Been taken over

Author

All Replies

shovelhead

join:2012-01-01
Sparks, NV

Need help.. running windows 7 home premium samsung laptop.. this thing is trying to take over. Had to rn sytem restore 2 times and then in safe mode to get it done.. duplicate files false warnings cant get downloads at times .. I dont no what all you want i did your pre stepe I will try and attach.. I have been trying for a couple weeks to get help no seems to want to..

to forum · permalink · 2012-01-01 05:59:31 ·

lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:51

Reviews:

·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery

MBAM

Let's get those open for easier analysis

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.31.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
me :: ROSIE [administrator]

Protection: Enabled

12/30/2011 10:05:20 PM
mbam-log-2011-12-30 (22-05-20).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 320417
Time elapsed: 25 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
D:\Downloads\SoftonicDownloader_for_kaspersky-tdsskiller.exe (PUP.BundleOffer.Downloader.S) -> Quarantined and deleted successfully.

(end)
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

to forum · permalink · 2012-01-01 11:25:03 ·

lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:51

Reviews:

·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery

reply to shovelhead

OTL

OTL logfile created on: 12/30/2011 10:38:22 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\me\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.92 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 54.13% Memory free
7.83 Gb Paging File | 5.95 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231.00 Gb Total Space | 203.69 Gb Free Space | 88.18% Space Free | Partition Type: NTFS
Drive D: | 345.83 Gb Total Space | 179.90 Gb Free Space | 52.02% Space Free | Partition Type: NTFS

Computer Name: ROSIE | User Name: me | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011/12/30 22:35:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\me\Desktop\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/11/20 19:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - [2010/09/22 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/09 11:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [Disabled | Stopped] -- C:\windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/01 04:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2010/06/03 09:48:28 | 000,246,520 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/05/31 22:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/24 12:39:32 | 000,268,664 | ---- | M] (Neuber Software GmbH, www.neuber.com) [Auto | Stopped] -- C:\Program Files (x86)\Network Security Task Manager\NetTaskAgent.exe -- (NetTaskAgent)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/01/26 21:35:26 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/17 18:16:12 | 000,173,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp) Intel(R) Centrino(R)
DRV:64bit: - [2011/01/17 18:16:06 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb) Intel(R) Centrino(R)
DRV:64bit: - [2011/01/17 18:16:04 | 000,075,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum) Intel(R) Centrino(R)
DRV:64bit: - [2011/01/03 18:29:46 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010/12/16 18:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/30 12:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/12 14:23:38 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/11/10 01:04:14 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/10/06 18:59:00 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

[2011/12/29 21:35:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2011/12/30 08:11:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.205.192.61 24.205.224.36 68.116.46.115
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{062B3EED-6A4C-4CA5-AC97-371CA578061D}: DhcpNameServer = 24.205.192.61 24.205.224.36 68.116.46.115
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/12/30 22:35:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\me\Desktop\OTL.exe
[2011/12/30 22:04:31 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Malwarebytes
[2011/12/30 22:04:24 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/12/30 22:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/30 22:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/30 22:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/30 22:02:30 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\me\Desktop\mbam-setup-1.60.0.1800.exe
[2011/12/30 21:58:03 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\me\Desktop\TFC.exe
[2011/12/30 20:29:12 | 000,000,000 | ---D | C] -- C:\Users\me\Documents\Remote Assistance Logs
[2011/12/30 19:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2011/12/30 19:02:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking
[2011/12/30 16:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hyena
[2011/12/30 16:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\Hyena
[2011/12/30 08:16:28 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/12/30 08:11:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/30 08:06:39 | 000,000,000 | ---D | C] -- C:\shovel17096s
[2011/12/30 08:02:58 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\ElevatedDiagnostics
[2011/12/30 07:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Network Security Task Manager
[2011/12/30 07:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011/12/30 07:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Martau
[2011/12/30 05:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2011/12/30 05:01:32 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2011/12/30 05:01:32 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2011/12/29 22:29:14 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2011/12/29 22:29:14 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2011/12/29 22:29:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2011/12/29 22:29:13 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2011/12/29 22:29:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2011/12/29 22:29:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2011/12/29 22:29:12 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2011/12/29 22:29:12 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2011/12/29 22:29:12 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2011/12/29 22:29:12 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2011/12/29 22:29:11 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2011/12/29 22:23:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/12/29 22:23:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/12/29 22:23:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/12/29 22:23:00 | 000,000,000 | ---D | C] -- C:\shovel
[2011/12/29 22:23:00 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/12/29 22:22:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/29 22:15:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/12/29 22:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/29 22:15:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/12/29 21:51:23 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\Best Buy pc app
[2011/12/29 21:46:26 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2011/12/29 21:46:26 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2011/12/29 21:46:26 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2011/12/29 21:46:26 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2011/12/29 21:46:26 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2011/12/29 21:46:25 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2011/12/29 21:46:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2011/12/29 21:46:25 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2011/12/29 21:46:25 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2011/12/29 21:46:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2011/12/29 21:46:25 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2011/12/29 21:46:25 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/12/29 21:46:25 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/12/29 21:46:25 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/12/29 21:46:25 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/12/29 21:46:25 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2011/12/29 21:46:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/12/29 21:46:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/12/29 21:46:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/12/29 21:46:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/12/29 21:46:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/12/29 21:46:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/12/29 21:46:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/12/29 21:46:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/12/29 21:46:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/12/29 21:46:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/12/29 21:46:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/12/29 21:46:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/12/29 21:46:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/12/29 21:46:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/12/29 21:46:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2011/12/29 21:46:17 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xmllite.dll
[2011/12/29 21:46:12 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbccu32.dll
[2011/12/29 21:46:12 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbccr32.dll
[2011/12/29 21:46:11 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbcjt32.dll
[2011/12/29 21:46:11 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbctrac.dll
[2011/12/29 21:46:11 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbctrac.dll
[2011/12/29 21:46:11 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbccp32.dll
[2011/12/29 21:46:11 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbccp32.dll
[2011/12/29 21:46:11 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbccu32.dll
[2011/12/29 21:46:11 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbccr32.dll
[2011/12/29 21:46:08 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\poqexec.exe
[2011/12/29 21:46:08 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\poqexec.exe
[2011/12/29 21:46:07 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe
[2011/12/29 21:46:07 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\explorer.exe
[2011/12/29 21:46:04 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sbe.dll
[2011/12/29 21:46:04 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\CPFilters.dll
[2011/12/29 21:46:04 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\sbe.dll
[2011/12/29 21:46:04 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\CPFilters.dll
[2011/12/29 21:46:04 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mpg2splt.ax
[2011/12/29 21:46:04 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mpg2splt.ax
[2011/12/29 21:46:01 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tquery.dll
[2011/12/29 21:46:01 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssrch.dll
[2011/12/29 21:46:01 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssrch.dll
[2011/12/29 21:46:00 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tquery.dll
[2011/12/29 21:46:00 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssph.dll
[2011/12/29 21:46:00 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssph.dll
[2011/12/29 21:46:00 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchProtocolHost.exe
[2011/12/29 21:46:00 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchFilterHost.exe
[2011/12/29 21:45:59 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssvp.dll
[2011/12/29 21:45:59 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssvp.dll
[2011/12/29 21:45:59 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssphtb.dll
[2011/12/29 21:45:59 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msscntrs.dll
[2011/12/29 21:45:59 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msscntrs.dll
[2011/12/29 21:45:54 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll
[2011/12/29 21:45:53 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2011/12/29 21:45:53 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2011/12/29 21:45:51 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll
[2011/12/29 21:45:51 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll
[2011/12/29 21:45:50 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfc42.dll
[2011/12/29 21:45:50 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfc42u.dll
[2011/12/29 21:45:50 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfc42u.dll
[2011/12/29 21:45:50 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfc42.dll
[2011/12/29 21:45:46 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2011/12/29 21:45:46 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2011/12/29 21:45:46 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2011/12/29 21:45:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2011/12/29 21:45:45 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Diskdump.sys
[2011/12/29 21:45:44 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dnsapi.dll
[2011/12/29 21:45:44 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dnscacheugc.exe
[2011/12/29 21:45:44 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dnscacheugc.exe
[2011/12/29 21:45:34 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisdecd.dll
[2011/12/29 21:45:34 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisdecd.dll
[2011/12/29 21:45:34 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisrndr.ax
[2011/12/29 21:45:34 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisrndr.ax
[2011/12/29 21:45:23 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.efi
[2011/12/29 21:45:23 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.exe
[2011/12/29 21:45:23 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.efi
[2011/12/29 21:45:23 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.exe
[2011/12/29 21:45:23 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kdusb.dll
[2011/12/29 21:45:23 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kd1394.dll
[2011/12/29 21:45:23 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kdcom.dll
[2011/12/29 21:45:07 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2011/12/29 21:45:06 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2011/12/29 21:45:06 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2011/12/29 21:45:05 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\drvinst.exe
[2011/12/29 21:45:05 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\devrtl.dll
[2011/12/29 21:45:05 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\prevhost.exe
[2011/12/29 21:45:05 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\prevhost.exe
[2011/12/29 21:45:04 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FXSCOVER.exe
[2011/12/29 21:45:03 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll
[2011/12/29 21:45:03 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleacc.dll
[2011/12/29 21:45:02 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\EncDec.dll
[2011/12/29 21:45:02 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\EncDec.dll
[2011/12/29 21:37:44 | 000,000,000 | ---D | C] -- C:\windows\SysNative\kodak
[2011/12/29 21:35:34 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Mozilla
[2011/12/29 21:35:34 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\Mozilla
[2011/12/29 21:30:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Network Security Task Manager
[2011/12/29 21:26:53 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\CrashDumps
[2011/12/29 20:44:15 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\Diagnostics
[2011/12/29 20:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2011/12/29 20:40:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2011/12/29 20:36:53 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy
[2011/12/29 20:36:42 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\Power2Go
[2011/12/29 20:36:37 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\Apps
[2011/12/29 20:36:32 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\Deployment
[2011/12/29 20:34:40 | 000,000,000 | R--D | C] -- C:\Users\me\Searches
[2011/12/29 20:34:40 | 000,000,000 | R--D | C] -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/12/29 20:34:40 | 000,000,000 | -H-D | C] -- C:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/12/29 20:34:33 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Identities
[2011/12/29 20:34:26 | 000,000,000 | R--D | C] -- C:\Users\me\Contacts
[2011/12/29 20:33:51 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
[2011/12/29 20:32:01 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\eMusic
[2011/12/29 20:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech
[2011/12/29 20:31:39 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\SRS Labs
[2011/12/29 20:31:05 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\VirtualStore
[2011/12/29 20:31:05 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Intel
[2011/12/29 20:31:01 | 000,000,000 | -HSD | C] -- C:\Users\me\AppData\Local\Temporary Internet Files
[2011/12/29 20:31:01 | 000,000,000 | -HSD | C] -- C:\Users\me\Templates
[2011/12/29 20:31:01 | 000,000,000 | -HSD | C] -- C:\Users\me\Start Menu
[2011/12/29 20:31:01 | 000,000,000 | -HSD | C] -- C:\Users\me\SendTo
[2011/12/29 20:31:01 | 000,000,000 | -HSD | C] -- C:\Users\me\Recent
[2011/12/29 20:31:01 | 000,000,000 | -HSD | C] -- C:\Users\me\PrintHood
[2011/12/29 20:31:01 | 000,000,000 | -HSD | C] -- C:\Users\me\NetHood
[2011/12/29 20:31:01 | 000,000,000 | -HSD | C] -- C:\Users\me\Documents\My Videos
[2011/12/29 20:31:01 | 000,000,000 | -HSD | C] -- C:\Users\me\Documents\My Pictures
[2011/12/29 20:31:01 | 000,000,000 | -HSD | C] -- C:\Users\me\Documents\My Music
[2011/12/29 20:31:01 | 000,000,000 | -HSD | C] -- C:\Users\me\My Documents
[2011/12/29 20:31:01 | 000,000,000 | -HSD | C] -- C:\Users\me\Local Settings
[2011/12/29 20:31:01 | 000,000,000 | -HSD | C] -- C:\Users\me\AppData\Local\History
[2011/12/29 20:31:01 | 000,000,000 | -HSD | C] -- C:\Users\me\Cookies
[2011/12/29 20:31:01 | 000,000,000 | -HSD | C] -- C:\Users\me\Application Data
[2011/12/29 20:31:01 | 000,000,000 | -HSD | C] -- C:\Users\me\AppData\Local\Application Data
[2011/12/29 20:31:00 | 000,000,000 | --SD | C] -- C:\Users\me\AppData\Roaming\Microsoft
[2011/12/29 20:31:00 | 000,000,000 | R--D | C] -- C:\Users\me\Videos
[2011/12/29 20:31:00 | 000,000,000 | R--D | C] -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/12/29 20:31:00 | 000,000,000 | R--D | C] -- C:\Users\me\Saved Games
[2011/12/29 20:31:00 | 000,000,000 | R--D | C] -- C:\Users\me\Pictures
[2011/12/29 20:31:00 | 000,000,000 | R--D | C] -- C:\Users\me\Music
[2011/12/29 20:31:00 | 000,000,000 | R--D | C] -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/12/29 20:31:00 | 000,000,000 | R--D | C] -- C:\Users\me\Links
[2011/12/29 20:31:00 | 000,000,000 | R--D | C] -- C:\Users\me\Favorites
[2011/12/29 20:31:00 | 000,000,000 | R--D | C] -- C:\Users\me\Downloads
[2011/12/29 20:31:00 | 000,000,000 | R--D | C] -- C:\Users\me\Documents
[2011/12/29 20:31:00 | 000,000,000 | R--D | C] -- C:\Users\me\Desktop
[2011/12/29 20:31:00 | 000,000,000 | R--D | C] -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/12/29 20:31:00 | 000,000,000 | -H-D | C] -- C:\Users\me\AppData
[2011/12/29 20:31:00 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\Temp
[2011/12/29 20:31:00 | 000,000,000 | ---D | C] -- C:\Users\me\Roaming
[2011/12/29 20:31:00 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\Microsoft
[2011/12/29 20:31:00 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Media Center Programs
[2011/12/29 20:30:50 | 000,000,000 | ---D | C] -- C:\Recovery
[2011/12/14 10:31:20 | 011,252,512 | ---- | C] (SystemTools Software Inc) -- C:\Users\me\Desktop\Hyena_English_x64.exe

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/12/30 22:35:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\me\Desktop\OTL.exe
[2011/12/30 22:09:07 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/30 22:09:07 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/30 22:06:13 | 000,713,888 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/12/30 22:06:13 | 000,615,360 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/12/30 22:06:13 | 000,103,702 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/12/30 22:04:24 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/30 22:02:34 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\me\Desktop\mbam-setup-1.60.0.1800.exe
[2011/12/30 22:00:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/12/30 22:00:29 | 4204,314,624 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/30 21:58:04 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\me\Desktop\TFC.exe
[2011/12/30 20:38:17 | 000,001,645 | ---- | M] () -- C:\Users\me\Documents\Invitation.msrcIncident
[2011/12/30 16:38:07 | 000,082,104 | ---- | M] () -- C:\Users\me\Desktop\Capture ht.PNG
[2011/12/30 16:06:00 | 011,252,512 | ---- | M] (SystemTools Software Inc) -- C:\Users\me\Desktop\Hyena_English_x64.exe
[2011/12/30 08:11:32 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2011/12/30 07:30:59 | 000,001,094 | ---- | M] () -- C:\Users\me\Desktop\Tu - Shortcut.lnk
[2011/12/30 05:03:06 | 000,276,096 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/12/30 03:30:17 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/12/30 03:29:52 | 000,108,227 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2011/12/30 03:29:52 | 000,108,227 | ---- | M] () -- C:\windows\SysNative\license.rtf
[2011/12/29 22:15:46 | 000,001,282 | ---- | M] () -- C:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/29 22:15:46 | 000,001,258 | ---- | M] () -- C:\Users\me\Desktop\Spybot - Search & Destroy.lnk
[2011/12/29 21:59:14 | 063,255,552 | ---- | M] () -- C:\Users\me\Desktop\ess_nt64_enu.msi
[2011/12/29 21:50:09 | 000,001,437 | ---- | M] () -- C:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/29 20:34:15 | 000,001,076 | ---- | M] () -- C:\Users\me\Desktop\Your Feedback is Important.lnk
[2011/12/29 20:32:01 | 000,000,127 | ---- | M] () -- C:\Users\me\Desktop\eMusic.url
[2011/12/29 20:31:19 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\drivers\144D_SAMSUNG_N_RV520_03PQ.mrk
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/12/30 22:04:24 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/30 20:29:11 | 000,001,645 | ---- | C] () -- C:\Users\me\Documents\Invitation.msrcIncident
[2011/12/30 16:38:07 | 000,082,104 | ---- | C] () -- C:\Users\me\Desktop\Capture ht.PNG
[2011/12/30 07:30:59 | 000,001,094 | ---- | C] () -- C:\Users\me\Desktop\Tu - Shortcut.lnk
[2011/12/30 03:30:17 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/12/29 22:23:03 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/12/29 22:23:03 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/12/29 22:23:03 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/12/29 22:23:03 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/12/29 22:23:03 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/12/29 22:15:46 | 000,001,282 | ---- | C] () -- C:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/29 22:15:46 | 000,001,258 | ---- | C] () -- C:\Users\me\Desktop\Spybot - Search & Destroy.lnk
[2011/12/29 21:56:11 | 063,255,552 | ---- | C] () -- C:\Users\me\Desktop\ess_nt64_enu.msi
[2011/12/29 21:50:09 | 000,001,437 | ---- | C] () -- C:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/29 20:36:05 | 000,001,409 | ---- | C] () -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/12/29 20:35:02 | 000,001,443 | ---- | C] () -- C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/12/29 20:34:15 | 000,001,076 | ---- | C] () -- C:\Users\me\Desktop\Your Feedback is Important.lnk
[2011/12/29 20:32:01 | 000,000,127 | ---- | C] () -- C:\Users\me\Desktop\eMusic.url
[2011/12/29 20:31:19 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\drivers\144D_SAMSUNG_N_RV520_03PQ.mrk
[2011/12/29 20:31:00 | 000,000,290 | ---- | C] () -- C:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/12/29 20:31:00 | 000,000,272 | ---- | C] () -- C:\Users\me\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/05/10 09:53:53 | 000,258,864 | ---- | C] () -- C:\windows\SUPDRun.exe
[2011/05/10 09:52:04 | 000,960,940 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/05/10 09:52:02 | 000,207,376 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/05/10 09:52:01 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/05/09 19:10:21 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2011/05/09 18:39:00 | 000,000,522 | ---- | C] () -- C:\windows\HotFixList.ini
[2011/05/09 18:29:02 | 000,142,128 | ---- | C] () -- C:\windows\wiainst64.exe
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 13:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 13:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 13:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

[color=#E56717]========== LOP Check ==========[/color]

[2009/07/13 21:08:49 | 000,007,672 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

to forum · permalink · 2012-01-01 11:25:47 ·

lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:51

Reviews:

·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery

reply to shovelhead

EXTRAS

OTL Extras logfile created on: 12/30/2011 10:38:22 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\me\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.92 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 54.13% Memory free
7.83 Gb Paging File | 5.95 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231.00 Gb Total Space | 203.69 Gb Free Space | 88.18% Space Free | Partition Type: NTFS
Drive D: | 345.83 Gb Total Space | 179.90 Gb Free Space | 52.02% Space Free | Partition Type: NTFS

Computer Name: ROSIE | User Name: me | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717]========== Firewall Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources
"{4F26C164-9373-4974-8F43-E0F2176AF937}" = Intel WiMAX Tutorial
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
"{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}" = SRS Premium Sound Control Panel
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"Elantech" = ETDWare PS/2-X64 8.0.7.2_WHQL
"ProInst" = Intel PROSet Wireless

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{16880765-677F-440B-B16A-BFD9B9C00012}" = EasyFileShare
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18BBF24A-6D04-4CA4-B6B4-1CF372162EEC}" = Adobe Flash Player 10 ActiveX
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{296B2D8E-CE82-92AF-B2E8-937294733038}_is1" = NetAlyzer
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34AB675C-1965-44B5-B5A7-B02EE6196AD3}" = Windows Live Messenger
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“
"{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Start
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}" = Movie Color Enhancer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{8732818E-CA78-4ACB-B077-22311BF4C0E4}" = Easy Network Manager
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFAAD69-2F06-448C-8C78-B10ABE62952B}" = Hyena v8.8
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFD0E594-823B-4E2B-B680-720B3C852588}" = BatteryLifeExtender
"Game Console - WildGames" = WildTangent ORB Game Console
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Samsung Printer Live Update" = Samsung Printer Live Update
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Samsung Universal Scan Driver" = Samsung Universal Scan Driver
"Security Task Manager" = Security Task Manager 1.8d
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live 程式集
"WT085559" = Diner Dash 2 Restaurant Rescue
"WT085567" = Chuzzle Deluxe
"WT085580" = John Deere Drive Green
"WT085581" = Penguins!
"WT085583" = Polar Golfer
"WT085587" = Agatha Christie - Death on the Nile
"WT085597" = Build-a-lot
"WT085618" = Farm Frenzy
"WT085622" = Insaniquarium Deluxe
"WT085663" = Peggle
"WT085669" = Plants vs. Zombies
"WT089285" = Zuma Deluxe
"WT089286" = Bejeweled 2 Deluxe

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"48e4cff94f039634" = Best Buy pc app

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 12/31/2011 12:52:30 AM | Computer Name = rosie | Source = SignInAssistant | ID = 0
Description =

Error - 12/31/2011 12:52:30 AM | Computer Name = rosie | Source = SignInAssistant | ID = 0
Description =

Error - 12/31/2011 12:52:32 AM | Computer Name = rosie | Source = SignInAssistant | ID = 0
Description =

Error - 12/31/2011 12:52:51 AM | Computer Name = rosie | Source = SignInAssistant | ID = 0
Description =

Error - 12/31/2011 12:52:51 AM | Computer Name = rosie | Source = SignInAssistant | ID = 0
Description =

Error - 12/31/2011 12:53:14 AM | Computer Name = rosie | Source = SignInAssistant | ID = 0
Description =

Error - 12/31/2011 12:53:17 AM | Computer Name = rosie | Source = Application Error | ID = 1000
Description = Faulting application name: wlstartup.exe, version: 15.4.3508.1109,
time stamp: 0x4cda6de9 Faulting module name: jscript9.dll, version: 9.0.8112.16440,
time stamp: 0x4eb31a04 Exception code: 0xc0000005 Fault offset: 0x0007899d Faulting
process id: 0x45c Faulting application start time: 0x01ccc777ed17003e Faulting application
path: C:\Program Files (x86)\Windows Live\Installer\wlstartup.exe Faulting module
path: C:\Windows\SysWOW64\jscript9.dll Report Id: 59df804e-336b-11e1-93de-e811325e83ad

Error - 12/31/2011 2:00:53 AM | Computer Name = rosie | Source = NetTaskAgent | ID = 102
Description =

Error - 12/31/2011 2:00:58 AM | Computer Name = rosie | Source = WinMgmt | ID = 10
Description =

Error - 12/31/2011 2:01:15 AM | Computer Name = rosie | Source = Application Error | ID = 1000
Description = Faulting application name: WifiManager.exe, version: 1.0.1.6, time
stamp: 0x4d231a45 Faulting module name: WifiManager.exe, version: 1.0.1.6, time
stamp: 0x4d231a45 Exception code: 0xc0000005 Fault offset: 0x00024a64 Faulting process
id: 0xba0 Faulting application start time: 0x01ccc7819a1efeda Faulting application
path: C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe Faulting
module path: C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
Report
Id: d8984012-3374-11e1-b31f-e811325e83ad

[ System Events ]
Error - 12/31/2011 2:35:48 AM | Computer Name = rosie | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 12/31/2011 2:36:00 AM | Computer Name = rosie | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 12/31/2011 2:36:00 AM | Computer Name = rosie | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 12/31/2011 2:36:00 AM | Computer Name = rosie | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 12/31/2011 2:36:22 AM | Computer Name = rosie | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 12/31/2011 2:36:22 AM | Computer Name = rosie | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 12/31/2011 2:36:22 AM | Computer Name = rosie | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 12/31/2011 2:38:30 AM | Computer Name = rosie | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 12/31/2011 2:38:30 AM | Computer Name = rosie | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 12/31/2011 2:38:30 AM | Computer Name = rosie | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

to forum · permalink · 2012-01-01 11:26:18 ·

lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:51

Reviews:

·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery

reply to shovelhead

A/V Online Scan

QuickScan Beta 32-bit v0.9.9.99
-------------------------------
Scan date: Sat Dec 31 02:21:18 2011
Machine ID: 6A01962

No infection found.
-------------------

Processes
---------
Firefox 2432 D:\Program Files (x86)\Mozilla Firefox\firefox.exe
Firefox 2204 D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

Network activity
----------------
Process firefox.exe (2432) connected on port 443 (HTTP over SSL) --> 74.125.224.80
Process firefox.exe (2432) connected on port 80 (HTTP) --> 74.125.224.136
Process firefox.exe (2432) connected on port 80 (HTTP) --> 69.171.224.14

Autoruns and critical files
---------------------------
Malwarebytes Anti-Malware C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
Malwarebytes Anti-Malware C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Windows® Internet Explorer c:\windows\syswow64\webcheck.dll

Browser plugins
---------------
BitDefender QuickScan C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\ddu0xy3b.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® Windows® Operating System C:\windows\system32\mswsock.dll
Microsoft® Windows® Operating System C:\windows\system32\NLAapi.dll
Silverlight Plug-In C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
Windows Live™ Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
Windows® Internet Explorer c:\windows\syswow64\ieframe.dll
(verified) Microsoft® Windows® Operating System C:\windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\windows\System32\winrnr.dll

Scan
----
MD5: 9d4a1690af93f233e15380398bec7431 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: f12a68ed55053940cadd59ca5e3468dd C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
MD5: 385b9a26dbe3d97b483d977c037c4bec C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
MD5: de199f3aa9c541a349af95a5c72a71af C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
MD5: 8006fc6a9a7c3168ef15dba842c3afc5 C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
MD5: 93ee7d9c35ae7e9ffda148d7805f1421 C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
MD5: fe4abc59d6fa86f2547803b1a0df3231 C:\Program Files (x86)\Network Security Task Manager\NetTaskAgent.exe
MD5: 5839a8027d6d324a7cd494051a96628c C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
MD5: 521a469caf61f00e1de081cc2099c1d6 C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
MD5: ac421a44de902f2627f1e63793ed89cd C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
MD5: 28ad5e311996a34025cfb07e131058dd C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 06c8fa1cf39de6a735b54d906ba791c6 C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
MD5: a9f3bfc9345f49614d5859ec95b9e994 C:\Program Files\Windows Media Player\wmpnetwk.exe
MD5: 80d7997fc092cdb9da217d8dc5386f48 C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll
MD5: f4a569f89a90205a095965ae628625e1 C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\ddu0xy3b.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: c4002b6b41975f057d98c439030cea07 C:\windows\ehome\ehRecvr.exe
MD5: 332feab1435662fc6c672e25beb37be3 C:\windows\Explorer.exe
MD5: 5988fc40f8db5b0739cd1e3a5d0d78bd C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
MD5: a8b7f3818ab65695e3a0bb3279f6dce6 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
MD5: 773212b2aaa24c1e31f10246b15b276c C:\windows\servicing\TrustedInstaller.exe
MD5: 37ce7a79d901235504f9add99a7ac177 C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
MD5: 7a044b0746d957bfd7aae18cfd8422c5 C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
MD5: 0a12d948b2cc7fbb01e28daa5e7c01ea C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
MD5: cb4863f2bd46aa02d954b86b56a149da C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
MD5: 2cae4ed96aa903578452b85e5383940c C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
MD5: e96170a923a69711b4d08e885f05d889 C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
MD5: 44ca750001f0db8c308d1ca4abd0f8e5 C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
MD5: 15df9eb8daba744e4d0e9b117f760f49 C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
MD5: a2385b02cb492131af6f79959a42a93f C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
MD5: 3ad0832e8e29fbe9bd722e3354dd4f57 C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
MD5: 88dc1714e38d4eb41a4378aab98e753b C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
MD5: a1d4deb5176c96b1a80715f6a1fdfb4f C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
MD5: b302a1630e5aea2d830b76bbcd761d72 C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
MD5: 22f767bb3b704f79363999bd4a49e68e C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
MD5: 00b83152f99e846fefb139c574cd4a96 C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
MD5: 50035c36acee069d0c209288208626d9 C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
MD5: cdf677ad479fa99f2e4d9766b83ef53c C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
MD5: 12c34c7325b74e8347e8db75279a8f3f C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
MD5: 96324ed3218133a13fff82055afac733 C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
MD5: a7bdf88a46bcc218b73e383e6547ba5f C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
MD5: 573c70d7076f2f101752a727db7c2280 C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
MD5: 29b01d02e9ff3d8a63f8747b50a5a1a3 C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
MD5: 0cc90316b34118e3b8af760d92c262a4 C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
MD5: 6f399c3e562c4e69df96039743a7aa26 C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
MD5: f3b94e04053c2483a6fecf953d6661d6 C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
MD5: c6942a18444bfffc3cceca69a7e1879c C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
MD5: f47e08b025ae376ef1342fc9ecfecdf1 C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
MD5: 8a13e14b68e00ac2cb67420396d8a1c5 C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
MD5: 863f793d15b4026b1a5fdeca873d4d84 C:\windows\system32\apphelp.dll
MD5: c940f2f5c60b3727c5f18840735b229c C:\windows\system32\AUDIOSES.DLL
MD5: ad7b9c14083b52bc532fba5948342b98 C:\windows\system32\cmd.exe
MD5: a585bebf7d054bd9618eda0922d5484a C:\windows\system32\cryptsvc.dll
MD5: 465bea35f7ed4a4a57686dea7ea10f47 C:\windows\system32\cscapi.dll
MD5: 35cede6439ff0d8903223a0817ffe46c C:\windows\system32\d2d1.dll
MD5: 2de90400a63818fa38c4c5c9adb166bf C:\windows\system32\d3d10_1.dll
MD5: 9c36a3ca80f9b204c670336d344f5df8 C:\windows\system32\d3d10_1core.dll
MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8 C:\windows\system32\dbghelp.dll
MD5: e9e01eb683c132f7fa27cd607b8a2b63 C:\windows\system32\dhcpcore.dll
MD5: b40420876b9288e0a1c8cca8a84e5dc9 C:\windows\system32\DNSAPI.dll
MD5: 0a5c7253183a6f956d10a3a4bbc96288 C:\windows\system32\dwrite.dll
MD5: 0411b7958c524bb2e91ee1b3035fe321 C:\windows\system32\dxgi.dll
MD5: 8b88ebbb05a0e56b7dcc708498c02b3e C:\windows\system32\Explorer.exe
MD5: e2a17bcc08d92f42e08af6ba2f93aba7 C:\windows\system32\explorerframe.dll
MD5: 03a03a453f1aaae0c73aaaf895321c7a C:\windows\System32\fwpuclnt.dll
MD5: 7fdc03396b18b57880978e68c5e57832 C:\windows\system32\igd10umd32.dll
MD5: a6f09e5669d9a19035f6d942caa15882 C:\windows\system32\IMM32.DLL
MD5: a90dc9abd65db1a8902f361103029952 C:\windows\system32\IPHLPAPI.DLL
MD5: 243974ec02f7ae49e4179c54624143ab C:\windows\System32\MMDevApi.dll
MD5: 7f8678c59f188528d60104e697c2361e C:\windows\system32\mscms.dll
MD5: eee470f2a771fc0b543bdeef74fceca0 C:\windows\system32\msiexec.exe
MD5: 8999b8631c7fd9f7f9ec3cafd953ba24 C:\windows\system32\mswsock.dll
MD5: 104a1070e90f1c530328e69b49718841 C:\windows\system32\NLAapi.dll
MD5: eb77db354791a5932ca559b6f6374e95 C:\windows\system32\ntshrui.dll
MD5: 414bba67a3ded1d28437eb66aeb8a720 C:\windows\system32\pla.dll
MD5: 12c45e3cb6d65f73209549e2d02eca7a C:\windows\System32\PROPSYS.dll
MD5: dbc02d918fff1cad628acbe0c0eaa8e8 C:\windows\system32\provsvc.dll
MD5: 5997d769cdb108390dcfaebf442bf816 C:\windows\system32\RpcRtRemote.dll
MD5: 0915c4db6dbc3bb9e11b7ecbbe4b7159 C:\windows\system32\rtutils.dll
MD5: 236f286e103fd44bd85fdd93097fd5dd C:\windows\system32\SearchIndexer.exe
MD5: a8ce0c7f1d37e0b8082608a148b6b976 C:\windows\system32\Secur32.dll
MD5: 4ae380f39a0032eab7dd953030b26d28 C:\windows\system32\sessenv.dll
MD5: be247ae996a9fde007a27b51413a6c79 C:\windows\system32\shdocvw.dll
MD5: 414da952a35bf5d50192e28263b40577 C:\windows\System32\shsvcs.dll
MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C:\windows\system32\srvcli.dll
MD5: 613bf4820361543956909043a265c6ac C:\windows\System32\tapisrv.dll
MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C:\windows\system32\USERENV.dll
MD5: 61ac3efdfacfdd3f0f11dd4fd4044223 c:\windows\system32\userinit.exe
MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a C:\windows\system32\wbem\fastprox.dll
MD5: 704314fd398c81d5f342caa5df7b7f21 C:\windows\system32\wbemcomn.dll
MD5: 34eee0dfaadb4f691d6d5308a51315dc C:\windows\System32\wcncsvc.dll
MD5: a9d880f97530d5b8fee278923349929d C:\windows\System32\webclnt.dll
MD5: 1db71a41daee6b3f8cd0dda8209fa2d5 C:\windows\system32\WindowsCodecs.dll
MD5: ca9f7888b524d8100b977c81f44c3234 C:\windows\System32\winhttp.dll
MD5: d5aefad57c08349a4393d987df7c715d C:\windows\system32\WINMM.dll
MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C:\windows\system32\WINSPOOL.DRV
MD5: 1b91cd34ea3a90ab6a4ef0550174f4cc C:\windows\system32\WsmSvc.dll
MD5: 95e2376b3323f062eb562b8586d0f14a C:\windows\syswow64\ADVAPI32.dll
MD5: f436e847fa799ecd75ad8c313673f450 C:\windows\syswow64\CFGMGR32.dll
MD5: d1de1eafde97be41cf6585027ff3e732 C:\windows\syswow64\COMDLG32.dll
MD5: 454e292861a4ef1d72f43f42bbaf6917 C:\windows\syswow64\CRYPT32.dll
MD5: 2eeff4502f5e13b1bed4a04ccad64c08 C:\windows\syswow64\DEVOBJ.dll
MD5: d6d3ad7bf1d6f6ce9547613ed5e170a2 C:\windows\syswow64\GDI32.dll
MD5: 691e93028b8723e05b4a637be77380dd c:\windows\syswow64\ieframe.dll
MD5: 1416ab557be700fa117323b6b8f32882 C:\windows\syswow64\iertutil.dll
MD5: a6f09e5669d9a19035f6d942caa15882 C:\windows\syswow64\IMM32.dll
MD5: 99c3f8e9cc59d95666eb8d8a8b4c2beb C:\windows\syswow64\kernel32.dll
MD5: 5c2d21c9b6b6175b89bc5d7e3cb979e1 C:\windows\syswow64\KERNELBASE.dll
MD5: 938f39b50bafe13d6f58c7790682c010 C:\windows\syswow64\MSASN1.dll
MD5: d124f55b9393c976963407dff51ffa79 C:\windows\SysWOW64\ntdll.dll
MD5: 928cf7268086631f54c3d8e17238c6dd C:\windows\syswow64\ole32.dll
MD5: 6c765e82b57f2e66ce9c54ac238471d9 C:\windows\syswow64\OLEAUT32.dll
MD5: c5ad8083cf94201f1f8084ecc696a8b7 C:\windows\syswow64\RPCRT4.dll
MD5: 10fb16b50affda6d44588f3c445dc273 C:\windows\syswow64\SETUPAPI.dll
MD5: 16ab4bd2acc52109f43739bf0e89e18f C:\windows\syswow64\SHELL32.dll
MD5: 8cc3c111d653e96f3ea1590891491d71 C:\windows\syswow64\SHLWAPI.dll
MD5: 7224d964a6d657374c551c878eb2c386 C:\windows\syswow64\SspiCli.dll
MD5: 814638f572f497d96b17bf254113d9a4 C:\windows\syswow64\urlmon.dll
MD5: 5e0db2d8b2750543cd2ebb9ea8e6cdd3 C:\windows\syswow64\USER32.dll
MD5: 804aaafebb3ad5f49334dd906bcb1de5 C:\windows\syswow64\USP10.dll
MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\syswow64\webcheck.dll
MD5: 02f98b5c0e397ad06124d84428cf8f1a C:\windows\syswow64\WININET.dll
MD5: 2d0d2da87bea7144f2a17f19d0d17e4c C:\windows\syswow64\WINTRUST.dll
MD5: a8bb45f9ecad993461e0fef8e2a99152 C:\windows\syswow64\WLDAP32.dll
MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\windows\syswow64\WS2_32.dll
MD5: a3c190d644e88de5872fc7fec7377e35 C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCP80.dll
MD5: 5ff5e12f28725d14caa3b408848adffc C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80.dll
MD5: 352b3dc62a0d259a82a052238425c872 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
MD5: cf60ab7b8b6710d8fb6e2561d8cfb38f D:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
MD5: 11cca710674739e3db8f7450a5b650b6 D:\Program Files (x86)\Mozilla Firefox\firefox.exe
MD5: 87fe7afbf52ef4ffb15536e5db8055b3 D:\Program Files (x86)\Mozilla Firefox\freebl3.dll
MD5: c506b249c1dccb4f501b1fa40f86378a D:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
MD5: 3a3b3053cf68edd6b6d9413e0bc4a595 D:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MD5: b4c9ca30e7a6c113e4c05eba214626d0 D:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
MD5: 79edfc335aea6a3a7d4c1d20c3c9432a D:\Program Files (x86)\Mozilla Firefox\mozutils.dll
MD5: e9ba5ae52561b8f96e4bdc5706d10e5c D:\Program Files (x86)\Mozilla Firefox\nspr4.dll
MD5: 661347d17b175939accf63a8ff6404c0 D:\Program Files (x86)\Mozilla Firefox\nss3.dll
MD5: a6cf050b542c949b0208a0669287f7a2 D:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
MD5: 7bb247a365f0b50292446299835c7d5d D:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
MD5: 0c6bfbb3715254dbc1b28cdda406e670 D:\Program Files (x86)\Mozilla Firefox\nssutil3.dll
MD5: 9d705f101657633ce52b194a68b9fbad D:\Program Files (x86)\Mozilla Firefox\plc4.dll
MD5: 74395aeefcf091f6b03cf6d04330b1ef D:\Program Files (x86)\Mozilla Firefox\plds4.dll
MD5: 0619c9e7a3682c54bd226a831897cd06 D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
MD5: 29e7bd8b61184602a20f14a50b54c6ad D:\Program Files (x86)\Mozilla Firefox\smime3.dll
MD5: 97ef26a108e601128762e7c9bc09b80c D:\Program Files (x86)\Mozilla Firefox\softokn3.dll
MD5: 76f92c677c3dc3afcb441c2270f137fc D:\Program Files (x86)\Mozilla Firefox\ssl3.dll
MD5: 23777bb7976557948825e96e853d77e9 D:\Program Files (x86)\Mozilla Firefox\xpcom.dll
MD5: a66ab262a8f0715037ce3cceca984a39 D:\Program Files (x86)\Mozilla Firefox\xul.dll

No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.02 MB sent, 0.64 KB recvd
Scanned 211 files and modules - 14 seconds

==============================================================================
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

to forum · permalink · 2012-01-01 11:26:55 ·

LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23

reply to shovelhead

Re: Been taken over

What anti-virus program was installed at the time of the infection? The logs do not show one as being installed.

to forum · permalink · 2012-01-01 15:01:28 ·

shovelhead

join:2012-01-01
Sparks, NV

I had that kalipski how ever yu spell it went round and round with there tech guy. i said they were infected he said everything was fine. so i had the eset 5 and when i did system restore i couldnt domnload and your instructions dont make changes i also had windows defender.. i really appriciate the get back.. happy new year.

to forum · permalink · 2012-01-01 15:50:29 ·

LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23

Reviews:

·Comcast

reply to shovelhead
Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found.

You find link(s) and instructions here:
»Security Cleanup FAQ »Rootkit Detection Applications
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2012-01-01 16:17:45 ·

shovelhead

join:2012-01-01
Sparks, NV

reply to shovelhead
could not get the sophos scan to scan running procces's.. tryed safe mode different sites..but here is what i did get

to forum · permalink · 2012-01-01 18:53:49 ·

LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23

reply to shovelhead
Post the Sophos log, please. Don't worry about the runnnig processes being scanned,.

Also, the logs show you had Combofix installed recently. If still available, post that log as well. It should be at c:\combofix.txt, if still there.

to forum · permalink · 2012-01-01 19:58:44 ·

shovelhead

join:2012-01-01
Sparks, NV

1 edit

ComboFix.txt 32,569 bytes

sarscan.log 2,077 bytes

said by LoPhatPhuud:

Post the Sophos log, please. Don't worry about the runnnig processes being scanned,.

Also, the logs show you had Combofix installed recently. If still available, post that log as well. It should be at c:\combofix.txt, if still there.

Here You go, again thanks...
cant remember the name exactly but was told it works off windows installer or some kind of smart starter...My network connection got all crazy on me but I do have guests that's why it took so long to get back..

a

a

to forum · permalink · 2012-01-01 23:42:53 ·

lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:51

Reviews:

·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery

ComboFix

ComboFix 11-12-31.03 - me 12/30/2011 8:07.2.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4010.3294 [GMT -8:00]
Running from: c:\users\me\Downloads\shovel.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-30 16:09 . 2011-12-30 16:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-30 15:50 . 2011-12-30 15:58 -------- d-----w- c:\programdata\Network Security Task Manager
2011-12-30 15:35 . 2011-12-30 15:48 -------- d-----w- c:\programdata\SecTaskMan
2011-12-30 15:22 . 2011-12-30 15:22 -------- d-----w- c:\programdata\Martau
2011-12-30 13:08 . 2011-12-30 13:08 -------- d-----w- c:\programdata\Kodak
2011-12-30 13:08 . 2010-09-02 23:31 232960 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EKIJ5000PPR.dll
2011-12-30 13:01 . 2011-12-30 13:01 -------- d-----w- c:\windows\SysWow64\Wat
2011-12-30 13:01 . 2011-12-30 13:01 -------- d-----w- c:\windows\system32\Wat
2011-12-30 06:23 . 2011-12-30 13:07 -------- d-----w- C:\shovel
2011-12-30 06:15 . 2011-12-30 06:16 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-12-30 06:15 . 2011-12-30 06:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-30 05:45 . 2011-05-04 05:22 778752 ----a-w- c:\windows\system32\mssvp.dll
2011-12-30 05:37 . 2011-12-30 05:37 -------- d-----w- c:\windows\system32\kodak
2011-12-30 05:30 . 2011-12-30 05:34 -------- d-----w- c:\program files (x86)\Network Security Task Manager
2011-12-30 04:40 . 2011-12-30 15:35 -------- d-----w- c:\program files (x86)\Security Task Manager
2011-12-30 04:31 . 2011-12-30 04:31 -------- d-----w- c:\program files\Elantech
2011-12-30 04:31 . 2011-12-30 04:34 -------- d-----w- c:\users\me
2011-12-30 04:30 . 2011-12-30 04:30 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-30 05:51 . 2010-06-24 02:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-30_13.04.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2011-12-30 16:12 27176 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-30 16:12 38048 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-30 13:17 . 2011-12-30 13:02 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2009-07-14 05:30 . 2011-12-30 06:30 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-12-30 15:27 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-05-10 02:13 . 2011-12-30 13:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-10 02:13 . 2011-12-30 06:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-10 02:13 . 2011-12-30 06:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-10 02:13 . 2011-12-30 13:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-30 13:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-30 06:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-30 13:07 . 2011-12-30 13:07 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\c066431266a5b4c8326779d12542161c\PresentationCFFRasterizer.ni.dll
+ 2011-12-30 13:04 . 2011-12-30 13:04 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\e6aabbfb38a14559712fdf51064ff3a1\Microsoft.VisualC.ni.dll
+ 2011-12-30 13:06 . 2011-12-30 13:06 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\d301e1d96d4f39f15482db09206f1fb1\Accessibility.ni.dll
+ 2011-12-30 13:09 . 2011-12-30 13:09 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
+ 2011-12-30 13:09 . 2011-12-30 13:09 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\7681b87de3ecee06390331f0fab14c93\PresentationCFFRasterizer.ni.dll
+ 2011-12-30 13:08 . 2011-12-30 13:08 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\3cb6023aa6ab962babcee9c0ec8991de\Microsoft.VisualC.ni.dll
+ 2011-12-30 13:09 . 2011-12-30 13:09 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
+ 2011-12-30 05:52 . 2011-12-30 16:12 1980 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-218970663-3732740050-1947231599-1000_UserData.bin
- 2011-12-30 13:02 . 2011-12-30 13:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-30 16:10 . 2011-12-30 16:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-30 13:02 . 2011-12-30 13:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-30 16:10 . 2011-12-30 16:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-02 23:38 . 2010-09-02 23:38 481280 c:\windows\system32\spool\drivers\x64\3\EKIJ5000SDK.dll
+ 2010-09-02 23:39 . 2010-09-02 23:39 114688 c:\windows\system32\spool\drivers\x64\3\EKIJ5000RES.dll
+ 2010-09-02 23:38 . 2010-09-02 23:38 773120 c:\windows\system32\spool\drivers\x64\3\EKIJ5000PRE.exe
+ 2010-09-02 23:39 . 2010-09-02 23:39 204800 c:\windows\system32\spool\drivers\x64\3\EKIJ5000PRE.dll
+ 2010-09-02 23:39 . 2010-09-02 23:39 970752 c:\windows\system32\spool\drivers\x64\3\EKIJ5000MUI.dll
+ 2009-07-14 02:36 . 2011-12-30 13:32 615122 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-30 13:32 103496 c:\windows\system32\perfc009.dat
+ 2010-09-02 23:36 . 2010-09-02 23:36 141312 c:\windows\system32\EKIJCOINST09.dll
+ 2010-09-02 23:31 . 2010-09-02 23:31 612352 c:\windows\system32\EKIJ5000MON.dll
- 2009-07-14 05:30 . 2011-12-30 06:30 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-12-30 15:27 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-12-30 15:27 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-12-30 05:37 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-12-30 13:07 . 2011-12-30 13:07 253952 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationTypes\344ac206baaadddc6f7c5fb8ae189b1a\UIAutomationTypes.ni.dll
+ 2011-12-30 13:07 . 2011-12-30 13:07 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationProvider\7a61dc7e8c606d1ed2c703cbeae2f8ef\UIAutomationProvider.ni.dll
+ 2011-12-30 13:06 . 2011-12-30 13:06 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\d78f9ad8894e441f38d96697bee1d6fa\System.Web.RegularExpressions.ni.dll
+ 2011-12-30 13:05 . 2011-12-30 13:05 921600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\f15a8af412d84b1fd14fc735fb5834f5\System.Transactions.ni.dll
+ 2011-12-30 13:06 . 2011-12-30 13:06 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\8428a82fd82a1ef1d3dab07be67dd78f\System.ServiceProcess.ni.dll
+ 2011-12-30 13:05 . 2011-12-30 13:05 928768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\a3202e5eeb5c84ca6d5453b50c28e1af\System.Security.ni.dll
+ 2011-12-30 13:05 . 2011-12-30 13:05 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\b3b42692707c0f555807def0c4acefe3\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-12-30 13:05 . 2011-12-30 13:05 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\4b0fd98f11e1e243efcfb810c170decf\System.EnterpriseServices.Wrapper.dll
+ 2011-12-30 13:06 . 2011-12-30 13:06 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\4026f724cc80f1beb4450d3286d93c0d\System.Drawing.Design.ni.dll
+ 2011-12-30 13:06 . 2011-12-30 13:06 649728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\ea326d1e49d4824358eb5826fe52921a\System.DirectoryServices.Protocols.ni.dll
+ 2011-12-30 13:06 . 2011-12-30 13:06 192000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\7d99138fb23b6c17aa205d49c6bfce9e\System.Configuration.Install.ni.dll
+ 2011-12-30 13:08 . 2011-12-30 13:08 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\a4757ccc20fa4dac96856aaaea05ffaa\PresentationFramework.Royale.ni.dll
+ 2011-12-30 13:08 . 2011-12-30 13:08 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\9ab2ddfc6ccc7d84144aa45fc86969a1\PresentationFramework.Luna.ni.dll
+ 2011-12-30 13:08 . 2011-12-30 13:08 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\631667d5c4e1f0beee46c82e316ed0cb\PresentationFramework.Aero.ni.dll
+ 2011-12-30 13:08 . 2011-12-30 13:08 282624 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\2de40f08930236c079d2653ade704bfc\PresentationFramework.Classic.ni.dll
+ 2011-12-30 13:04 . 2011-12-30 13:04 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\c0673b635e9f01e3084c383e1cc689e5\Microsoft.MediaCenter.Interop.ni.dll
+ 2011-12-30 13:04 . 2011-12-30 13:04 145408 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\0de7a02857c6041bc2c86c1db3ca8c23\ehiUserXp.ni.dll
+ 2011-12-30 13:09 . 2011-12-30 13:09 185344 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\93df5ea9646ad11a21517e4ab1d803d9\UIAutomationTypes.ni.dll
+ 2011-12-30 13:10 . 2011-12-30 13:10 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\54aff110093134e12558e26c7a038eb7\System.Web.RegularExpressions.ni.dll
+ 2011-12-30 13:09 . 2011-12-30 13:09 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll
+ 2011-12-30 13:10 . 2011-12-30 13:10 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
+ 2011-12-30 13:09 . 2011-12-30 13:09 680448 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\ccba14fc93de40f4f53d401f07b9bcb8\System.Security.ni.dll
+ 2011-12-30 13:09 . 2011-12-30 13:09 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\680689b01ddb7fbe11478caf8cb71d3c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-12-30 13:09 . 2011-12-30 13:09 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
+ 2011-12-30 13:09 . 2011-12-30 13:09 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.Wrapper.dll
+ 2011-12-30 13:09 . 2011-12-30 13:09 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.ni.dll
+ 2011-12-30 13:10 . 2011-12-30 13:10 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\8aa064c925a6b6bc885c3bd5bb1f4149\System.Drawing.Design.ni.dll
+ 2011-12-30 13:10 . 2011-12-30 13:10 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a5df8714e91f2e7d0f76081b6581d071\System.DirectoryServices.Protocols.ni.dll
+ 2011-12-30 13:08 . 2011-12-30 13:08 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
+ 2011-12-30 13:10 . 2011-12-30 13:10 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\66a5094e521e34aecd51e4bae30ac266\System.Configuration.Install.ni.dll
+ 2011-12-30 13:10 . 2011-12-30 13:10 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\aae0c17e133300ab45fb897647cdd8d7\PresentationFramework.Luna.ni.dll
+ 2011-12-30 13:10 . 2011-12-30 13:10 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9ad023d8c5d5925e50b96c0d63da0235\PresentationFramework.Royale.ni.dll
+ 2011-12-30 13:10 . 2011-12-30 13:10 226816 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7b57fb7ab01951581394186c32cd278b\PresentationFramework.Classic.ni.dll
+ 2011-12-30 13:10 . 2011-12-30 13:10 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
+ 2010-09-02 23:32 . 2010-09-02 23:32 3291648 c:\windows\system32\spool\drivers\x64\3\EKIJ5000UIP.dll
+ 2010-09-02 23:32 . 2010-09-02 23:32 5778432 c:\windows\system32\spool\drivers\x64\3\EKIJ5000RRS.dll
+ 2010-09-02 23:37 . 2010-09-02 23:37 2045440 c:\windows\system32\spool\drivers\x64\3\EKIJ5000MUI.exe
+ 2009-07-14 02:34 . 2011-12-30 13:10 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-12-30 13:02 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-12-30 13:06 . 2011-12-30 13:06 4962816 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\bb70e6c85f728c359f1853e2d994dbae\WindowsBase.ni.dll
+ 2011-12-30 13:05 . 2011-12-30 13:05 6948864 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml\372dfe1a5b9ed9217b0f491ba07745d2\System.Xml.ni.dll
+ 2011-12-30 13:08 . 2011-12-30 13:08 2711040 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\4dff7cd87ca3c2b4766898d8ab2b701e\System.Workflow.Runtime.ni.dll
+ 2011-12-30 13:08 . 2011-12-30 13:08 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\7575dfd3d615f498728448fe8e8571b6\System.Workflow.ComponentModel.ni.dll
+ 2011-12-30 13:08 . 2011-12-30 13:08 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\8f3e0e38f4edce4c92b35942dac4ad17\System.Workflow.Activities.ni.dll
+ 2011-12-30 13:06 . 2011-12-30 13:06 2292224 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\fca39e613dab0ed1907ed299c66af60c\System.Web.Services.ni.dll
+ 2011-12-30 13:05 . 2011-12-30 13:05 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\c0d09348275441e052c0ffbac86ce961\System.Runtime.Remoting.ni.dll
+ 2011-12-30 13:08 . 2011-12-30 13:08 1463808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\ea01287229d87b63089ee4fa545d70a3\System.Printing.ni.dll
+ 2011-12-30 13:05 . 2011-12-30 13:05 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\4b0fd98f11e1e243efcfb810c170decf\System.EnterpriseServices.ni.dll
+ 2011-12-30 13:05 . 2011-12-30 13:05 2311168 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\7913f5c6b6fc7a75b2b8f558bb7b5568\System.Drawing.ni.dll
+ 2011-12-30 13:05 . 2011-12-30 13:05 1640448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\3623e2ad193bcccf00ac1107d4f62236\System.DirectoryServices.ni.dll
+ 2011-12-30 13:06 . 2011-12-30 13:06 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\9c394336e3ce35330907d1c51c47951c\System.Deployment.ni.dll
+ 2011-12-30 13:05 . 2011-12-30 13:05 8681472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\4cfb4616eb3af7f91c1ea7113465860b\System.Data.ni.dll
+ 2011-12-30 13:05 . 2011-12-30 13:05 3463680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\32cf78868a7f90ad05525253a2540e1f\System.Data.SqlXml.ni.dll
+ 2011-12-30 13:06 . 2011-12-30 13:06 1506816 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\03c0fa3f53e9ddf45a7dce06ae740de8\System.Data.OracleClient.ni.dll
+ 2011-12-30 13:04 . 2011-12-30 13:04 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\fe860189c078d45125ca6366495fd414\System.Configuration.ni.dll
+ 2011-12-30 13:08 . 2011-12-30 13:08 3116032 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\c9ead0d73ee0c798c1509479797611d8\ReachFramework.ni.dll
+ 2011-12-30 13:08 . 2011-12-30 13:08 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\fd07cec48ab260c1a27c19b37466369f\PresentationUI.ni.dll
+ 2011-12-30 13:04 . 2011-12-30 13:04 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\de245e928d08b5c295917878e23b252c\Microsoft.MediaCenter.UI.ni.dll
+ 2011-12-30 13:09 . 2011-12-30 13:09 3347968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
+ 2011-12-30 13:08 . 2011-12-30 13:08 7963648 c:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
+ 2011-12-30 13:09 . 2011-12-30 13:09 5453312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
+ 2011-12-30 13:10 . 2011-12-30 13:10 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\25c595befc09535789e253bc3303a0a1\System.Workflow.Runtime.ni.dll
+ 2011-12-30 13:10 . 2011-12-30 13:10 4515840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\5180b502a692be127171633d9c9f139f\System.Workflow.ComponentModel.ni.dll
+ 2011-12-30 13:10 . 2011-12-30 13:10 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b3b0f81b0a7bd437fa2d65fac020d732\System.Workflow.Activities.ni.dll
+ 2011-12-30 13:10 . 2011-12-30 13:10 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a512243ee9900e621fb8cd990a9c679d\System.Web.Services.ni.dll
+ 2011-12-30 13:09 . 2011-12-30 13:09 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\a18184c1609b655455395c522bd9054f\System.Printing.ni.dll
+ 2011-12-30 13:09 . 2011-12-30 13:09 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
+ 2011-12-30 13:09 . 2011-12-30 13:09 1117184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f78fa584bb78607b65e8872d925a96af\System.DirectoryServices.ni.dll
+ 2011-12-30 13:09 . 2011-12-30 13:09 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\dd2070ee8e6e28ac8dc658404c50ebde\System.Deployment.ni.dll
+ 2011-12-30 13:09 . 2011-12-30 13:09 6611456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
+ 2011-12-30 13:09 . 2011-12-30 13:09 2508288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\7bfd55df5c38d128885251b92e392943\System.Data.SqlXml.ni.dll
+ 2011-12-30 13:10 . 2011-12-30 13:10 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\1171b168dc6db0132146d8e26ae00d22\System.Data.OracleClient.ni.dll
+ 2011-12-30 13:09 . 2011-12-30 13:09 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\eb6d83d30262cb6d1b6f2a47dcf8a37d\ReachFramework.ni.dll
+ 2011-12-30 13:09 . 2011-12-30 13:09 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\79f71b891de1584cdcce378e22f047ee\PresentationUI.ni.dll
+ 2011-12-30 13:04 . 2011-12-30 13:04 10618880 c:\windows\assembly\NativeImages_v2.0.50727_64\System\8c862eb9bcba031e1479974a7d62aa0b\System.ni.dll
+ 2011-12-30 13:06 . 2011-12-30 13:06 17379840 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\bc4df91390f1b827ecb62a2edd0d1894\System.Windows.Forms.ni.dll
+ 2011-12-30 13:05 . 2011-12-30 13:05 15249408 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\93cc78cbd13e319ffaba642c2f7a513a\System.Web.ni.dll
+ 2011-12-30 13:06 . 2011-12-30 13:06 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\f52ae9aeb5bb355a66b3d8ffea6fdd32\System.Design.ni.dll
+ 2011-12-30 13:08 . 2011-12-30 13:08 19195392 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\92eba0d443a423072e9c4b7ca1eec4cd\PresentationFramework.ni.dll
+ 2011-12-30 13:07 . 2011-12-30 13:07 16540160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\11214511a256f136b8425bdd316b47c9\PresentationCore.ni.dll
+ 2011-12-30 13:04 . 2011-12-30 13:04 15568384 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\1d2d3e57724bcacaea5e41063dc565c1\mscorlib.ni.dll
+ 2011-12-30 13:09 . 2011-12-30 13:09 12433408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
+ 2011-12-30 13:10 . 2011-12-30 13:10 11819520 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
+ 2011-12-30 13:10 . 2011-12-30 13:10 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\140798ae061bae9c9110c07d018b66fd\System.Design.ni.dll
+ 2011-12-30 13:09 . 2011-12-30 13:09 14339072 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
+ 2011-12-30 13:09 . 2011-12-30 13:09 12234752 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
+ 2011-12-30 13:08 . 2011-12-30 13:08 11490304 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl10"="c:\program files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe" [2010-09-20 87336]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 NetTaskAgent;Network Security Task Manager Service;c:\program files (x86)\Network Security Task Manager\NetTaskAgent.exe [2009-02-24 268664]
R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
R3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NDISTAPI
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-27 11780712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-14 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-14 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-14 418328]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll
TCP: DhcpNameServer = 24.205.192.61 24.205.224.36 68.116.46.115
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
c:\program files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
c:\program files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
c:\program files (x86)\Samsung\Samsung Update Plus\SUpClientApp.exe
c:\program files (x86)\Samsung\Samsung Update Plus\SUPWebService.exe
.
**************************************************************************
.
Completion time: 2011-12-30 08:16:26 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-30 16:16
ComboFix2.txt 2011-12-30 13:07
.
Pre-Run: 219,249,229,824 bytes free
Post-Run: 219,107,143,680 bytes free
.
- - End Of File - - 2A0F340B838F89C082E5DB89BF04D086
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

to forum · permalink · 2012-01-01 23:52:39 ·

lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:51

Reviews:

·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery

reply to shovelhead

Sophos

Sophos Anti-Rootkit Version 1.5.20 (c) 2009 Sophos Plc
Started logging on 12/31/2011 at 14:22:14 PM
User "me" on computer "ROSIE"
Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Info: Starting disk scan of D: (NTFS).
Stopped logging on 12/31/2011 at 14:38:21 PM

Sophos Anti-Rootkit Version 1.5.20 (c) 2009 Sophos Plc
Started logging on 12/31/2011 at 15:00:26 PM
User "me" on computer "ROSIE"
Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).

Sophos Anti-Rootkit Version 1.5.20 (c) 2009 Sophos Plc
Started logging on 12/31/2011 at 15:01:57 PM
User "me" on computer "ROSIE"
Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).

Sophos Anti-Rootkit Version 1.5.20 (c) 2009 Sophos Plc
Started logging on 12/31/2011 at 15:10:36 PM
User "me" on computer "ROSIE"
Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).

Sophos Anti-Rootkit Version 1.5.20 (c) 2009 Sophos Plc
Started logging on 12/31/2011 at 15:11:41 PM
User "me" on computer "ROSIE"
Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Info: Starting disk scan of D: (NTFS).
Stopped logging on 12/31/2011 at 15:30:06 PM

Sophos Anti-Rootkit Version 1.5.20 (c) 2009 Sophos Plc
Started logging on 12/31/2011 at 15:36:19 PM
User "me" on computer "ROSIE"
Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
Info: Starting registry scan.

Sophos Anti-Rootkit Version 1.5.20 (c) 2009 Sophos Plc
Started logging on 12/31/2011 at 15:42:51 PM
User "me" on computer "ROSIE"
Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
Info: Starting registry scan.
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

to forum · permalink · 2012-01-01 23:53:03 ·

LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23

Reviews:

·Comcast

reply to shovelhead

Re: Been taken over

There is a small chance that an infection exists and we can check for that with a bootable Ksapersky scanner.

However, there is nothing showing in the logs. Whatever the cause, I believe your Operating System has become unstable.

At this point, your best option is to save all valuable data, then reformat and re-install.

Let me know which way you want to go. Note, that if the Kaspersky scan returns clean, and I expect it will, then we are back at reformat.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2012-01-02 11:53:41 ·

shovelhead

join:2012-01-01
Sparks, NV

1 edit

reply to shovelhead
What ever you think is best..

to forum · permalink · 2012-01-02 17:40:05 ·

LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23

Reviews:

·Comcast

reply to shovelhead
Reformat and re-install is the best solution.

I don't take it lightly. My goal, once any exploits are gone, is to make sure that your system is stable. One an OS has been compromised, it's best to start over.

Good Luck...
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2012-01-02 19:18:49 ·

shovelhead

join:2012-01-01
Sparks, NV

i appreciate what you have done.. but agin my network has been compromised so if i reformat they just cme back.. i spend more time trying to get to a place that will help.. i think this is a security issue i thought that is where i was

to forum · permalink · 2012-01-02 23:13:57 ·

LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23

Reviews:

·Comcast

reply to shovelhead
If you reformat and the infection comes back, then you need to check each computer on the network and reformat if required. What you are describing is not usual.

Use a USB drive or CD to save all the required programs. Disconnect all computers from the internet and from each other (normally at your router), then follow the mandatory steps for each computer on your network. Post the logs here, using a new thread for each computer. (this avoids confusion and mistakes)

As needed for updates and posting logs, attach each computer to the network then detach once done.

Doing this will isolate the computers from the network and from each other until all are clean.

I would also advise resetting your router to factory defaults, then reapplying any custom settings. Do this once all computers have been disconnected from the network.

Note the this is a malware removal forum, not a general purpose security forum. The Security Forum can help you with Network security and individual computer security.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2012-01-03 11:39:58 ·

Broadband Tech > Security > Security Cleanup > Been taken over

Been taken over

MBAM

OTL

EXTRAS

A/V Online Scan

Re: Been taken over

ComboFix

Sophos

Re: Been taken over