01 17:22:02 | 003,739,648 | ---- | M | MD5 = BCD9CBF0621F9A6767276A2E0BF1DD15] (Google)
"msnmsgr" -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background] -> [2009/07/26 16:44:34 | 003,883,856 | ---- | M | MD5 = D39DA5B7139B4B5147B3C6A94978B5AA] (Microsoft Corporation)
"SansaDispatch" -> C:\Users\Stephanie\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [C:\Users\Stephanie\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe] -> [2010/03/12 03:13:55 | 000,079,872 | ---- | M | MD5 = E5F661A0A9689AF91FD293BB983E3EAD] (SanDisk Corporation)
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\sidebar.exe [C:\Program Files (x86)\Windows Sidebar\sidebar.exe] -> [2009/04/11 02:28:03 | 001,233,920 | ---- | M | Unable to obtain MD5] (Microsoft Corporation)
"WMPNSCFG" -> C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000] > -> HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000] > -> HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Google Photos Screensa&ver -> C:\Windows\SysWow64\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/02/19 19:47:50 | 003,604,480 | ---- | M | MD5 = D909DFE8CA0FA8E505B7C6B4621AF745] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Google Photos Screensa&ver -> C:\Windows\SysWow64\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/02/19 19:47:50 | 003,604,480 | ---- | M | MD5 = D909DFE8CA0FA8E505B7C6B4621AF745] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\] > -> HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Google Photos Screensa&ver -> C:\Windows\SysWow64\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/02/19 19:47:50 | 003,604,480 | ---- | M | MD5 = D909DFE8CA0FA8E505B7C6B4621AF745] (Google Inc.)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2008/10/25 07:52:00 | 000,604,056 | ---- | M | MD5 = E003E1BE8780DD39DF02C3F06CDEDF04] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2008/10/25 07:52:00 | 000,604,056 | ---- | M | MD5 = E003E1BE8780DD39DF02C3F06CDEDF04] (Microsoft Corporation)
{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Button: Skype] -> [2009/06/02 11:56:14 | 001,082,880 | ---- | M | MD5 = CE16731D20BC8AFD532AC7A526D809A9] (Skype Technologies S.A.)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. ->
Range1 [:Range = 127.0.0.1] -> http = Local intranet | ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. ->
Range1 [:Range = 127.0.0.1] -> http = Local intranet | ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\] > -> HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
localhost .[http] -> Local intranet ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\] > -> HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 2 range(s) found. ->
GD [:Range = 127.0.0.1] -> http = Local intranet | ->
Range1 [:Range = 127.0.0.1] -> http = Local intranet | ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] ->
{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} [HKLM] -> https://secure.logmein.com/activex/ractrl.cab?lmi=100 [Performance Viewer Activex Control] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.2.50 216.220.96.17 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{75B191AD-E0A8-438A-BDB2-EC5D29142D7C}\\DhcpNameServer -> 192.168.2.50 216.220.96.17 (Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)) ->
{F90732FA-B7B2-4A3E-AF2F-E22A3F22891F}\\DhcpNameServer -> 208.59.247.45 208.59.247.46 192.168.1.1 208.59.247.45 208.59.247.46 (Broadcom 802.11b/g WLAN) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/04/11 02:27:36 | 002,926,592 | ---- | M | MD5 = D07D4C3038F3578FFCE1C0237F2A1253] (Microsoft Corporation)
*MultiFile Done* -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M | MD5 = A6B5A41C0ED007AB6C43CAD899E533D8] (Microsoft Corporation)
< Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications ->
< Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications ->
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{02B048F8-F6B9-4D25-82C1-B8167CA72757} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{CBC50CB0-34DD-42BD-A53A-0539C0B7DD98} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
{F306F0B2-151E-404C-8AB1-5B4C5435E727} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{086254D1-F936-426F-A55F-A0DF29F7EF5D} -> profile=private | protocol=6 | dir=in | action=allow | name=bittorrent | app=c:\program files (x86)\bittorrent\bittorrent.exe |
{0D967056-9663-40DE-80FE-55DECAE2E3CF} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{0F4B7AA6-9DDF-4A1A-9492-4C4E8BD50EC9} -> dir=in | action=allow | name=hp touchsmart photo | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
{0F8B2BCE-1BEC-4CBA-923C-89D2A232392B} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe |
{11D22930-C2B3-4FE7-B162-5C8154035993} -> profile=private | protocol=6 | dir=in | action=allow | name=google talk plugin | app=c:\users\stephanie\appdata\local\google\google talk plugin\googletalkplugin.dll |
{15CCAD21-727A-43F9-914F-C0054864FC88} -> dir=in | action=allow | name=quick play resident program | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
{200FAD99-AAB3-49D0-9739-9A2205C23CB0} -> dir=in | action=allow | name=hp touchsmart photo | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
{2348E35A-4BE7-4D26-BCC1-366B06FF2731} -> profile=private | dir=in | action=allow | name=avgnsa.exe | app=c:\program files (x86)\avg\avg8\avgnsa.exe |
{2C687107-B50A-40CD-80D6-25C671B2B8F8} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{2ECFC0E1-13E1-4932-A1A5-2DFC005CD989} -> dir=in | action=allow | name=hp touchsmart music | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
{3259AE1C-4E15-4747-96E0-54D2DA313D6E} -> profile=public | protocol=6 | dir=in | action=allow | name=aol loader | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
{39AAB840-CE72-4C9B-B9DF-85198DC9E692} -> dir=in | action=allow | name=cyberlink powerdirector | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
{3D3C88B7-04C1-4018-BB3C-6C192393F47B} -> profile=public | protocol=6 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim6\aim6.exe |
{4582FB5B-96FA-45B1-960C-168BB811524E} -> profile=public | protocol=17 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim6\aim6.exe |
{477CA2AA-7D2C-4A6B-B52A-E23DBBA52CB4} -> profile=private | protocol=17 | dir=in | action=allow | name=bittorrent | app=c:\program files (x86)\bittorrent\bittorrent.exe |
{4C1D311C-2200-4732-ADF1-FFA74ECDA443} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{5E455DE9-48A1-4EBA-B9F0-7A84C4A09B78} -> profile=private | protocol=17 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe |
{6E75C581-47AC-4B5E-B6EA-E391ED6978AC} -> dir=in | action=allow | name=hp touchsmart video | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
{6FAC5DDB-BAE0-4551-8AFC-F172F377DB83} -> dir=in | action=allow | name=cyberlink media service | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
{77FF893B-F222-49F7-A421-8ADDF920D4FE} -> dir=in | action=allow | name=quick play | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
{7CEC41B6-70D0-454E-A547-A39A71D7496C} -> dir=in | action=allow | name=hp touchsmart media resident program | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
{8463B747-15D6-40BE-90D9-5257AEB63E80} -> profile=private | protocol=17 | dir=in | action=allow | name=google talk plugin | app=c:\users\stephanie\appdata\local\google\google talk plugin\googletalkplugin.exe |
{866F0DA9-C9AE-4537-BB6A-A7864AD29C18} -> dir=in | action=allow | name=hp touchsmart video | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
{8AE82D9F-5804-4745-9195-E91048D360D5} -> profile=public | protocol=17 | dir=in | action=allow | name=aol loader | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
{8B32D8F0-58F9-4019-912F-455AE1CC3E75} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{983EDF57-EAD1-458A-8088-8C89C935F3FE} -> dir=in | action=allow | name=cyberlink media service | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
{AC65BCDA-1D41-4B24-ACAE-843D1DBA71AB} -> profile=private | protocol=17 | dir=in | action=allow | name=google talk plugin | app=c:\users\stephanie\appdata\local\google\google talk plugin\googletalkplugin.dll |
{AE170123-B28F-4BF0-AFFD-295D046F0DA8} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe |
{BA0219BB-CC78-4666-B89F-6DDF3CEEBAEA} -> dir=in | action=allow | name=hp touchsmart music | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
{C41AD297-B324-474E-9E83-1F9945E78E3E} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{C5E8FEC8-07D7-42E4-935E-A045190E68D2} -> profile=private | protocol=6 | dir=in | action=allow | name=google talk plugin | app=c:\users\stephanie\appdata\local\google\google talk plugin\googletalkplugin.exe |
{C6A42D09-22C6-4873-9D4F-65C11A6E765F} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
{D0C143BF-8AA7-4B9D-A010-C65DA5D30EC2} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
{D100FBDC-756F-4C5D-A438-93E90595523C} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe |
{D90ECFCA-B27E-4FF1-9A0C-8E2F23C024FE} -> profile=private | protocol=6 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe |
{E35B4941-7F76-4125-A82D-EBC183C94FA5} -> profile=private | dir=in | action=allow | name=avgupd.exe | app=c:\program files (x86)\avg\avg8\avgupd.exe |
{E787A46D-9C9D-4E35-8381-6DE7B599BC87} -> dir=in | action=allow | name=hp mediasmart dvd | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
{EBE4DD6E-2AAC-499D-9902-7AD8820D02F4} -> dir=in | action=allow | name=windows live call | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
{FF6C964B-56E1-43C8-A46B-4E03CE14817E} -> dir=in | action=allow | name=hp touchsmart media resident program | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
TCP Query User{45417DC6-7EFD-45BE-A516-78A54C872C2D}C:\program files (x86)\java\jre6\bin\java.exe -> profile=private | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\java.exe |
TCP Query User{7E0EFB4E-7ADA-4235-A246-EB05903D5FA1}C:\program files (x86)\aim6\aim6.exe -> profile=private | protocol=6 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim6\aim6.exe |
TCP Query User{7FB3BCD4-0D26-407D-8A53-CD89E7E256B7}C:\program files (x86)\bittorrent\bittorrent.exe -> profile=public | protocol=6 | dir=in | action=allow | name=bittorrent | app=c:\program files (x86)\bittorrent\bittorrent.exe |
TCP Query User{9457EAEA-C797-4D2E-A724-F3D74AE60ABA}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=6 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe |
TCP Query User{A4064BF3-CEA7-4B45-8976-9F09626C9DF7}C:\program files (x86)\mozilla firefox\firefox.exe -> profile=private | protocol=6 | dir=in | action=allow | name=firefox | app=c:\program files (x86)\mozilla firefox\firefox.exe |
UDP Query User{4F37351A-0692-4AB5-9F6A-692AE64DB899}C:\program files (x86)\aim6\aim6.exe -> profile=private | protocol=17 | dir=in | action=allow | name=aim | app=c:\program files (x86)\aim6\aim6.exe |
UDP Query User{83CDB6F1-0813-4D1F-9506-4B6B58B45E8F}C:\program files (x86)\bittorrent\bittorrent.exe -> profile=public | protocol=17 | dir=in | action=allow | name=bittorrent | app=c:\program files (x86)\bittorrent\bittorrent.exe |
UDP Query User{A635F32F-716E-459C-BD3D-17EC26EE89F3}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=17 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe |
UDP Query User{A8F6E8A7-543B-40DB-A3FC-20C6A4A56C73}C:\program files (x86)\java\jre6\bin\java.exe -> profile=private | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\java.exe |
UDP Query User{E3AFCA6A-E683-450B-93A2-1441AFE7FB19}C:\program files (x86)\mozilla firefox\firefox.exe -> profile=private | protocol=17 | dir=in | action=allow | name=firefox | app=c:\program files (x86)\mozilla firefox\firefox.exe |
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->

Re: Trojan Problem23rd April 2010, 2:22 am

"ImagePath" -> C:\Windows\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/04/11 01:34:39 | 000,079,872 | ---- | M | MD5 = C025AA69BE3D0D25C7A2E746EF6F94FC] (Microsoft Corporation)
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{9ae7409b-6795-11de-8296-00235a9e0270}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ae7409b-6795-11de-8296-00235a9e0270}\shell\AutoRun\command
\{9ae7409b-6795-11de-8296-00235a9e0270}\shell\AutoRun\command\\"" -> F:\WD_Windows_Tools\Setup.exe [F:\WD_Windows_Tools\Setup.exe] -> File not found
\{b9d0a090-229b-11df-9500-00235a9e0270}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9d0a090-229b-11df-9500-00235a9e0270}\shell\AutoRun\command
\{b9d0a090-229b-11df-9500-00235a9e0270}\shell\AutoRun\command\\"" -> F:\setup.exe [F:\setup.exe] -> File not found
\{ff292315-702b-11de-9ad9-00235a9e0270}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff292315-702b-11de-9ad9-00235a9e0270}\shell\AutoRun\command
\{ff292315-702b-11de-9ad9-00235a9e0270}\shell\AutoRun\command\\"" -> G:\slacker.synclauncher.exe [G:\slacker.synclauncher.exe] -> File not found
\{ff292315-702b-11de-9ad9-00235a9e0270}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff292315-702b-11de-9ad9-00235a9e0270}\shell\slacker\command
\{ff292315-702b-11de-9ad9-00235a9e0270}\shell\slacker\command\\"" -> G:\slacker.synclauncher.exe [G:\slacker.synclauncher.exe] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command ->
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->

[Registry - Additional Scans - Safe List]
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 ->
"msacm.l3acm" -> C:\Windows\SysWOW64\l3codeca.acm [C:\Windows\SysWOW64\l3codeca.acm] -> [2008/01/20 22:51:46 | 000,062,464 | ---- | M | MD5 = 733A9243A14753652F9FA9C8BBC44F98] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.l3codecp" -> C:\Windows\SysWow64\l3codecp.acm [l3codecp.acm] -> [2008/01/20 22:51:46 | 000,220,672 | ---- | M | MD5 = 95A6DAE184FC86AB9215374B7C6390F9] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.siren" -> C:\Windows\SysWow64\sirenacm.dll [sirenacm.dll] -> [2009/07/26 16:44:56 | 000,048,448 | ---- | M | MD5 = CF1C4265A73D50A1CE97FD308CE1AFC9] (Microsoft Corporation)
"vidc.cvid" -> C:\Windows\SysWow64\iccvid.dll [iccvid.dll] -> [2006/11/02 11:02:31 | 000,081,920 | ---- | M | MD5 = 81ECD1670CD56677FC124B9479DBE5F0] (Radius Inc.)
"vidc.XVID" -> C:\Windows\SysWow64\xvidvfw.dll [xvidvfw.dll] -> [2006/02/28 21:17:30 | 000,159,744 | ---- | M | MD5 = 1F4E1A1E9F8C7C0EE4CFA7743527ED96] ()
< Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ ->
{02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\IEAWSDC.DLL [Microsoft Office Template and Media Control] -> [2008/10/25 06:18:50 | 000,172,880 | ---- | M | MD5 = E6BC6BA065287D7B6C22D9231E80AF3B] ()
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> C:\Program Files (x86)\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2010/03/17 23:28:24 | 000,800,048 | ---- | M | MD5 = AD99EC8908185A02307CF071EF7BD9CF] (Apple Inc.)
{03D19749-C5FA-4CCC-99AB-00AB2AF45ACD} [HKLM] -> C:\Windows\Downloaded Program Files\CONFLICT.1\RACtrl.dll [File Transfer ActiveX Client] -> [2009/09/24 11:06:36 | 004,023,624 | ---- | M | MD5 = F386CDC88689C67B30BD313EA5A4DE1D] ()
{03F998B2-0E00-11D3-A498-00104B6EB52E} [HKLM] -> C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\AxMetaStream.dll [MetaStreamCtl Class] -> [2008/02/06 20:58:48 | 000,262,214 | ---- | M | MD5 = B683D285F81C01F2A0EED59E79C35C77] (Viewpoint Corporation)
{07B06095-5687-4D13-9E32-12B4259C9813} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\STSUPLD.DLL [STSUpld UploadCtl Class] -> [2006/10/26 23:59:30 | 000,227,128 | ---- | M | MD5 = 40A2F9DBE7434EB9B866D4B67FCA6C5B] (Microsoft Corporation)
{0D012ABD-CEED-11D2-9C76-00105AA73033} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveDocumentShareTool.dll [Groove DocumentShareView] -> [2009/02/14 06:03:38 | 003,070,832 | ---- | M | MD5 = ECA43292F8C283A96756A95DAA2BF93B] (Microsoft Corporation)
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{19916E01-B44E-4E31-94A4-4696DF46157B} [HKLM] -> C:\Windows\SysWOW64\icardie.dll [InformationCardSigninHelper Class] -> [2009/03/08 07:31:51 | 000,059,904 | ---- | M | MD5 = 17A6B9EFC1D37368379F4E77EC3F2761] (Microsoft Corporation)
{1B00725B-C455-4DE6-BFB6-AD540AD427CD} [HKLM] -> C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\AxMetaStream.dll [MetaStreamCtl Class] -> [2008/02/06 20:58:48 | 000,262,214 | ---- | M | MD5 = B683D285F81C01F2A0EED59E79C35C77] (Viewpoint Corporation)
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{3050F819-98B5-11CF-BB82-00AA00BDCE0B} [HKLM] -> C:\Windows\SysWOW64\mshtmled.dll [HtmlDlgSafeHelper Class] -> [2009/03/08 07:31:24 | 000,066,560 | ---- | M | MD5 = 7C9AAF547A0AF93C3F1BB7DC3AED4ECC] (Microsoft Corporation)
{333C7BC4-460F-11D0-BC04-0080C7055A83} [HKLM] -> C:\Windows\SysWOW64\tdc.ocx [Tabular Data Control] -> [2009/03/08 07:30:54 | 000,066,560 | ---- | M | MD5 = 9BAA9D6879028C32FCE8808C4C7E86BE] (Microsoft Corporation)
{3FD37ABB-F90A-4DE5-AA38-179629E64C2F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Spreadsheet Launcher] -> [2009/03/06 04:23:08 | 000,140,168 | ---- | M | MD5 = 29598106730A792694FA91E1184E5501] (Microsoft Corporation)
{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> C:\Program Files (x86)\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2010/03/17 23:28:24 | 000,800,048 | ---- | M | MD5 = AD99EC8908185A02307CF071EF7BD9CF] (Apple Inc.)
{4849E17D-2DEF-40D7-98DE-DB555B4A589C} [HKLM] -> C:\Windows\Downloaded Program Files\CONFLICT.1\RACtrl.dll [Telnet ActiveX Client] -> [2009/09/24 11:06:36 | 004,023,624 | ---- | M | MD5 = F386CDC88689C67B30BD313EA5A4DE1D] ()
{4F07F79F-087F-42cf-8B36-7A88D06088E9} [HKLM] -> C:\Program Files (x86)\Windows Live\Messenger\msgsc.14.0.8089.0726.dll [Reg Error: Value error.] -> [2009/07/26 16:44:56 | 000,221,520 | ---- | M | MD5 = 7EE6C2556E674AB1A6EBF89C1800302F] (Microsoft Corporation)
{556EEC63-31E2-47C3-BF29-DFF799D2FE04} [HKLM] -> C:\Windows\Downloaded Program Files\CONFLICT.1\RACtrl.dll [Remote Access ActiveX Client] -> [2009/09/24 11:06:36 | 004,023,624 | ---- | M | MD5 = F386CDC88689C67B30BD313EA5A4DE1D] ()
{56A58823-AE99-11D5-B90B-0050DACD1F75} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveCommonComponents.dll [Groove Data List Display] -> [2009/02/14 06:03:28 | 002,687,336 | ---- | M | MD5 = 9E1E3647CDE6AF66D3CD634624A99365] (Microsoft Corporation)
{5852F5ED-8BF4-11D4-A245-0080C6F74284} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\wsdetect.dll [isInstalled Class] -> [2009/12/17 18:14:04 | 000,108,320 | ---- | M | MD5 = 6C51E76334351F609DD152611709AE2A] (Sun Microsystems, Inc.)
{62B4D041-4667-40B6-BB50-4BC0A5043A73} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Export Database Launcher] -> [2009/03/06 04:23:08 | 000,140,168 | ---- | M | MD5 = 29598106730A792694FA91E1184E5501] (Microsoft Corporation)
{65BCBEE4-7728-41A0-97BE-14E1CAE36AAE} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\STSLIST.DLL [Microsoft Office List 12.0] -> [2009/03/06 03:01:06 | 002,335,648 | ---- | M | MD5 = 573689497BF82AD0FEAF4581AB6E4042] (Microsoft Corporation)
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} [HKLM] -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [DivXBrowserPlugin Object] -> [2009/11/13 20:47:26 | 002,471,224 | ---- | M | MD5 = EDBA797E78300759A09AF77C77F5D9E7] (DivX,Inc.)
{6BF52A52-394A-11d3-B153-00C04F79FAA6} [HKLM] -> C:\Windows\SysWOW64\wmp.dll [Windows Media Player] -> [2009/09/10 12:49:49 | 010,626,560 | ---- | M | MD5 = 2DF7EC6673A1CB823A73C6AFFD54CF66] (Microsoft Corporation)
{760C4B83-E211-11D2-BF3E-00805FBE84A6} [HKLM] -> C:\Windows\SysWOW64\msnetobj.dll [Windows Media Services DRM Storage object] -> [2009/04/11 02:28:21 | 000,179,712 | ---- | M | MD5 = 584C4A26F210B823BBF73BB985CAA2CE] (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{8075631E-5146-11D5-A672-00B0D022E945} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\INLAUNCH.DLL [SharepointOpenXMLDocuments] -> [2009/03/06 04:26:06 | 000,065,400 | ---- | M | MD5 = E34C3EAC482B0FE3913E23FC2E85424C] (Microsoft Corporation)
{88d969c0-f192-11d4-a65f-0040963251e5} [HKLM] -> c:\Windows\SysWOW64\msxml4.dll [XML DOM Document 4.0] -> [2009/07/21 01:05:40 | 001,348,432 | ---- | M | MD5 = 09DEF3ABB6A196749299359AC5578DD8] (Microsoft Corporation)
{88d969c1-f192-11d4-a65f-0040963251e5} [HKLM] -> c:\Windows\SysWOW64\msxml4.dll [Free Threaded XML DOM Document 4.0] -> [2009/07/21 01:05:40 | 001,348,432 | ---- | M | MD5 = 09DEF3ABB6A196749299359AC5578DD8] (Microsoft Corporation)
{88d969c2-f192-11d4-a65f-0040963251e5} [HKLM] -> c:\Windows\SysWOW64\msxml4.dll [XML Schema Cache 4.0] -> [2009/07/21 01:05:40 | 001,348,432 | ---- | M | MD5 = 09DEF3ABB6A196749299359AC5578DD8] (Microsoft Corporation)
{88d969c3-f192-11d4-a65f-0040963251e5} [HKLM] -> c:\Windows\SysWOW64\msxml4.dll [XSL Template 4.0] -> [2009/07/21 01:05:40 | 001,348,432 | ---- | M | MD5 = 09DEF3ABB6A196749299359AC5578DD8] (Microsoft Corporation)
{88d969c4-f192-11d4-a65f-0040963251e5} [HKLM] -> c:\Windows\SysWOW64\msxml4.dll [XML Data Source Object 4.0] -> [2009/07/21 01:05:40 | 001,348,432 | ---- | M | MD5 = 09DEF3ABB6A196749299359AC5578DD8] (Microsoft Corporation)
{88d969c5-f192-11d4-a65f-0040963251e5} [HKLM] -> c:\Windows\SysWOW64\msxml4.dll [XML HTTP 4.0] -> [2009/07/21 01:05:40 | 001,348,432 | ---- | M | MD5 = 09DEF3ABB6A196749299359AC5578DD8] (Microsoft Corporation)
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_18] -> [2009/12/17 18:14:04 | 000,108,320 | ---- | M | MD5 = AD9E4059789D2389B746C58421194722] ()
{8E4062D9-FE1B-4b9e-AA16-5E8EEF68F48E} [HKLM] -> C:\Windows\SysWOW64\RegCtrl.dll [Registration Control] -> [2008/01/20 22:49:42 | 000,040,960 | ---- | M | MD5 = 355B623E5E870E2166AAF997DBAE9C89] (Microsoft Corporation)
{9203C2CB-1DC1-482D-967E-597AFF270F0D} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint OpenDocuments Class] -> [2009/03/06 04:23:08 | 000,140,168 | ---- | M | MD5 = 29598106730A792694FA91E1184E5501] (Microsoft Corporation)
{9F9C4924-C3F3-4459-A396-9E9E0D8B83D1} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [HKLM] -> C:\Windows\SysWOW64\msnetobj.dll [RMGetLicense Class] -> [2009/04/11 02:28:21 | 000,179,712 | ---- | M | MD5 = 584C4A26F210B823BBF73BB985CAA2CE] (Microsoft Corporation)
{BAEB32D0-732D-11d2-8BF4-0060B0A4A9EA} [HKLM] -> C:\Program Files (x86)\AIM6\services\imApp\ver6_9_15_1\isAim.dll [aimlocator Class] -> [2009/05/19 01:18:18 | 000,062,256 | ---- | M | MD5 = 55C0A183F02DF1A0AD491DE93FDF1DEB] (AOL LLC)
{BDEADE3E-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [OWSClientEventSubscription Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE3F-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [OWSClientMiscApis Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE40-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [OWSClientCommentThread Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE42-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [OWSClientComment Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE43-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [OWSBrowserUI Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE98-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [OWS Post Data] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE9E-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [SharePoint Spreadsheet Launcher] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEB3-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEB4-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEB5-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEB7-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [OWSDiscussionServers Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEB8-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [OWSClientCollaboration Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEDA-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [OSE.Discussion] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEDB-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [OSE.Discussions] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEDC-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [OSE.DiscussionServer] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEDD-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [OSE.DiscussionServers] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEDE-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [OSE Global Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEE0-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSCLT.DLL [OWSDiscussionBar Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEF2-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found
{BDEADEF4-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint Stssync Handler] -> File not found
{BDEADEF5-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Stssync Handler] -> [2009/03/06 04:23:08 | 000,140,168 | ---- | M | MD5 = 29598106730A792694FA91E1184E5501] (Microsoft Corporation)
{C2828995-4A83-4100-A212-3024BA117356} [HKLM] -> C:\Program Files (x86)\Windows Live SkyDrive\Microsoft.Live.Folders.RichUpload.3.dll [Windows Live Upload Tool] -> [2008/10/29 11:46:56 | 000,245,112 | ---- | M | MD5 = DA204A2BAB5780A0DF37EB5BE58FCA57] (Microsoft Corporation)
{C9712B19-838B-45A5-ABF2-9A315DDDED50} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\AUTHZAX.DLL [Microsoft Office 12 Authorization Control] -> [2008/10/25 06:18:46 | 000,054,152 | ---- | M | MD5 = 96ED72080E20A360AB0D2597D1AC4EF6] (Microsoft Corporation)
{CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll [Adobe PDF Reader] -> [2010/04/03 19:22:06 | 000,660,912 | ---- | M | MD5 = 5EB22D662FA979B2F83BF0E71DC58C78] (Adobe Systems, Inc.)
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_07] -> [2009/12/17 18:14:04 | 000,108,320 | ---- | M | MD5 = AD9E4059789D2389B746C58421194722] ()
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_07] -> [2009/12/17 18:14:04 | 000,108,320 | ---- | M | MD5 = AD9E4059789D2389B746C58421194722] ()
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_07] -> [2009/12/17 18:14:04 | 000,108,320 | ---- | M | MD5 = AD9E4059789D2389B746C58421194722] ()
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_18] -> [2009/12/17 18:14:04 | 000,108,320 | ---- | M | MD5 = AD9E4059789D2389B746C58421194722] ()
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_18] -> [2009/12/17 18:14:04 | 000,108,320 | ---- | M | MD5 = AD9E4059789D2389B746C58421194722] ()
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll [Java Plug-in 1.6.0_18] -> [2009/12/17 18:14:04 | 000,108,320 | ---- | M | MD5 = AD9E4059789D2389B746C58421194722] ()
{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} [HKLM] -> C:\Windows\SysWOW64\deploytk.dll [Deployment Toolkit] -> [2009/12/17 18:14:00 | 000,411,368 | ---- | M | MD5 = E0BBCEC12A1DE6E25C612AD205B719B4] (Sun Microsystems, Inc.)
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CB927D12-4FF7-4A9E-A169-56E4B8A75598} [HKLM] -> C:\Program Files (x86)\QuickTime\QTPlugin.ocx [Behavior Object] -> [2010/03/17 23:28:24 | 000,800,048 | ---- | M | MD5 = AD99EC8908185A02307CF071EF7BD9CF] (Apple Inc.)
{CDEC13B2-0B3C-400E-B909-E27EE89C6799} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\STSUPLD.DLL [STSUpld CopyCtl Class] -> [2006/10/26 23:59:30 | 000,227,128 | ---- | M | MD5 = 40A2F9DBE7434EB9B866D4B67FCA6C5B] (Microsoft Corporation)
{CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D2517915-48CE-4286-970F-921E881B8C5C} [HKLM] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Control] -> [2009/01/22 15:41:30 | 000,408,448 | ---- | M | MD5 = B7899C3E21B299D7A3C0DA96CAE340BD] (Microsoft Corporation)
{D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] -> C:\Windows\SysWOW64\Macromed\Flash\Flash10a.ocx [Shockwave Flash Object] -> [2008/09/10 22:10:10 | 003,787,168 | R--- | M | MD5 = C0A6D238F9E2F89571F7D026DDD305DB] (Adobe Systems, Inc.)
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [HKLM] -> C:\Program Files (x86)\iTunes\ITDetector.ocx [iTunesDetector Class] -> [2010/03/26 01:09:52 | 000,111,912 | ---- | M | MD5 = 396E2789307D32DDE30D932891AE5A63] (Apple Inc.)
{DFEAF541-F3E1-4c24-ACAC-99C30715084A} [HKLM] -> c:\Program Files (x86)\Microsoft Silverlight\3.0.50106.0\npctrl.dll [Microsoft Silverlight] -> [2010/01/06 01:33:56 | 000,876,872 | ---- | M | MD5 = 98C15480C8AD4FEF5CF62769FAE65C92] ( Microsoft Corporation)
{E01D1C6A-4F40-11D3-8958-00105A272DCF} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveTextTools.dll [Groove Text View] -> [2009/02/14 06:03:54 | 001,161,568 | ---- | M | MD5 = 53BABBB23E0A507C79D2FB488EABBBD9] (Microsoft Corporation)
{E13AAC70-70AE-4988-808C-B267F2C20E79} [HKLM] -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [Reg Error: Value error.] -> [2009/07/26 16:44:34 | 003,883,856 | ---- | M | MD5 = D39DA5B7139B4B5147B3C6A94978B5AA] (Microsoft Corporation)
{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [HKLM] -> C:\Program Files (x86)\Windows Live\Messenger\msgsc.14.0.8089.0726.dll [Reg Error: Value error.] -> [2009/07/26 16:44:56 | 000,221,520 | ---- | M | MD5 = 7EE6C2556E674AB1A6EBF89C1800302F] (Microsoft Corporation)
{E543A17A-F212-49C0-B63D-BF09B460250E} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\oisctrl.dll [OISClientLauncher Class] -> [2009/03/06 04:23:50 | 000,022,432 | ---- | M | MD5 = EA9E5B8D043D01851977B6D4C4C8F2A8] (Microsoft Corporation)
{E7339A62-0E31-4A5E-BA3D-F2FEDFBF8BE5} [HKLM] -> C:\Program Files (x86)\Common Files\microsoft shared\Portal\PortalConnectCore.dll [PersonalSite Class] -> [2008/10/26 05:42:16 | 000,482,656 | ---- | M | MD5 = 2569192656E36C43D807DC37D5335919] ()
{EE09B103-97E0-11CF-978F-00A02463E06F} [HKLM] -> C:\Windows\SysWOW64\scrrun.dll [scripting.Dictionary] -> [2009/04/11 02:28:24 | 000,172,032 | ---- | M | MD5 = 3DB1530CDD7AEF2BCFA6FB77D097CDDA] (Microsoft Corporation)
{F06608C7-1874-4EEA-B3B2-DF99EBB144B8} [HKLM] -> C:\Program Files (x86)\Windows Live\Messenger\msgsc.14.0.8089.0726.dll [Reg Error: Value error.] -> [2009/07/26 16:44:56 | 000,221,520 | ---- | M | MD5 = 7EE6C2556E674AB1A6EBF89C1800302F] (Microsoft Corporation)
{FA5369ED-D19A-434C-8F59-EE90D690D36C} [HKLM] -> C:\Windows\Downloaded Program Files\CONFLICT.1\RACtrl.dll [Chat Activex Control] -> [2009/09/24 11:06:36 | 004,023,624 | ---- | M | MD5 = F386CDC88689C67B30BD313EA5A4DE1D] ()
{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} [HKLM] -> C:\Windows\Downloaded Program Files\CONFLICT.1\RACtrl.dll [Performance Viewer Activex Control] -> [2009/09/24 11:06:36 | 004,023,624 | ---- | M | MD5 = F386CDC88689C67B30BD313EA5A4DE1D] ()
3E4D4F1C-2AEE-11D1-9D3D-00C04FC30DF6 [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
435899C9-44AB-11D1-AF00-080036234103 [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
4F664F91-FF01-11D0-8AED-00C04FD7B597 [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
65303443-AD66-11D1-9D65-00C04FC30DF6 [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
92337A8C-E11D-11D0-BE48-00C04FC30DF6 [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
C3701884-B39B-11D1-9D68-00C04FC30DF6 [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Ext (Settings) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\ ->
{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414} [HKLM] -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [Microsoft Live Search Toolbar] -> [2008/08/29 00:09:08 | 000,086,032 | ---- | M | MD5 = C12121B120411F2C9A457AF8339AB6C6] (Microsoft Corp.)
{22BF413B-C6D2-4D91-82A9-A0F997BA588C} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> [2009/06/02 11:56:14 | 001,082,880 | ---- | M | MD5 = CE16731D20BC8AFD532AC7A526D809A9] (Skype Technologies S.A.)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{556EEC63-31E2-47C3-BF29-DFF799D2FE04} [HKLM] -> C:\Windows\Downloaded Program Files\CONFLICT.1\RACtrl.dll [Remote Access ActiveX Client] -> [2009/09/24 11:06:36 | 004,023,624 | ---- | M | MD5 = F386CDC88689C67B30BD313EA5A4DE1D] ()
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M | MD5 = A6B5A41C0ED007AB6C43CAD899E533D8] (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 15:41:30 | 000,408,448 | ---- | M | MD5 = B7899C3E21B299D7A3C0DA96CAE340BD] (Microsoft Corporation)
{A3BC75A2-1F87-4686-AA43-5347D756017C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\Windows\SysWOW64\Macromed\Flash\Flash10a.ocx [Shockwave Flash Object] -> [2008/09/10 22:10:10 | 003,787,168 | R--- | M | MD5 = C0A6D238F9E2F89571F7D026DDD305DB] (Adobe Systems, Inc.)
{D2CE3E00-F94A-4740-988E-03DC2F38C34F} [HKLM] -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [Microsoft Live Search Toolbar Helper] -> [2008/08/29 00:09:08 | 000,086,032 | ---- | M | MD5 = C12121B120411F2C9A457AF8339AB6C6] (Microsoft Corp.)
{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} [HKLM] -> C:\Windows\Downloaded Program Files\CONFLICT.1\RACtrl.dll [Performance Viewer Activex Control] -> [2009/09/24 11:06:36 | 004,023,624 | ---- | M | MD5 = F386CDC88689C67B30BD313EA5A4DE1D] ()
< Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found
{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414} [HKLM] -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [Microsoft Live Search Toolbar] -> [2008/08/29 00:09:08 | 000,086,032 | ---- | M | MD5 = C12121B120411F2C9A457AF8339AB6C6] (Microsoft Corp.)
{22BF413B-C6D2-4D91-82A9-A0F997BA588C} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> [2009/06/02 11:56:14 | 001,082,880 | ---- | M | MD5 = CE16731D20BC8AFD532AC7A526D809A9] (Skype Technologies S.A.)
{2670000A-7350-4F3C-8081-5663EE0C6C49} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{39125640-8D80-11DC-A2FE-C5C455D89593} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> C:\Program Files (x86)\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2010/03/17 23:28:24 | 000,800,048 | ---- | M | MD5 = AD99EC8908185A02307CF071EF7BD9CF] (Apple Inc.)
{53DBCD97-3FDF-4B60-975B-2596B57482EF} [HKLM] -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\BBWebSLLauncher.dll [WebSLLauncher Class] -> [2010/03/10 18:57:32 | 000,124,248 | ---- | M | MD5 = C514D0F7D692B11CB1E8D5DB50EC29F2] (Research In Motion Limited)
{556EEC63-31E2-47C3-BF29-DFF799D2FE04} [HKLM] -> C:\Windows\Downloaded Program Files\CONFLICT.1\RACtrl.dll [Remote Access ActiveX Client] -> [2009/09/24 11:06:36 | 004,023,624 | ---- | M | MD5 = F386CDC88689C67B30BD313EA5A4DE1D] ()
{5C255C8A-E604-49B4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{6BF52A52-394A-11D3-B153-00C04F79FAA6} [HKLM] -> C:\Windows\SysWOW64\wmp.dll [Windows Media Player] -> [2009/09/10 12:49:49 | 010,626,560 | ---- | M | MD5 = 2DF7EC6673A1CB823A73C6AFFD54CF66] (Microsoft Corporation)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M | MD5 = A6B5A41C0ED007AB6C43CAD899E533D8] (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2009/06/02 11:56:14 | 001,082,880 | ---- | M | MD5 = CE16731D20BC8AFD532AC7A526D809A9] (Skype Technologies S.A.)
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 15:41:30 | 000,408,448 | ---- | M | MD5 = B7899C3E21B299D7A3C0DA96CAE340BD] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{A3BC75A2-1F87-4686-AA43-5347D756017C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll [Adobe PDF Reader] -> [2010/04/03 19:22:06 | 000,660,912 | ---- | M | MD5 = 5EB22D662FA979B2F83BF0E71DC58C78] (Adobe Systems, Inc.)
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\Windows\SysWOW64\Macromed\Flash\Flash10a.ocx [Shockwave Flash Object] -> [2008/09/10 22:10:10 | 003,787,168 | R--- | M | MD5 = C0A6D238F9E2F89571F7D026DDD305DB] (Adobe Systems, Inc.)
{D2CE3E00-F94A-4740-988E-03DC2F38C34F} [HKLM] -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [Microsoft Live Search Toolbar Helper] -> [2008/08/29 00:09:08 | 000,086,032 | ---- | M | MD5 = C12121B120411F2C9A457AF8339AB6C6] (Microsoft Corp.)
{DFEAF541-F3E1-4C24-ACAC-99C30715084A} [HKLM] -> c:\Program Files (x86)\Microsoft Silverlight\3.0.50106.0\npctrl.dll [Microsoft Silverlight] -> [2010/01/06 01:33:56 | 000,876,872 | ---- | M | MD5 = 98C15480C8AD4FEF5CF62769FAE65C92] ( Microsoft Corporation)
{e3e02f12-2adb-478c-8742-5f0819f9f0f4} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{e473a65c-8087-49a3-affd-c5bc4a10669b} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{fc345d4c-b8f4-4674-bff7-3c37d2e535ee} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} [HKLM] -> C:\Windows\Downloaded Program Files\CONFLICT.1\RACtrl.dll [Performance Viewer Activex Control] -> [2009/09/24 11:06:36 | 004,023,624 | ---- | M | MD5 = F386CDC88689C67B30BD313EA5A4DE1D] ()
{fd6484ed-ebe3-4c3d-938a-8238003b41b7} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{FF4E22ED-17D0-4D43-AD6F-E53D11FA3C61} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ ->
.bat [@ = batfile] -> "%1" %* ->
.cmd [@ = cmdfile] -> "%1" %* ->
.com [@ = comfile] -> "%1" %* ->
.cpl [@ = cplfile] -> C:\Windows\SysWow64\control.exe -> [2006/11/02 05:44:59 | 000,211,968 | ---- | M | MD5 = 027E5E14C9CFF810377701BDEAD8210F] (Microsoft Corporation)
.exe [@ = exefile] -> "%1" %* ->
.pif [@ = piffile] -> "%1" %* ->
.scr [@ = scrfile] -> "%1" /S ->
< File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\SOFTWARE\Classes\\ ->
.html [@ = FirefoxHTML] -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> [2010/04/21 00:31:58 | 000,910,296 | ---- | M | MD5 = 49958506B773E40D31832E3EEDA522E7] (Mozilla Corporation)
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
Ias -> C:\Windows\SysWOW64\ias -> [2008/01/20 23:08:35 | 000,000,000 | ---D | M]
Wmi -> C:\Windows\SysWOW64\wmi.dll -> [2006/11/02 05:44:15 | 000,005,120 | ---- | M | MD5 = BFE74095684093F14D24801C8C0D16E3] (Microsoft Corporation)
*MultiFile Done* -> ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll[Local Groove Web Services Protocol] -> [2009/02/12 15:19:38 | 000,178,040 | ---- | M | MD5 = 68747446F9D982938DB6B110F2908271] (Microsoft Corporation)
livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll[Reg Error: Value error.] -> [2009/07/26 16:44:54 | 000,061,264 | ---- | M | MD5 = 61B0C981F7C10B8861809ADC1B31E8E5] (Microsoft Corporation)
msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll[Reg Error: Value error.] -> [2009/07/26 16:44:54 | 000,061,264 | ---- | M | MD5 = 61B0C981F7C10B8861809ADC1B31E8E5] (Microsoft Corporation)
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKLM] -> C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll[IEProtocolHandler Class] -> [2009/06/02 11:56:14 | 001,942,824 | R--- | M | MD5 = BE8FC3EF67D58F8D711EA94F8C17D8F7] (Skype Technologies)
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{6BDD1FC1-810F-11D0-BEC7-08002BE2092F} -> IEEE 1394 Bus host controllers
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
{D48179BE-EC20-11D1-B6B8-00C04FA372A7} -> SBP2 IEEE 1394 Devices
{D94EE5D8-D189-4994-83D2-F68D7D41B0E6} -> SecurityDevices
AppInfo -> 64bit -> File not found
AppMgmt -> Service
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
DcomLaunch -> 64bit -> File not found
EventLog -> 64bit -> File not found
File system -> Driver Group
Filter -> Driver Group
HelpSvc -> Service
NTDS -> 64bit -> File not found
PCI Configuration -> Driver Group
PEVSystemStart -> Service
PlugPlay -> 64bit -> File not found
PNP Filter -> Driver Group
Primary disk -> Driver Group
procexp90.Sys -> Driver
ProfSvc -> 64bit -> File not found
RpcSs -> 64bit -> File not found
sacsvr -> Service
SCSI Class -> Driver Group
sermouse.sys -> 64bit -> File not found
SWPRV -> 64bit -> File not found
System Bus Extender -> Driver Group
TabletInputService -> 64bit -> File not found
TBS -> 64bit -> File not found
VDS -> C:\Windows\SysWOW64\wbem\vds.mof -> [2006/11/02 02:35:15 | 000,060,994 | ---- | M | MD5 = 21A96F0C1B123F2463C6D624F125EAC9] ()
vga.sys -> 64bit -> File not found
vgasave.sys -> 64bit -> File not found
volmgr.sys -> 64bit -> File not found
volmgrx.sys -> 64bit -> File not found
Wdf01000.sys -> 64bit -> File not found
WinDefend -> 64bit -> File not found
WinMgmt -> 64bit -> File not found
< SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318} -> Net
{4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService
{4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{50DD5230-BA8A-11D1-BF5D-0000F805F530} -> Smart card readers
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{6BDD1FC1-810F-11D0-BEC7-08002BE2092F} -> IEEE 1394 Bus host controllers
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
{D48179BE-EC20-11D1-B6B8-00C04FA372A7} -> SBP2 IEEE 1394 Devices
{D94EE5D8-D189-4994-83D2-F68D7D41B0E6} -> SecurityDevices
AFD -> 64bit -> File not found
AppInfo -> 64bit -> File not found
AppMgmt -> Service
Base -> Driver Group
BFE -> 64bit -> File not found
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
bowser -> 64bit -> File not found
Browser -> 64bit -> File not found
DcomLaunch -> 64bit -> File not found
dfsc -> 64bit -> File not found
DnsCache -> 64bit -> File not found
Dot3Svc -> 64bit -> File not found
Eaphost -> 64bit -> File not found
EventLog -> 64bit -> File not found
File system -> Driver Group
Filter -> Driver Group
HelpSvc -> Service
IKEEXT -> 64bit -> File not found
ipnat.sys -> 64bit -> File not found
LanmanServer -> 64bit -> File not found
LanmanWorkstation -> 64bit -> File not found
LmHosts -> 64bit -> File not found
Messenger -> Service
MPSDrv -> C:\Windows\SysWOW64\wbem\mpsdrv.mof -> [2006/09/18 17:35:23 | 000,001,088 | ---- | M | MD5 = 74D68CB40BCD45AAE89A8BECC87D3868] ()
MPSSvc -> 64bit -> File not found
mrxsmb -> 64bit -> File not found
mrxsmb10 -> 64bit -> File not found
mrxsmb20 -> 64bit -> File not found
NativeWifiP -> 64bit -> File not found
NDIS -> 64bit -> File not found
NDIS Wrapper -> Driver Group
Ndisuio -> 64bit -> File not found
NetBIOS -> 64bit -> File not found
NetBIOSGroup -> Driver Group
NetBT -> 64bit -> File not found
NetDDEGroup -> Driver Group
NetMan -> 64bit -> File not found
Network -> Driver Group
NetworkProvider -> Driver Group
NlaSvc -> 64bit -> File not found
Nsi -> 64bit -> File not found
nsiproxy.sys -> 64bit -> File not found
NTDS -> 64bit -> File not found
PCI Configuration -> Driver Group
PEVSystemStart -> Service
PlugPlay -> 64bit -> File not found
PNP Filter -> Driver Group
PNP_TDI -> Driver Group
PolicyAgent -> 64bit -> File not found
Primary disk -> Driver Group
procexp90.Sys -> Driver
ProfSvc -> 64bit -> File not found
rdbss -> 64bit -> File not found
rdpencdd.sys -> 64bit -> File not found
rdsessmgr -> Service
RpcSs -> 64bit -> File not found
sacsvr -> Service
SCSI Class -> Driver Group
sermouse.sys -> 64bit -> File not found
SharedAccess -> 64bit -> File not found
Streams Drivers -> Driver Group
SWPRV -> 64bit -> File not found
System Bus Extender -> Driver Group
TabletInputService -> 64bit -> File not found
TBS -> 64bit -> File not found
Tcpip -> C:\Windows\SysWOW64\wbem\tcpip.mof -> [2006/09/18 17:36:40 | 000,003,066 | ---- | M | MD5 = EEC4A068DE477651214F6C8014ECBEC0] ()
TDI -> Driver Group
VDS -> C:\Windows\SysWOW64\wbem\vds.mof -> [2006/11/02 02:35:15 | 000,060,994 | ---- | M | MD5 = 21A96F0C1B123F2463C6D624F125EAC9] ()
vga.sys -> 64bit -> File not found
vgasave.sys -> 64bit -> File not found
volmgr.sys -> 64bit -> File not found
volmgrx.sys -> 64bit -> File not found
Wdf01000.sys -> 64bit -> File not found
WinDefend -> 64bit -> File not found
WinMgmt -> 64bit -> File not found
Wlansvc -> 64bit -> File not found
WudfPf -> Driver
WudfRd -> 64bit -> File not found
WudfSvc -> 64bit -> File not found
WudfUsbccidDriver -> Driver
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
\Svc\\"oobe_av" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\\"EnableFirewall" -> [1] -> File not found
\\"DisableNotifications" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\ -> ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000005 [Bluetooth Namespace] -> C:\Windows\SysWOW64\wshbth.dll -> [2009/04/11 02:28:26 | 000,034,304 | ---- | M | MD5 = EFA80360111D8D179E39E314A49C9ED4] (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000008 [mdnsNSP] -> C:\Program Files (x86)\Bonjour\mdnsNSP.dll -> [2010/02/12 11:46:12 | 000,152,864 | ---- | M | MD5 = 109D9238C7DA72F9733D3DB85A31F5C4] (Apple Inc.)
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
ldap -> 4 = Restricted sites (Not a Default Protocol) ->
news -> 4 = Restricted sites (Not a Default Protocol) ->
nntp -> 4 = Restricted sites (Not a Default Protocol) ->
oecmd -> 4 = Restricted sites (Not a Default Protocol) ->
snews -> 4 = Restricted sites (Not a Default Protocol) ->
< Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
@ivt -> @ivt protocol not assigned ->
file -> file protocol not assigned ->
ftp -> ftp protocol not assigned ->
http -> http protocol not assigned ->
https -> https protocol not assigned ->
shell -> shell protocol not assigned ->
< Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
@ivt -> @ivt protocol not assigned ->
file -> file protocol not assigned ->
ftp -> ftp protocol not assigned ->
http -> http protocol not assigned ->
https -> https protocol not assigned ->
shell -> shell protocol not assigned ->
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{00203668-8170-44A0-BE44-B632FA4D780F} -> Adobe AIR
{004B0DCB-4C60-465B-8F01-44B0A4111187} -> SlingPlayer
{0054A0F6-00C9-4498-B821-B5C9578F433E} -> HP Help and Support
{01FB4998-33C4-4431-85ED-079E3EEFE75D} -> HP MediaSmart Webcam
{082702D5-5DD8-4600-BCE5-48B15174687F} -> HP Doc Viewer
{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB} -> LightScribe System Software 1.14.17.1
{154A4184-1A3D-4BF9-A5AE-4FA1660445F3} -> HP Total Care Advisor
{15BC8CD0-A65B-47D0-A2DD-90A824590FA8} -> Microsoft Works
{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} -> CyberLink DVD Suite
{205A5182-EFC8-4C25-B61D-C164F8FF4048} -> BlackBerry Desktop Software 5.0.1
{205C6BDD-7B73-42DE-8505-9A093F35A238} -> Windows Live Upload Tool
{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} -> MSVCRT
{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D} -> Skype

4.0
{254C37AA-6B72-4300-84F6-98A82419187E} -> ActiveCheck component for HP Active Support Library
{26604C7E-A313-4D12-867F-7C6E7820BE4C} -> JMicron JMB38X Flash Media Controller
{26A24AE4-039D-4CA4-87B4-2F83216015FF} -> Java(TM) 6 Update 18
{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD} -> QuickTime
{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D} -> Visual C++ 8.0 Runtime Setup Package (x64)
{3248F0A8-6813-11D6-A77B-00B0D0160070} -> Java(TM) 6 Update 7
{32A640BD-4244-4FAF-8796-EA401652E26A} -> BlackBerry Device Software v4.6.0 for the BlackBerry 9000 smartphone
{34D2AB40-150D-475D-AE32-BD23FB5EE355} -> HP Quick Launch Buttons 6.40 L1
{352310C3-E46B-42D3-8F32-54721FDD72D9} -> NetZero Preloader
{3877C901-7B90-4727-A639-B6ED2DD59D43} -> ESU for Microsoft Vista
{3B4E636E-9D65-4D67-BA61-189800823F52} -> Windows Live Communications Platform
{40BF1E83-20EB-11D8-97C5-0009C5020658} -> Power2Go
{45338B07-A236-4270-9A77-EBB4115517B5} -> Windows Live Sign-in Assistant
{45A136EC-88BF-4B95-99F5-C45D3930E1CC} -> HP MULTIPLE MODEM INSTALLER for VISTA
{47F36D92-E58E-456D-B73C-3382737E4C42} -> HP Update
{4916DFBD-403B-4707-AA64-294DC082B99F} -> HP Total Care Setup
{4A03706F-666A-4037-7777-5F2748764D10} -> Java Auto Updater
{553255F3-78FD-40F1-A6F8-6882140265FE} -> Apple Application Support
{57A5AEC1-97FC-474D-92C4-908FCC2253D4} -> HP Customer Experience Enhancements
{5EE7D259-D137-4438-9A5F-42F432EC0421} -> VC80CRTRedist - 8.0.50727.4053
{62880A3B-2F9C-4C58-8FFA-1DA280262B5E} -> BlackBerry Device Software Updater
{6423EF83-6E1D-4D22-A36F-689CD19FD4D2} -> Juno Preloader
{65DA2EC9-0642-47E9-AAE2-B5267AA14D75} -> Activation Assistant for the 2007 Microsoft Office suites
{669D4A35-146B-4314-89F1-1AC3D7B88367} -> HPAsset component for HP Active Support Library
{67626E09-5366-4480-8F1E-93FADF50CA15} -> HP MediaSmart TV
{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314} -> BlackBerry

Media Sync
{6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update
{6A370610-3778-44AF-9AAC-69B2FD1A3356} -> Microsoft Live Search Toolbar
{732A3F80-008B-4350-BD58-EC5AE98707B8} -> HP Common Access Service Library
{770657D0-A123-3C07-8E44-1C83EC895118} -> Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
{77DCDCE3-2DED-62F3-8154-05E745472D07} -> Acrobat.com
{7B798B31-2F33-4DC8-BDA4-D36488E86636} -> Slingbox - Watch Your TV Anywhere
{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71} -> Windows Live Essentials
{837b34e3-7c30-493c-8f6a-2b0f04e2912c} -> Microsoft Visual C++ 2005 Redistributable
{8833FFB6-5B0C-4764-81AA-06DFEED9A476} -> Realtek 8169 8168 8101E 8102E Ethernet Driver
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
{90120000-0015-0409-0000-0000000FF1CE} -> Microsoft Office Access MUI (English) 2007
{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0016-0409-0000-0000000FF1CE} -> Microsoft Office Excel MUI (English) 2007
{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0018-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (English) 2007
{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0019-0409-0000-0000000FF1CE} -> Microsoft Office Publisher MUI (English) 2007
{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001A-0409-0000-0000000FF1CE} -> Microsoft Office Outlook MUI (English) 2007
{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001B-0409-0000-0000000FF1CE} -> Microsoft Office Word MUI (English) 2007
{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2007
{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-001F-040C-0000-0000000FF1CE} -> Microsoft Office Proof (French) 2007
{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-001F-0C0A-0000-0000000FF1CE} -> Microsoft Office Proof (Spanish) 2007
{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-0020-0409-0000-0000000FF1CE} -> Compatibility Pack for the 2007 Office system
{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-002C-0409-0000-0000000FF1CE} -> Microsoft Office Proofing (English) 2007
{90120000-0030-0000-0000-0000000FF1CE} -> Microsoft Office Enterprise 2007
{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF} -> Security Update for Microsoft Office system 2007 (972581)
{90120000-0044-0409-0000-0000000FF1CE} -> Microsoft Office InfoPath MUI (English) 2007
{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-006E-0409-0000-0000000FF1CE} -> Microsoft Office Shared MUI (English) 2007
{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-00A1-0409-0000-0000000FF1CE} -> Microsoft Office OneNote MUI (English) 2007
{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-00BA-0409-0000-0000000FF1CE} -> Microsoft Office Groove MUI (English) 2007
{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0114-0409-0000-0000000FF1CE} -> Microsoft Office Groove Setup Metadata MUI (English) 2007
{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0115-0409-0000-0000000FF1CE} -> Microsoft Office Shared Setup Metadata MUI (English) 2007
{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0117-0409-0000-0000000FF1CE} -> Microsoft Office Access Setup Metadata MUI (English) 2007
{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{91120000-002F-0000-0000-0000000FF1CE} -> Microsoft Office Home and Student 2007
{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} -> Microsoft Office 2007 Service Pack 2 (SP2)
{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF} -> Security Update for Microsoft Office system 2007 (972581)
{95120000-00AF-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint Viewer 2007 (English)
{A49F249F-0C91-497F-86DF-B2585E8E76B7} -> Microsoft Visual C++ 2005 Redistributable

Re: Trojan Problem23rd April 2010, 2:22 am

{A85FD55B-891B-4314-97A5-EA96C0BD80B5} -> Windows Live Messenger
{AC76BA86-7AD7-1033-7B44-A93000000001} -> Adobe Reader 9.3.2
{AC76BA86-7AD7-2448-0000-900000000003} -> Chinese Traditional Fonts Support For Adobe Reader 9
{B2EE25B9-5B00-4ACF-94F0-92433C28C39E} -> HP MediaSmart Music/Photo/Video
{B7050CBDB2504B34BC2A9CA0A692CC29} -> DivX Plus Web Player
{B98BE95C-E76F-4246-B8E6-BEB8EE791D06} -> Roxio Media Manager
{BBF6D0CD-A081-369F-B0B8-F168594CBB6B} -> Google Talk Plugin
{C4124E95-5061-4776-8D5D-E3D931C778E1} -> Microsoft VC9 runtime libraries
{C4CF43CE-94AE-498E-9EB1-C804E05CB3CA} -> HP User Guides 0125
{C59C179C-668D-49A9-B6EA-0121CCFC1243} -> LabelPrint
{CB099890-1D5F-11D5-9EA9-0050BAE317E1} -> PowerDirector
{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF} -> HP Active Support Library
{DCCAD079-F92C-44DA-B258-624FC6517A5A} -> HP MediaSmart DVD
{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001} -> IDT Audio
{E5E29403-3D25-40C6-892B-F9FEE2A95585} -> HP Wireless Assistant
{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6} -> muvee Reveal
{ECEE0279-785F-4CB3-9F28-E69813234BF8} -> SPORE Creature Creator Trial Edition
{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} -> Microsoft Choice Guard
{F6BD194C-4190-4D73-B1B1-C48C99921BFE} -> Windows Live Call
{FC053571-8507-44E4-8B6D-AACEAB8CA57C} -> Sansa Media Converter
Activation Assistant for the 2007 Microsoft Office suites -> Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR -> Adobe AIR
Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin
AIM_6 -> AIM 6
Any Video Converter Professional_is1 -> Any Video Converter Professional 3.0.3
Aura Video Converter_is1 -> Aura Video Converter 1.2.1
BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048} -> BlackBerry Desktop Software 5.0.1
com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> Acrobat.com
ENTERPRISE -> Microsoft Office Enterprise 2007
Free DVD Ripper 2.25_is1 -> Free DVD Ripper Version 2.25
Google Desktop -> Google Desktop
Handbrake -> Handbrake 0.9.4
HOMESTUDENTR -> Microsoft Office Home and Student 2007
HP.MediaSmartSlingPlayer_is1 -> HP MediaSmart SlingPlayer
InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187} -> SlingPlayer
InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D} -> HP MediaSmart Webcam
InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} -> CyberLink DVD Suite
InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658} -> Power2Go
InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15} -> HP MediaSmart TV
InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E} -> HP MediaSmart Music/Photo/Video
InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243} -> LabelPrint
InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1} -> PowerDirector
InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A} -> HP MediaSmart DVD
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
Mozilla Firefox (3.6.3) -> Mozilla Firefox (3.6.3)
NSS -> Norton Security Scan
Picasa 3 -> Picasa 3
Samsung ML-1740 Series -> Samsung ML-1740 Series
ViewpointMediaPlayer -> Viewpoint Media Player
VLC media player -> VLC media player 1.0.0
WildTangent hp Master Uninstall -> My HP Games
WinLiveSuite_Wave3 -> Windows Live Essentials
< Uninstall List [HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\] > -> HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk -> Google Talk (remove only)
BitTorrent -> BitTorrent
Google Chrome -> Google Chrome
Move Media Player -> Move Media Player
Sansa Updater -> Sansa Updater
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 4/22/2010 9:28:52 AM Computer Name = Stephanie-PC | Source = SideBySide | ID = 16842830 -> Description = Activation context generation failed for "C:\Users\Stephanie\Downloads\esetsmartinstaller_enu(7).exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Application [ Error ] 4/22/2010 11:04:41 AM Computer Name = Stephanie-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: Continuously busy for more than a second
Application [ Error ] 4/22/2010 11:04:41 AM Computer Name = Stephanie-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledEvent 5683460
Application [ Error ] 4/22/2010 11:04:41 AM Computer Name = Stephanie-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledSPRetry 5683460
Application [ Error ] 4/22/2010 11:04:47 AM Computer Name = Stephanie-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: Continuously busy for more than a second
Application [ Error ] 4/22/2010 11:04:48 AM Computer Name = Stephanie-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledEvent 5689310
Application [ Error ] 4/22/2010 11:04:48 AM Computer Name = Stephanie-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledSPRetry 5689310
Application [ Error ] 4/22/2010 11:04:49 AM Computer Name = Stephanie-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: Continuously busy for more than a second
Application [ Error ] 4/22/2010 11:04:50 AM Computer Name = Stephanie-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledEvent 5691728
Application [ Error ] 4/22/2010 11:04:50 AM Computer Name = Stephanie-PC | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledSPRetry 5691728
Media Center [ Error ] 10/11/2009 9:57:02 PM Computer Name = Stephanie-PC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
System [ Error ] 11/27/2009 2:53:28 AM Computer Name = Stephanie-PC | Source = PlugPlayManager | ID = 12 -> Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&02E4) disappeared from the system without first being prepared for removal.
System [ Error ] 11/27/2009 2:53:29 AM Computer Name = Stephanie-PC | Source = PlugPlayManager | ID = 12 -> Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&03E4) disappeared from the system without first being prepared for removal.
System [ Error ] 11/27/2009 2:53:29 AM Computer Name = Stephanie-PC | Source = PlugPlayManager | ID = 12 -> Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&04E4) disappeared from the system without first being prepared for removal.
System [ Error ] 11/30/2009 3:10:57 AM Computer Name = Stephanie-PC | Source = HTTP | ID = 15016 -> Description =
System [ Error ] 11/30/2009 3:12:18 AM Computer Name = Stephanie-PC | Source = Service Control Manager | ID = 7000 -> Description =
System [ Error ] 11/30/2009 3:12:18 AM Computer Name = Stephanie-PC | Source = Service Control Manager | ID = 7009 -> Description =
System [ Error ] 11/30/2009 3:15:27 AM Computer Name = Stephanie-PC | Source = PlugPlayManager | ID = 12 -> Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&00E4) disappeared from the system without first being prepared for removal.
System [ Error ] 11/30/2009 3:15:27 AM Computer Name = Stephanie-PC | Source = PlugPlayManager | ID = 12 -> Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&02E4) disappeared from the system without first being prepared for removal.
System [ Error ] 11/30/2009 3:15:27 AM Computer Name = Stephanie-PC | Source = PlugPlayManager | ID = 12 -> Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&03E4) disappeared from the system without first being prepared for removal.
System [ Error ] 11/30/2009 3:15:27 AM Computer Name = Stephanie-PC | Source = PlugPlayManager | ID = 12 -> Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&04E4) disappeared from the system without first being prepared for removal.

[Files/Folders - Created Within 90 Days]
SysProt -> C:\Users\Stephanie\Desktop\SysProt -> [2010/04/22 21:46:00 | 000,000,000 | ---D | C]
SREngLdr.EXE -> C:\Users\Stephanie\Desktop\SREngLdr.EXE -> [2010/04/22 21:23:49 | 001,830,424 | ---- | C | MD5 = EA58EC54663535B38BD5B7E976BABAC3] (Smallfrogs Studio)
Upload -> C:\Users\Stephanie\Desktop\Upload -> [2010/04/22 21:23:49 | 000,000,000 | ---D | C]
hijackthis -> C:\Users\Stephanie\Desktop\hijackthis -> [2010/04/22 01:37:39 | 000,000,000 | ---D | C]
WinRAR -> C:\Users\Stephanie\AppData\Roaming\WinRAR -> [2010/04/22 01:35:29 | 000,000,000 | ---D | C]
ESET -> C:\Program Files (x86)\ESET -> [2010/04/22 00:31:37 | 000,000,000 | ---D | C]
32788R22FWJFW -> C:\32788R22FWJFW -> [2010/04/21 01:07:40 | 000,000,000 | ---D | C]
Malwarebytes -> C:\Users\Stephanie\AppData\Roaming\Malwarebytes -> [2010/04/20 00:06:36 | 000,000,000 | ---D | C]
mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2010/04/20 00:06:17 | 000,038,224 | ---- | C | MD5 = 75B8EF2A089127E8A3B38F46CC366D79] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2010/04/20 00:06:15 | 000,000,000 | ---D | C]
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2010/04/20 00:06:15 | 000,000,000 | ---D | C]
lcykohynw -> C:\Users\Stephanie\AppData\Local\lcykohynw -> [2010/04/19 22:59:12 | 000,000,000 | ---D | C]
iTunes -> C:\Program Files (x86)\iTunes -> [2010/04/05 21:07:18 | 000,000,000 | ---D | C]
{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> [2010/04/05 21:07:18 | 000,000,000 | ---D | C]
QuickTime -> C:\Program Files (x86)\QuickTime -> [2010/04/05 21:00:39 | 000,000,000 | ---D | C]
Bonjour -> C:\Program Files (x86)\Bonjour -> [2010/04/05 20:56:46 | 000,000,000 | ---D | C]
NYAWC Volunteer Council -> C:\Users\Stephanie\Documents\NYAWC Volunteer Council -> [2010/04/03 19:42:01 | 000,000,000 | ---D | C]
nshhttp.dll -> C:\Windows\SysWow64\nshhttp.dll -> [2010/03/15 20:52:08 | 000,024,064 | ---- | C | MD5 = 478ABCCF01166AC6D6AD0FA188051418] (Microsoft Corporation)
httpapi.dll -> C:\Windows\SysWow64\httpapi.dll -> [2010/03/15 20:52:01 | 000,030,720 | ---- | C | MD5 = F86293D93760C70ADF4F19E66E3FA5E8] (Microsoft Corporation)
Config.Msi -> C:\Config.Msi -> [2010/03/15 20:50:45 | 000,000,000 | -HSD | C]
Taxes 2009 -> C:\Users\Stephanie\Documents\Taxes 2009 -> [2010/03/14 23:01:17 | 000,000,000 | ---D | C]
Aura Video Converter -> C:\Users\Stephanie\Documents\Aura Video Converter -> [2010/03/12 10:39:51 | 000,000,000 | ---D | C]
Aura4You -> C:\Users\Stephanie\AppData\Roaming\Aura4You -> [2010/03/12 10:39:26 | 000,000,000 | ---D | C]
Aura4You -> C:\Program Files (x86)\Aura4You -> [2010/03/12 10:39:24 | 000,000,000 | ---D | C]
Any Video Converter Professional -> C:\Users\Stephanie\Documents\Any Video Converter Professional -> [2010/03/12 04:29:57 | 000,000,000 | ---D | C]
AnvSoft -> C:\Users\Stephanie\AppData\Roaming\AnvSoft -> [2010/03/12 04:29:26 | 000,000,000 | ---D | C]
AnvSoft -> C:\Program Files (x86)\AnvSoft -> [2010/03/12 04:29:21 | 000,000,000 | ---D | C]
Sansa Media Converter -> C:\Users\Stephanie\Documents\Sansa Media Converter -> [2010/03/12 03:24:13 | 000,000,000 | ---D | C]
xactengine2_0.dll -> C:\Windows\SysWow64\xactengine2_0.dll -> [2010/03/12 03:23:27 | 000,230,096 | ---- | C | MD5 = 2112FE0C46662D429347A7D7B49E3ECE] (Microsoft Corporation)
x3daudio1_0.dll -> C:\Windows\SysWow64\x3daudio1_0.dll -> [2010/03/12 03:23:27 | 000,014,032 | ---- | C | MD5 = 4E961525CC7FF0E5D7DA19E170B7C14C] (Microsoft Corporation)
d3dx9_29.dll -> C:\Windows\SysWow64\d3dx9_29.dll -> [2010/03/12 03:23:15 | 002,332,368 | ---- | C | MD5 = 99F4FC172A5ACE36CF00AA7038D23F2C] (Microsoft Corporation)
d3dx9_28.dll -> C:\Windows\SysWow64\d3dx9_28.dll -> [2010/03/12 03:23:14 | 002,323,664 | ---- | C | MD5 = BE19B603DFBAA829EE5B7749B3BA97DB] (Microsoft Corporation)
d3dx9_26.dll -> C:\Windows\SysWow64\d3dx9_26.dll -> [2010/03/12 03:23:09 | 002,297,552 | ---- | C | MD5 = 523AB607EEF81CC4D909E7FEBD8A788E] (Microsoft Corporation)
d3dx9_25.dll -> C:\Windows\SysWow64\d3dx9_25.dll -> [2010/03/12 03:22:59 | 002,337,488 | ---- | C | MD5 = 5B48FE9D6686F0D54B26A005ACE24D1D] (Microsoft Corporation)
d3dx9_24.dll -> C:\Windows\SysWow64\d3dx9_24.dll -> [2010/03/12 03:22:50 | 002,222,800 | ---- | C | MD5 = BC831661963763AC4D504C5CABB1FDD9] (Microsoft Corporation)
iviaspi.sys -> C:\Windows\SysWow64\iviaspi.sys -> [2010/03/12 03:22:05 | 000,014,608 | ---- | C | MD5 = 3FF38C4092E47392E815F4D44266BDD7] (InterVideo, Inc.)
SanDisk -> C:\Program Files (x86)\SanDisk -> [2010/03/12 03:21:55 | 000,000,000 | ---D | C]
SanDisk -> C:\Users\Stephanie\AppData\Roaming\SanDisk -> [2010/03/12 03:13:42 | 000,000,000 | ---D | C]
jscript.dll -> C:\Windows\SysWow64\jscript.dll -> [2010/02/23 23:05:53 | 000,726,528 | ---- | C | MD5 = 46E35CDEA68DFCE274BE2B51EB9F0D36] (Microsoft Corporation)
secproc_isv.dll -> C:\Windows\SysWow64\secproc_isv.dll -> [2010/02/23 23:05:36 | 000,471,552 | ---- | C | MD5 = F4BFD5330DA0899771EB24A0DDEF87AF] (Microsoft Corporation)
secproc.dll -> C:\Windows\SysWow64\secproc.dll -> [2010/02/23 23:05:34 | 000,471,552 | ---- | C | MD5 = C7EF2D81B9AC543DA9205701C45F62BD] (Microsoft Corporation)
RMActivate_isv.exe -> C:\Windows\SysWow64\RMActivate_isv.exe -> [2010/02/23 23:05:23 | 000,526,336 | ---- | C | MD5 = 447D3599FA65A9A8BCF7F9048BDB7035] (Microsoft Corporation)
RMActivate.exe -> C:\Windows\SysWow64\RMActivate.exe -> [2010/02/23 23:05:22 | 000,518,144 | ---- | C | MD5 = 8FB90F7CFBCCF50DF2E3080A2BC6F23B] (Microsoft Corporation)
RMActivate_ssp.exe -> C:\Windows\SysWow64\RMActivate_ssp.exe -> [2010/02/23 23:05:22 | 000,347,136 | ---- | C | MD5 = D1194E75C78C451698D7DFFDAB22C5DA] (Microsoft Corporation)
RMActivate_ssp_isv.exe -> C:\Windows\SysWow64\RMActivate_ssp_isv.exe -> [2010/02/23 23:05:22 | 000,346,624 | ---- | C | MD5 = A64C3712DF40DF6BD489A98E280130E7] (Microsoft Corporation)
msdrm.dll -> C:\Windows\SysWow64\msdrm.dll -> [2010/02/23 23:05:21 | 000,332,288 | ---- | C | MD5 = 2D74D853886BDD0CDE60BE5FDF22AD9A] (Microsoft Corporation)
secproc_ssp_isv.dll -> C:\Windows\SysWow64\secproc_ssp_isv.dll -> [2010/02/23 23:05:21 | 000,152,576 | ---- | C | MD5 = 7857CFD06825D710E18793D5306C7724] (Microsoft Corporation)
secproc_ssp.dll -> C:\Windows\SysWow64\secproc_ssp.dll -> [2010/02/23 23:05:21 | 000,152,064 | ---- | C | MD5 = B385C4E499591941E362E324969BB6FB] (Microsoft Corporation)
gameux.dll -> C:\Windows\SysWow64\gameux.dll -> [2010/02/23 23:05:14 | 001,696,256 | ---- | C | MD5 = 9C92BDBD4B2930DE83053D851D90B409] (Microsoft Corporation)
Apphlpdm.dll -> C:\Windows\SysWow64\Apphlpdm.dll -> [2010/02/23 23:05:13 | 000,028,672 | ---- | C | MD5 = 00AD6E3868B390745F9E3C58A557BC31] (Microsoft Corporation)
GameUXLegacyGDFs.dll -> C:\Windows\SysWow64\GameUXLegacyGDFs.dll -> [2010/02/23 23:05:12 | 004,240,384 | ---- | C | MD5 = 7EE94754C9AF5B8A4A97E620C4C07541] (Microsoft)
InstallShield -> C:\Users\Stephanie\AppData\Roaming\InstallShield -> [2010/02/23 21:41:00 | 000,000,000 | ---D | C]
PX Storage Engine -> C:\Program Files (x86)\Common Files\PX Storage Engine -> [2010/02/23 21:36:40 | 000,000,000 | ---D | C]
Sonic Shared -> C:\Program Files (x86)\Common Files\Sonic Shared -> [2010/02/23 21:30:18 | 000,000,000 | ---D | C]
Roxio -> C:\Program Files (x86)\Roxio -> [2010/02/23 21:30:18 | 000,000,000 | ---D | C]
Research In Motion -> C:\ProgramData\Research In Motion -> [2010/02/23 21:09:56 | 000,000,000 | ---D | C]
$AVG -> C:\$AVG -> [2010/02/20 03:05:35 | 000,000,000 | -H-D | C]
avg9 -> C:\ProgramData\avg9 -> [2010/02/20 03:04:39 | 000,000,000 | ---D | C]
Norton Security Scan -> C:\Program Files (x86)\Norton Security Scan -> [2010/02/20 02:55:12 | 000,000,000 | ---D | C]
NortonInstaller -> C:\Program Files (x86)\NortonInstaller -> [2010/02/20 02:55:10 | 000,000,000 | ---D | C]
DivX Shared -> C:\Program Files (x86)\Common Files\DivX Shared -> [2010/02/15 12:55:48 | 000,000,000 | ---D | C]
DivX -> C:\Program Files (x86)\DivX -> [2010/02/15 12:55:35 | 000,000,000 | ---D | C]
quartz.dll -> C:\Windows\SysWow64\quartz.dll -> [2010/02/10 01:05:57 | 001,314,816 | ---- | C | MD5 = EDA91FB72ED5F9B16B8AF72C2E68583C] (Microsoft Corporation)
msvfw32.dll -> C:\Windows\SysWow64\msvfw32.dll -> [2010/02/10 01:05:56 | 000,123,904 | ---- | C | MD5 = EACACA0F2FF4CC54A909E3C5721FCDE8] (Microsoft Corporation)
avifil32.dll -> C:\Windows\SysWow64\avifil32.dll -> [2010/02/10 01:05:56 | 000,091,136 | ---- | C | MD5 = 9EFDF7F0153C066BE619450E3D5D59DD] (Microsoft Corporation)
mciavi32.dll -> C:\Windows\SysWow64\mciavi32.dll -> [2010/02/10 01:05:56 | 000,082,944 | ---- | C | MD5 = 49481223D2451181266FD6BA51ACACAC] (Microsoft Corporation)
Cooliris -> C:\Users\Stephanie\AppData\Local\Cooliris -> [2010/02/02 23:56:28 | 000,000,000 | ---D | C]
Sun -> C:\ProgramData\Sun -> [2010/01/27 20:56:38 | 000,000,000 | ---D | C]
My Google Gadgets -> C:\Users\Stephanie\Documents\My Google Gadgets -> [2010/01/23 18:24:16 | 000,000,000 | ---D | C]

[Files/Folders - Modified Within 90 Days]
ntuser.dat -> C:\Users\Stephanie\ntuser.dat -> [2010/04/22 22:13:04 | 003,145,728 | -HS- | M | Unable to obtain MD5] ()
User_Feed_Synchronization-{89441D96-6562-40FB-A12A-527F67025E10}.job -> C:\Windows\tasks\User_Feed_Synchronization-{89441D96-6562-40FB-A12A-527F67025E10}.job -> [2010/04/22 22:12:59 | 000,000,438 | -H-- | M | MD5 = 4B751A9EF1B8CEE7E710024B4C2CA0C8] ()
GoogleUpdateTaskUserS-1-5-21-1413613182-2839125087-4029887168-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1413613182-2839125087-4029887168-1000UA.job -> [2010/04/22 22:08:00 | 000,000,924 | ---- | M | MD5 = 13AAED837E4BFD6D2AC06A77F84843CB] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2010/04/22 21:21:00 | 000,067,584 | --S- | M | MD5 = 9C9C00EAF2491E7BB0C85879982B2C76] ()
GetSystemInfo_STEPHANIE-PC_Stephanie_2010_04_22_12_59_26.zip -> C:\Users\Stephanie\Desktop\GetSystemInfo_STEPHANIE-PC_Stephanie_2010_04_22_12_59_26.zip -> [2010/04/22 13:06:18 | 000,279,877 | ---- | M | MD5 = 4023A210D5AE204622DF12A9C2C7324B] ()
GoogleUpdateTaskUserS-1-5-21-1413613182-2839125087-4029887168-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1413613182-2839125087-4029887168-1000Core.job -> [2010/04/22 04:08:00 | 000,000,872 | ---- | M | MD5 = BDBB33E9CC54E376952ADE7BF9BF20BB] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/04/22 01:41:54 | 000,000,006 | -H-- | M | MD5 = F1A6CD5ADAAB953A6764EA364E17BFB8] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/04/22 01:41:48 | 4193,210,368 | -HS- | M | Unable to obtain MD5] ()
bthservsdp.dat -> C:\Windows\bthservsdp.dat -> [2010/04/22 01:41:07 | 000,000,012 | ---- | M | Unable to obtain MD5] ()
ntuser.dat{8e63ebe6-9241-11de-91c1-00235a9e0270}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Stephanie\ntuser.dat{8e63ebe6-9241-11de-91c1-00235a9e0270}.TMContainer00000000000000000001.regtrans-ms -> [2010/04/22 01:41:06 | 000,524,288 | -HS- | M | Unable to obtain MD5] ()
ntuser.dat{8e63ebe6-9241-11de-91c1-00235a9e0270}.TM.blf -> C:\Users\Stephanie\ntuser.dat{8e63ebe6-9241-11de-91c1-00235a9e0270}.TM.blf -> [2010/04/22 01:41:06 | 000,065,536 | -HS- | M | Unable to obtain MD5] ()
IconCache.db -> C:\Users\Stephanie\AppData\Local\IconCache.db -> [2010/04/22 01:41:02 | 003,287,713 | -H-- | M | MD5 = EDD3588AF0ECE6C201D9CDC78C5A0E41] ()
hijackthis.rar -> C:\Users\Stephanie\Desktop\hijackthis.rar -> [2010/04/22 01:32:25 | 089,958,810 | ---- | M | MD5 = A56DCAA39473BE3E7548B369A4187F19] ()
d3d9caps.dat -> C:\Users\Stephanie\AppData\Local\d3d9caps.dat -> [2010/04/22 00:21:45 | 000,000,680 | ---- | M | MD5 = 5C9E9DEFB8661AE0500BF7456CC5D797] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Stephanie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/04/21 02:24:59 | 000,243,200 | ---- | M | MD5 = F26329FCBA46D8DDF8816FD9871177B2] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/04/20 00:06:19 | 000,000,848 | ---- | M | MD5 = 14E021DF7641A3BF8216BBE58FF3C868] ()
Adobe Reader 9.lnk -> C:\Users\Public\Desktop\Adobe Reader 9.lnk -> [2010/04/19 23:27:56 | 000,001,917 | ---- | M | MD5 = 9854B1DE380BCDB1A848E5197C7CE219] ()
Norton Security Scan for Stephanie.job -> C:\Windows\tasks\Norton Security Scan for Stephanie.job -> [2010/04/19 04:50:21 | 000,000,506 | -H-- | M | MD5 = FED19157691F30D9A10231B79BA2793C] ()
HPCeeScheduleForStephanie.job -> C:\Windows\tasks\HPCeeScheduleForStephanie.job -> [2010/04/16 06:45:08 | 000,000,350 | ---- | M | MD5 = 02E4075D8D6DD182ABF170CD04262217] ()
iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2010/04/05 21:08:56 | 000,001,804 | ---- | M | MD5 = 5E8DBC4AF36B6774C5999823DE3F51F8] ()
QuickTime Player.lnk -> C:\Users\Public\Desktop\QuickTime Player.lnk -> [2010/04/05 21:01:15 | 000,001,756 | ---- | M | MD5 = E3485FDDEB9DD97BDEDFC77076D58E0E] ()
Google Chrome.lnk -> C:\Users\Stephanie\Desktop\Google Chrome.lnk -> [2010/04/02 02:08:33 | 000,002,062 | ---- | M | MD5 = 020BBE059F79A5734FD7AAFA75A54CB6] ()
mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2010/03/30 00:46:30 | 000,038,224 | ---- | M | MD5 = 75B8EF2A089127E8A3B38F46CC366D79] (Malwarebytes Corporation)
Desktop Manager.lnk -> C:\Users\Public\Desktop\Desktop Manager.lnk -> [2010/03/26 01:05:29 | 000,001,899 | ---- | M | MD5 = 3B6F9534FCC915FC91A0431E8D266C37] ()
i hate my life.xlsx -> C:\Users\Stephanie\Desktop\i hate my life.xlsx -> [2010/03/25 01:15:44 | 000,009,949 | ---- | M | MD5 = 14401A3354C18A3B06F6E0216730C35D] ()
Aura Video Converter.lnk -> C:\Users\Stephanie\Desktop\Aura Video Converter.lnk -> [2010/03/12 10:39:34 | 000,000,976 | ---- | M | MD5 = D2B9096C12857773DC72C42A4A5055D5] ()
Any Video Converter Professional.lnk -> C:\Users\Stephanie\Desktop\Any Video Converter Professional.lnk -> [2010/03/12 04:29:32 | 000,001,024 | ---- | M | MD5 = 1D5E8EDC17D735883FD829613AD06A36] ()
Sansa Media Converter.lnk -> C:\Users\Public\Desktop\ Sansa Media Converter.lnk -> [2010/03/12 03:22:27 | 000,002,084 | ---- | M | MD5 = B8C88BA6C9C8D1396EBF3E26560E52C2] ()
MVI_7876.AVI -> C:\Users\Stephanie\Desktop\MVI_7876.AVI -> [2010/02/28 17:29:29 | 164,960,746 | ---- | M | MD5 = 54DCCFC4932597C77772CF6E2275E94F] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Stephanie\AppData\Local\GDIPFONTCACHEV1.DAT -> [2010/02/26 02:02:21 | 000,122,976 | ---- | M | MD5 = 9A05C5B504E970892079B82813B989CA] ()
nshhttp.dll -> C:\Windows\SysWow64\nshhttp.dll -> [2010/02/20 19:06:41 | 000,024,064 | ---- | M | MD5 = 478ABCCF01166AC6D6AD0FA188051418] (Microsoft Corporation)
httpapi.dll -> C:\Windows\SysWow64\httpapi.dll -> [2010/02/20 19:05:14 | 000,030,720 | ---- | M | MD5 = F86293D93760C70ADF4F19E66E3FA5E8] (Microsoft Corporation)
Norton Security Scan.lnk -> C:\Users\Public\Desktop\Norton Security Scan.lnk -> [2010/02/20 02:55:17 | 000,001,179 | ---- | M | MD5 = B9C2B3B4B5F9A278232AAF3699DD1C08] ()
DivX Movies.lnk -> C:\Users\Stephanie\Desktop\DivX Movies.lnk -> [2010/02/15 12:55:36 | 000,001,422 | ---- | M | MD5 = 15B10441F6CCC11B0DA46B4EB8BF1C4C] ()
MVI_0207.zip -> C:\Users\Stephanie\Desktop\MVI_0207.zip -> [2010/01/30 02:28:38 | 080,505,574 | ---- | M | MD5 = 07CA751517416AE3E29D5001858F8FED] ()
secproc_isv.dll -> C:\Windows\SysWow64\secproc_isv.dll -> [2010/01/25 08:00:35 | 000,471,552 | ---- | M | MD5 = F4BFD5330DA0899771EB24A0DDEF87AF] (Microsoft Corporation)
secproc_ssp_isv.dll -> C:\Windows\SysWow64\secproc_ssp_isv.dll -> [2010/01/25 08:00:35 | 000,152,576 | ---- | M | MD5 = 7857CFD06825D710E18793D5306C7724] (Microsoft Corporation)
secproc_ssp.dll -> C:\Windows\SysWow64\secproc_ssp.dll -> [2010/01/25 08:00:35 | 000,152,064 | ---- | M | MD5 = B385C4E499591941E362E324969BB6FB] (Microsoft Corporation)
secproc.dll -> C:\Windows\SysWow64\secproc.dll -> [2010/01/25 08:00:22 | 000,471,552 | ---- | M | MD5 = C7EF2D81B9AC543DA9205701C45F62BD] (Microsoft Corporation)
msdrm.dll -> C:\Windows\SysWow64\msdrm.dll -> [2010/01/25 07:58:52 | 000,332,288 | ---- | M | MD5 = 2D74D853886BDD0CDE60BE5FDF22AD9A] (Microsoft Corporation)
RMActivate_isv.exe -> C:\Windows\SysWow64\RMActivate_isv.exe -> [2010/01/25 04:21:20 | 000,526,336 | ---- | M | MD5 = 447D3599FA65A9A8BCF7F9048BDB7035] (Microsoft Corporation)
RMActivate_ssp_isv.exe -> C:\Windows\SysWow64\RMActivate_ssp_isv.exe -> [2010/01/25 04:21:20 | 000,346,624 | ---- | M | MD5 = A64C3712DF40DF6BD489A98E280130E7] (Microsoft Corporation)
RMActivate.exe -> C:\Windows\SysWow64\RMActivate.exe -> [2010/01/25 04:21:18 | 000,518,144 | ---- | M | MD5 = 8FB90F7CFBCCF50DF2E3080A2BC6F23B] (Microsoft Corporation)
RMActivate_ssp.exe -> C:\Windows\SysWow64\RMActivate_ssp.exe -> [2010/01/25 04:21:18 | 000,347,136 | ---- | M | MD5 = D1194E75C78C451698D7DFFDAB22C5DA] (Microsoft Corporation)
Google Desktop.lnk -> C:\Users\Public\Desktop\Google Desktop.lnk -> [2010/01/23 18:23:09 | 000,001,125 | ---- | M | MD5 = 098FD1F39DD1BFB69F63B38A44472EC1] ()
11 C:\Users\Stephanie\AppData\Local\Temp\*.tmp files -> C:\Users\Stephanie\AppData\Local\Temp\*.tmp ->
11 C:\Users\Stephanie\AppData\Local\Temp\*.tmp files -> C:\Users\Stephanie\AppData\Local\Temp\*.tmp ->

[Files - No Company Name]
GetSystemInfo_STEPHANIE-PC_Stephanie_2010_04_22_12_59_26.zip -> C:\Users\Stephanie\Desktop\GetSystemInfo_STEPHANIE-PC_Stephanie_2010_04_22_12_59_26.zip -> [2010/04/22 13:03:27 | 000,279,877 | ---- | C | MD5 = 4023A210D5AE204622DF12A9C2C7324B] ()
IconCache.db -> C:\Users\Stephanie\AppData\Local\IconCache.db -> [2010/04/22 01:41:02 | 003,287,713 | -H-- | C | MD5 = EDD3588AF0ECE6C201D9CDC78C5A0E41] ()
hijackthis.rar -> C:\Users\Stephanie\Desktop\hijackthis.rar -> [2010/04/22 01:19:14 | 089,958,810 | ---- | C | MD5 = A56DCAA39473BE3E7548B369A4187F19] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/04/22 00:36:42 | 4193,210,368 | -HS- | C | Unable to obtain MD5] ()
d3d9caps.dat -> C:\Users\Stephanie\AppData\Local\d3d9caps.dat -> [2010/04/20 09:27:32 | 000,000,680 | ---- | C | MD5 = 5C9E9DEFB8661AE0500BF7456CC5D797] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/04/20 00:06:19 | 000,000,848 | ---- | C | MD5 = 14E021DF7641A3BF8216BBE58FF3C868] ()
iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2010/04/05 21:08:56 | 000,001,804 | ---- | C | MD5 = 5E8DBC4AF36B6774C5999823DE3F51F8] ()
QuickTime Player.lnk -> C:\Users\Public\Desktop\QuickTime Player.lnk -> [2010/04/05 21:01:15 | 000,001,756 | ---- | C | MD5 = E3485FDDEB9DD97BDEDFC77076D58E0E] ()
Desktop Manager.lnk -> C:\Users\Public\Desktop\Desktop Manager.lnk -> [2010/03/26 01:05:29 | 000,001,899 | ---- | C | MD5 = 3B6F9534FCC915FC91A0431E8D266C37] ()
i hate my life.xlsx -> C:\Users\Stephanie\Desktop\i hate my life.xlsx -> [2010/03/22 21:55:00 | 000,009,949 | ---- | C | MD5 = 14401A3354C18A3B06F6E0216730C35D] ()
Aura Video Converter.lnk -> C:\Users\Stephanie\Desktop\Aura Video Converter.lnk -> [2010/03/12 10:39:34 | 000,000,976 | ---- | C | MD5 = D2B9096C12857773DC72C42A4A5055D5] ()
Any Video Converter Professional.lnk -> C:\Users\Stephanie\Desktop\Any Video Converter Professional.lnk -> [2010/03/12 04:29:32 | 000,001,024 | ---- | C | MD5 = 1D5E8EDC17D735883FD829613AD06A36] ()
Sansa Media Converter.lnk -> C:\Users\Public\Desktop\ Sansa Media Converter.lnk -> [2010/03/12 03:22:27 | 000,002,084 | ---- | C | MD5 = B8C88BA6C9C8D1396EBF3E26560E52C2] ()
MVI_7876.AVI -> C:\Users\Stephanie\Desktop\MVI_7876.AVI -> [2010/02/28 17:25:58 | 164,960,746 | ---- | C | MD5 = 54DCCFC4932597C77772CF6E2275E94F] ()
Norton Security Scan for Stephanie.job -> C:\Windows\tasks\Norton Security Scan for Stephanie.job -> [2010/02/20 02:55:21 | 000,000,506 | -H-- | C | MD5 = FED19157691F30D9A10231B79BA2793C] ()
Norton Security Scan.lnk -> C:\Users\Public\Desktop\Norton Security Scan.lnk -> [2010/02/20 02:55:17 | 000,001,179 | ---- | C | MD5 = B9C2B3B4B5F9A278232AAF3699DD1C08] ()
DivX Movies.lnk -> C:\Users\Stephanie\Desktop\DivX Movies.lnk -> [2010/02/15 12:55:36 | 000,001,422 | ---- | C | MD5 = 15B10441F6CCC11B0DA46B4EB8BF1C4C] ()
Adobe Reader 9.lnk -> C:\Users\Public\Desktop\Adobe Reader 9.lnk -> [2010/01/31 22:37:20 | 000,001,917 | ---- | C | MD5 = 9854B1DE380BCDB1A848E5197C7CE219] ()
MVI_0207.zip -> C:\Users\Stephanie\Desktop\MVI_0207.zip -> [2010/01/30 02:28:29 | 080,505,574 | ---- | C | MD5 = 07CA751517416AE3E29D5001858F8FED] ()
Google Desktop.lnk -> C:\Users\Public\Desktop\Google Desktop.lnk -> [2010/01/23 18:23:09 | 000,001,125 | ---- | C | MD5 = 098FD1F39DD1BFB69F63B38A44472EC1] ()
EhStorAuthn.dll -> C:\Windows\SysWow64\EhStorAuthn.dll -> [2009/12/03 02:06:21 | 000,117,248 | ---- | C | MD5 = 358A03A7A47F0AD71E84306AC635A626] ()
msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/12/03 02:04:10 | 000,368,640 | ---- | C | MD5 = 52CB0185C73E1BA86CC7F726F22523C3] ()
ractrlkeyhook.dll -> C:\Windows\SysWow64\ractrlkeyhook.dll -> [2009/09/10 11:21:44 | 000,008,520 | ---- | C | MD5 = 7628119761CD4C1E2FDC54A8DAB1606D] ()
tcpmon.ini -> C:\Windows\SysWow64\tcpmon.ini -> [2008/01/20 22:50:05 | 000,060,124 | ---- | C | MD5 = 47F22CAD4A16BB40153555D631546B94] ()
GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/11/02 11:07:25 | 000,037,665 | ---- | C | MD5 = E3E173CDA7B3982D762143BE19047ED5] ()
GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2006/11/02 11:07:25 | 000,029,779 | ---- | C | MD5 = B77AB4697B17FBBB25E41A15CC31D94E] ()
GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/11/02 11:07:25 | 000,026,489 | ---- | C | MD5 = D6B2075824BA9FAA4B37D98B13447F32] ()
GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2006/11/02 11:07:25 | 000,026,040 | ---- | C | MD5 = B7F882C45E520600053327AA42FA3A4F] ()
xvidvfw.dll -> C:\Windows\SysWow64\xvidvfw.dll -> [2006/02/28 21:17:30 | 000,159,744 | ---- | C | MD5 = 1F4E1A1E9F8C7C0EE4CFA7743527ED96] ()
xvidcore.dll -> C:\Windows\SysWow64\xvidcore.dll -> [2005/12/30 20:10:30 | 000,761,856 | ---- | C | MD5 = 81CCA8C60DD2EDAF394B6E75FF8E325F] ()

[File - Lop Check]
acccore -> C:\Users\Stephanie\AppData\Roaming\acccore -> [2009/06/18 20:59:33 | 000,000,000 | ---D | M]
AnvSoft -> C:\Users\Stephanie\AppData\Roaming\AnvSoft -> [2010/03/12 04:29:26 | 000,000,000 | ---D | M]
Aura4You -> C:\Users\Stephanie\AppData\Roaming\Aura4You -> [2010/03/12 10:39:26 | 000,000,000 | ---D | M]
BitTorrent -> C:\Users\Stephanie\AppData\Roaming\BitTorrent -> [2009/08/26 13:07:28 | 000,000,000 | ---D | M]
HandBrake -> C:\Users\Stephanie\AppData\Roaming\HandBrake -> [2009/11/24 20:30:23 | 000,000,000 | ---D | M]
Research In Motion -> C:\Users\Stephanie\AppData\Roaming\Research In Motion -> [2009/07/14 00:13:51 | 000,000,000 | ---D | M]
SanDisk -> C:\Users\Stephanie\AppData\Roaming\SanDisk -> [2010/03/12 03:13:42 | 000,000,000 | ---D | M]
SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2010/04/22 01:41:08 | 000,032,558 | ---- | M | Unable to obtain MD5] ()
User_Feed_Synchronization-{89441D96-6562-40FB-A12A-527F67025E10}.job -> C:\Windows\Tasks\User_Feed_Synchronization-{89441D96-6562-40FB-A12A-527F67025E10}.job -> [2010/04/22 22:12:59 | 000,000,438 | -H-- | M | MD5 = 4B751A9EF1B8CEE7E710024B4C2CA0C8] ()

[File - Purity Scan]

[Custom Scans]
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
dxtmsft.dll : Unable to obtain MD5 -> C:\Windows\SysWOW64\dxtmsft.dll -> [2009/03/08 07:31:42 | 000,348,160 | ---- | M | Unable to obtain MD5] (Microsoft Corporation)
dxtrans.dll : Unable to obtain MD5 -> C:\Windows\SysWOW64\dxtrans.dll -> [2009/03/08 07:31:37 | 000,216,064 | ---- | M | Unable to obtain MD5] (Microsoft Corporation)
iepeers.dll : Unable to obtain MD5 -> C:\Windows\SysWOW64\iepeers.dll -> [2010/01/02 02:32:32 | 000,184,320 | ---- | M | Unable to obtain MD5] (Microsoft Corporation)
< %systemroot%\system32\*.exe /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\System32\*.sys >
iviaspi.sys -> C:\Windows\SysWOW64\iviaspi.sys -> [2008/10/14 13:01:30 | 000,014,608 | ---- | M | MD5 = 3FF38C4092E47392E815F4D44266BDD7] (InterVideo, Inc.)
< %systemroot%\System32\drivers\*.dll >
< %systemroot%\System32\drivers\*.ini >
< %systemroot%\System32\drivers\*.exe >
< %SYSTEMDRIVE%\*.* >
bootmgr -> C:\bootmgr -> [2009/04/11 02:36:36 | 000,333,257 | RHS- | M | MD5 = 14B9D882551EC9FFB3C51A7D94C4266C] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/04/22 01:41:48 | 4193,210,368 | -HS- | M | Unable to obtain MD5] ()
IPH.PH -> C:\IPH.PH -> [2009/06/18 20:59:15 | 000,000,367 | -H-- | M | MD5 = D68D4E12A7B9A9DE17DD55A347C7F5AE] ()
msdia80.dll -> C:\msdia80.dll -> [2006/12/02 03:37:14 | 000,904,704 | ---- | M | MD5 = 800B746FDC4D80469AFC7E5E9B510C9C] (Microsoft Corporation)
pagefile.sys -> C:\pagefile.sys -> [2010/04/22 01:41:46 | 211,832,831 | -HS- | M | Unable to obtain MD5] ()
< %PROGRAMFILES%\*. >
Activation Assistant for the 2007 Microsoft Office suites -> C:\Program Files (x86)\Activation Assistant for the 2007 Microsoft Office suites -> [2009/02/23 01:54:37 | 000,000,000 | ---D | M]
Adobe -> C:\Program Files (x86)\Adobe -> [2010/01/31 22:37:14 | 000,000,000 | ---D | M]
AIM6 -> C:\Program Files (x86)\AIM6 -> [2009/06/18 20:59:14 | 000,000,000 | ---D | M]
AnvSoft -> C:\Program Files (x86)\AnvSoft -> [2010/03/12 04:29:21 | 000,000,000 | ---D | M]
Apple Software Update -> C:\Program Files (x86)\Apple Software Update -> [2009/08/22 16:39:39 | 000,000,000 | ---D | M]
Aura4You -> C:\Program Files (x86)\Aura4You -> [2010/03/12 10:39:24 | 000,000,000 | ---D | M]
AVG -> C:\Program Files (x86)\AVG -> [2010/02/20 03:04:39 | 000,000,000 | ---D | M]
BitTorrent -> C:\Program Files (x86)\BitTorrent -> [2009/08/16 02:58:06 | 000,000,000 | ---D | M]
Bonjour -> C:\Program Files (x86)\Bonjour -> [2010/04/05 20:56:46 | 000,000,000 | ---D | M]
Common Files -> C:\Program Files (x86)\Common Files -> [2010/02/23 21:36:40 | 000,000,000 | ---D | M]
CyberLink -> C:\Program Files (x86)\CyberLink -> [2009/02/23 02:09:59 | 000,000,000 | ---D | M]
DivX -> C:\Program Files (x86)\DivX -> [2010/02/15 12:56:32 | 000,000,000 | ---D | M]
ESET -> C:\Program Files (x86)\ESET -> [2010/04/22 00:31:37 | 000,000,000 | ---D | M]
Free DVD Ripper -> C:\Program Files (x86)\Free DVD Ripper -> [2009/11/15 04:46:13 | 000,000,000 | ---D | M]
Google -> C:\Program Files (x86)\Google -> [2010/01/23 18:22:25 | 000,000,000 | ---D | M]
Handbrake -> C:\Program Files (x86)\Handbrake -> [2009/11/24 20:30:17 | 000,000,000 | ---D | M]
Hewlett-Packard -> C:\Program Files (x86)\Hewlett-Packard -> [2009/05/21 23:33:52 | 000,000,000 | ---D | M]
Hewlett-Packard Company -> C:\Program Files (x86)\Hewlett-Packard Company -> [2009/02/23 00:55:57 | 000,000,000 | ---D | M]
Hp -> C:\Program Files (x86)\Hp -> [2009/02/23 02:21:19 | 000,000,000 | ---D | M]
HP Games -> C:\Program Files (x86)\HP Games -> [2009/02/23 01:56:22 | 000,000,000 | ---D | M]
InstallShield Installation Information -> C:\Program Files (x86)\InstallShield Installation Information -> [2010/03/12 03:21:55 | 000,000,000 | -H-D | M]
Intel -> C:\Program Files (x86)\Intel -> [2009/05/21 22:53:07 | 000,000,000 | ---D | M]
Internet Explorer -> C:\Program Files (x86)\Internet Explorer -> [2010/01/27 20:58:46 | 000,000,000 | ---D | M]
iTunes -> C:\Program Files (x86)\iTunes -> [2010/04/05 21:08:45 | 000,000,000 | ---D | M]
Java -> C:\Program Files (x86)\Java -> [2010/01/27 20:55:13 | 000,000,000 | ---D | M]
JunoPreloader -> C:\Program Files (x86)\JunoPreloader -> [2009/02/23 02:13:14 | 000,000,000 | ---D | M]
Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2010/04/20 00:06:20 | 000,000,000 | ---D | M]
Microsoft -> C:\Program Files (x86)\Microsoft -> [2009/10/04 20:51:38 | 000,000,000 | ---D | M]
Microsoft Office -> C:\Program Files (x86)\Microsoft Office -> [2009/07/03 02:39:50 | 000,000,000 | ---D | M]
Microsoft Silverlight -> C:\Program Files (x86)\Microsoft Silverlight -> [2010/01/23 17:59:50 | 000,000,000 | ---D | M]
Microsoft Visual Studio -> C:\Program Files (x86)\Microsoft Visual Studio -> [2009/07/03 02:40:16 | 000,000,000 | ---D | M]
Microsoft Visual Studio 8 -> C:\Program Files (x86)\Microsoft Visual Studio 8 -> [2009/07/03 02:14:28 | 000,000,000 | ---D | M]
Microsoft Works -> C:\Program Files (x86)\Microsoft Works -> [2009/06/19 03:02:55 | 000,000,000 | ---D | M]
Microsoft.NET -> C:\Program Files (x86)\Microsoft.NET -> [2009/02/23 01:53:17 | 000,000,000 | ---D | M]
Mozilla Firefox -> C:\Program Files (x86)\Mozilla Firefox -> [2010/04/21 00:32:07 | 000,000,000 | ---D | M]
MSBuild -> C:\Program Files (x86)\MSBuild -> [2009/07/03 02:40:45 | 000,000,000 | ---D | M]
MSN -> C:\Program Files (x86)\MSN -> [2009/02/23 02:13:27 | 000,000,000 | ---D | M]
MSXML 4.0 -> C:\Program Files (x86)\MSXML 4.0 -> [2009/06/18 19:31:56 | 000,000,000 | ---D | M]
muvee Technologies -> C:\Program Files (x86)\muvee Technologies -> [2009/05/22 00:03:16 | 000,000,000 | ---D | M]
NetZeroPreloader -> C:\Program Files (x86)\NetZeroPreloader -> [2009/02/23 02:13:51 | 000,000,000 | ---D | M]
Norton Security Scan -> C:\Program Files (x86)\Norton Security Scan -> [2010/02/20 02:55:12 | 000,000,000 | ---D | M]
NortonInstaller -> C:\Program Files (x86)\NortonInstaller -> [2010/02/20 02:55:10 | 000,000,000 | ---D | M]
Online Services -> C:\Program Files (x86)\Online Services -> [2009/06/18 18:30:37 | 000,000,000 | R--D | M]
QuickTime -> C:\Program Files (x86)\QuickTime -> [2010/04/05 21:01:44 | 000,000,000 | ---D | M]
Realtek -> C:\Program Files (x86)\Realtek -> [2009/05/21 22:56:13 | 000,000,000 | ---D | M]
Reference Assemblies -> C:\Program Files (x86)\Reference Assemblies -> [2006/11/02 11:07:27 | 000,000,000 | ---D | M]
Research In Motion -> C:\Program Files (x86)\Research In Motion -> [2010/02/23 21:13:42 | 000,000,000 | ---D | M]
Roxio -> C:\Program Files (x86)\Roxio -> [2010/02/23 21:36:32 | 000,000,000 | ---D | M]
SAMSUNG -> C:\Program Files (x86)\SAMSUNG -> [2009/06/18 22:04:20 | 000,000,000 | ---D | M]
SanDisk -> C:\Program Files (x86)\SanDisk -> [2010/03/12 03:21:55 | 000,000,000 | ---D | M]
Skype -> C:\Program Files (x86)\Skype -> [2009/06/18 19:06:18 | 000,000,000 | R--D | M]
Sling Media -> C:\Program Files (x86)\Sling Media -> [2009/02/23 01:55:37 | 000,000,000 | ---D | M]
SMINST -> C:\Program Files (x86)\SMINST -> [2009/06/18 18:37:32 | 000,000,000 | ---D | M]
Uninstall Information -> C:\Program Files (x86)\Uninstall Information -> [2006/11/02 11:36:07 | 000,000,000 | -H-D | M]
VideoLAN -> C:\Program Files (x86)\VideoLAN -> [2009/07/22 23:59:27 | 000,000,000 | ---D | M]
Viewpoint -> C:\Program Files (x86)\Viewpoint -> [2009/06/18 20:59:05 | 000,000,000 | ---D | M]
Windows Calendar -> C:\Program Files (x86)\Windows Calendar -> [2009/12/03 02:59:30 | 000,000,000 | ---D | M]
Windows Collaboration -> C:\Program Files (x86)\Windows Collaboration -> [2008/01/20 23:09:47 | 000,000,000 | ---D | M]
Windows Defender -> C:\Program Files (x86)\Windows Defender -> [2008/01/20 23:09:41 | 000,000,000 | ---D | M]
Windows Live -> C:\Program Files (x86)\Windows Live -> [2009/06/18 21:12:09 | 000,000,000 | ---D | M]
Windows Live SkyDrive -> C:\Program Files (x86)\Windows Live SkyDrive -> [2009/06/18 21:11:57 | 000,000,000 | ---D | M]
Windows Mail -> C:\Program Files (x86)\Windows Mail -> [2010/03/15 21:37:25 | 000,000,000 | ---D | M]
Windows Media Player -> C:\Program Files (x86)\Windows Media Player -> [2009/12/03 02:59:30 | 000,000,000 | ---D | M]
Windows NT -> C:\Program Files (x86)\Windows NT -> [2006/11/02 11:07:27 | 000,000,000 | ---D | M]
Windows Photo Gallery -> C:\Program Files (x86)\Windows Photo Gallery -> [2009/12/03 02:59:27 | 000,000,000 | ---D | M]
Windows Portable Devices -> C:\Program Files (x86)\Windows Portable Devices -> [2009/12/04 03:40:58 | 000,000,000 | ---D | M]
Windows Sidebar -> C:\Program Files (x86)\Windows Sidebar -> [2009/12/03 02:59:30 | 000,000,000 | ---D | M]
< %appdata%\*.* >
desktop.ini -> C:\Users\Stephanie\AppData\Roaming\desktop.ini -> [2009/07/14 00:06:23 | 000,000,006 | -HS- | M | MD5 = BEA07E6D2B8DCE396FE21BAA61B34956] ()
< End of report >
[/code]

Re: Trojan Problem23rd April 2010, 1:44 pm

I see you are running BitTorrent, a P2P application. I suggest to read the following, and then decide whether you want to keep it or not: http://www.helpmyos.com/learn-security-f40/p2p-programs-t1102.htm

====================================================

I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program now. Navigate to Start --> Control Panel --> Add or Remove Programs and uninstall the following programs if present.

Viewpoint
Viewpoint Manager
Viewpoint Media Player

Viewpoint Toolbar

Let me know if you decided to uninstall it.

===================================================

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

===================================================

Start OTS. Copy/Paste the information in bold below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\] > ->
YN -> HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\: "ProxyServer" -> http=127.0.0.1:5555
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{b9d0a090-229b-11df-9500-00235a9e0270} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9d0a090-229b-11df-9500-00235a9e0270}\shell\AutoRun\command ->
YY -> \{b9d0a090-229b-11df-9500-00235a9e0270}\shell\AutoRun\command\\"" -> F:\setup.exe [F:\setup.exe]
YN -> \{ff292315-702b-11de-9ad9-00235a9e0270} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff292315-702b-11de-9ad9-00235a9e0270}\shell\AutoRun\command ->
YY -> \{ff292315-702b-11de-9ad9-00235a9e0270}\shell\AutoRun\command\\"" -> G:\slacker.synclauncher.exe [G:\slacker.synclauncher.exe]
YN -> \{ff292315-702b-11de-9ad9-00235a9e0270} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff292315-702b-11de-9ad9-00235a9e0270}\shell\slacker\command ->
YY -> \{ff292315-702b-11de-9ad9-00235a9e0270}\shell\slacker\command\\"" -> G:\slacker.synclauncher.exe [G:\slacker.synclauncher.exe]
[Files/Folders - Created Within 90 Days]
NY -> lcykohynw -> C:\Users\Stephanie\AppData\Local\lcykohynw
NY -> {93E26451-CD9A-43A5-A2FA-C42392EA4001} -> C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[Purity]
[Empty Temp Folders]
[EmptyFlash]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

Re: Trojan Problem24th April 2010, 5:10 am

All Processes Killed
[Registry - Safe List]
Registry value HKEY_USERS\S-1-5-21-1413613182-2839125087-4029887168-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9d0a090-229b-11df-9500-00235a9e0270}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9d0a090-229b-11df-9500-00235a9e0270}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9d0a090-229b-11df-9500-00235a9e0270}\shell\AutoRun\command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9d0a090-229b-11df-9500-00235a9e0270}\shell\AutoRun\command not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff292315-702b-11de-9ad9-00235a9e0270}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff292315-702b-11de-9ad9-00235a9e0270}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff292315-702b-11de-9ad9-00235a9e0270}\shell\AutoRun\command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff292315-702b-11de-9ad9-00235a9e0270}\shell\AutoRun\command not found.
File G:\slacker.synclauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff292315-702b-11de-9ad9-00235a9e0270}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff292315-702b-11de-9ad9-00235a9e0270}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff292315-702b-11de-9ad9-00235a9e0270}\shell\slacker\command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff292315-702b-11de-9ad9-00235a9e0270}\shell\slacker\command not found.
File G:\slacker.synclauncher.exe not found.
[Files/Folders - Created Within 90 Days]
C:\Users\Stephanie\AppData\Local\lcykohynw folder moved successfully.
C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\x64 folder moved successfully.
C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64 folder moved successfully.
C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} folder moved successfully.
[Purity]
Purity scan complete.
[Empty Temp Folders]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Stephanie
->Temp folder emptied: 2308579 bytes
->Temporary Internet Files folder emptied: 978737 bytes
->Java cache emptied: 29626 bytes
->FireFox cache emptied: 85792616 bytes
->Google Chrome cache emptied: 310738606 bytes
->Flash cache emptied: 3814 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15364 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 381.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Stephanie
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.29.0 fix logfile created on 04242010_010120

Files\Folders moved on Reboot...
C:\Users\Stephanie\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...

Re: Trojan Problem24th April 2010, 5:18 am

Tell me of any issues currently, that are plaguing your computer.

Is the Internet Explorer/Chrome still dysfunctional?

Re: Trojan Problem24th April 2010, 5:35 am

they work fine now. the computer seems to be running at the way it was before the problems. thanks!

Re: Trojan Problem24th April 2010, 1:29 pm

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE

You now have a clean restore point, to get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do some calculation and the display a dialogue box with TABS
Select the More Options Tab.
At the bottom will be a system restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start
button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Re: Trojan Problem25th April 2010, 6:00 am

Re: Trojan Problem25th April 2010, 7:10 pm

You did not post anything. Please re-post.

Re: Trojan Problem26th April 2010, 5:52 am

Results of screen317's Security Check version 0.99.3
Windows Vista (UAC is enabled)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 18
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.3.2
Chinese Traditional Fonts Support For Adobe Reader 9
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Re: Trojan Problem27th April 2010, 1:36 am

Please consider updating to Windows Vista Service Packs 1 & 2.
Windows Vista Service Packs 1 & 2 contain all the updates released since the first release plus support for new types of hardware and emerging hardware standards.
It is now available via Windows Update or as a standalone installation here.

=========================

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

=====================================

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Antivirus/Antispyware

Microsoft Security Essentials: this is Microsoft's free antivirus/antispyware program. It equips you with protection against viruses, spyware, trojans, rootkits, and worms. It is also light on the computer's performance. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.
AVG Free: this is one of the most powerful, and easiest to use security software. The free version equips you with protection against viruses, spyware, trojans, rootkits, worms, and rogue software. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.

Firewall

Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
PC Tools Firewall Plus: free and excellent firewall.

Note: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

Firefox may be downloaded from here: http://www.getfirefox.com
Opera is available here: http://www.opera.com/download/

See this page for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

Re: Trojan Problem27th April 2010, 3:05 am

No more questions. I would like to thank you for your time and patience! Thank you very much.

Re: Trojan Problem27th April 2010, 3:07 am

You're welcome!

Trojan Problem

descriptionRe: Trojan Problem22nd April 2010, 11:52 pm

descriptionRe: Trojan Problem23rd April 2010, 12:43 am

descriptionRe: Trojan Problem23rd April 2010, 1:01 am

descriptionRe: Trojan Problem23rd April 2010, 1:27 am

descriptionRe: Trojan Problem23rd April 2010, 1:36 am

descriptionRe: Trojan Problem23rd April 2010, 1:49 am

descriptionRe: Trojan Problem23rd April 2010, 1:56 am

descriptionRe: Trojan Problem23rd April 2010, 2:21 am

descriptionRe: Trojan Problem23rd April 2010, 2:22 am

descriptionRe: Trojan Problem23rd April 2010, 2:22 am

descriptionRe: Trojan Problem23rd April 2010, 1:44 pm

descriptionRe: Trojan Problem24th April 2010, 5:10 am

descriptionRe: Trojan Problem24th April 2010, 5:18 am

descriptionRe: Trojan Problem24th April 2010, 5:35 am

descriptionRe: Trojan Problem24th April 2010, 1:29 pm

descriptionRe: Trojan Problem25th April 2010, 6:00 am

descriptionRe: Trojan Problem25th April 2010, 7:10 pm

descriptionRe: Trojan Problem26th April 2010, 5:52 am

descriptionRe: Trojan Problem27th April 2010, 1:36 am

descriptionRe: Trojan Problem27th April 2010, 3:05 am

descriptionRe: Trojan Problem27th April 2010, 3:07 am

descriptionRe: Trojan Problem

Re: Trojan Problem22nd April 2010, 11:52 pm

Re: Trojan Problem23rd April 2010, 12:43 am

Re: Trojan Problem23rd April 2010, 1:01 am

Re: Trojan Problem23rd April 2010, 1:27 am

Re: Trojan Problem23rd April 2010, 1:36 am

Re: Trojan Problem23rd April 2010, 1:49 am

Re: Trojan Problem23rd April 2010, 1:56 am

Re: Trojan Problem23rd April 2010, 2:21 am

Re: Trojan Problem23rd April 2010, 2:22 am

Re: Trojan Problem23rd April 2010, 2:22 am

Re: Trojan Problem23rd April 2010, 1:44 pm

Re: Trojan Problem24th April 2010, 5:10 am

Re: Trojan Problem24th April 2010, 5:18 am

Re: Trojan Problem24th April 2010, 5:35 am

Re: Trojan Problem24th April 2010, 1:29 pm

Re: Trojan Problem25th April 2010, 6:00 am

Re: Trojan Problem25th April 2010, 7:10 pm

Re: Trojan Problem26th April 2010, 5:52 am

Re: Trojan Problem27th April 2010, 1:36 am

Re: Trojan Problem27th April 2010, 3:05 am

Re: Trojan Problem27th April 2010, 3:07 am

Re: Trojan Problem