1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Can't See Any Files or Programs

Discussion in 'Malware and Virus Removal Archive' started by wealthymike, 2011/10/27.

Thread Status:
Not open for further replies.
Page 2 of 2
  1. 2011/10/28
    wealthymike

    wealthymike Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    112
    Likes Received:
    0
    + 2011-05-02 04:06 . 2011-05-02 04:06 2705920 c:\windows\Installer\5f6f08.msp
    + 2011-08-10 21:43 . 2011-08-10 21:43 3795968 c:\windows\Installer\5f6f01.msp
    + 2011-04-29 16:28 . 2011-04-29 16:28 1995264 c:\windows\Installer\5f6ef0.msp
    + 2011-09-07 01:46 . 2011-09-07 01:46 9006080 c:\windows\Installer\5f6ed9.msp
    + 2011-08-10 21:42 . 2011-08-10 21:42 7070208 c:\windows\Installer\5f6e90.msp
    + 2011-04-29 16:27 . 2011-04-29 16:27 4158464 c:\windows\Installer\5f6e7f.msp
    + 2011-09-07 01:48 . 2011-09-07 01:48 8181248 c:\windows\Installer\5f6e6d.msp
    + 2011-07-27 11:39 . 2011-07-27 11:39 9892352 c:\windows\Installer\5f6e5c.msp
    + 2010-11-21 03:33 . 2010-11-21 03:33 1980928 c:\windows\Installer\5f6e4b.msp
    + 2011-02-24 00:36 . 2011-02-24 00:36 1583104 c:\windows\Installer\1e6c48.msi
    + 2009-01-20 19:19 . 2011-09-24 05:14 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
    - 2009-01-20 19:19 . 2010-12-15 08:05 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
    + 2009-04-03 23:21 . 2009-04-03 23:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\OARTCONV.DLL
    + 2011-10-14 07:03 . 2011-06-21 18:45 1168896 c:\windows\ie7updates\KB2586448-IE7\urlmon.dll
    + 2011-10-14 07:03 . 2011-07-22 16:35 3613696 c:\windows\ie7updates\KB2586448-IE7\mshtml.dll
    + 2011-10-14 07:03 . 2011-06-21 18:45 6076416 c:\windows\ie7updates\KB2586448-IE7\ieframe.dll
    + 2011-09-24 05:03 . 2010-12-20 23:08 1168384 c:\windows\ie7updates\KB2559049-IE7\urlmon.dll
    + 2011-09-24 05:03 . 2010-12-20 23:08 3606528 c:\windows\ie7updates\KB2559049-IE7\mshtml.dll
    + 2011-09-24 05:03 . 2010-12-20 23:08 6075904 c:\windows\ie7updates\KB2559049-IE7\ieframe.dll
    + 2011-02-09 08:02 . 2010-11-06 00:34 1168384 c:\windows\ie7updates\KB2482017-IE7\urlmon.dll
    + 2011-02-09 08:02 . 2010-11-06 00:34 3604480 c:\windows\ie7updates\KB2482017-IE7\mshtml.dll
    + 2011-02-09 08:02 . 2010-11-06 00:34 6075904 c:\windows\ie7updates\KB2482017-IE7\ieframe.dll
    + 2011-10-14 07:01 . 2011-10-14 07:01 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_ea0c6a78\System.dll
    + 2011-10-14 07:03 . 2011-10-14 07:03 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_6b2d5aec\System.dll
    + 2011-10-14 07:02 . 2011-10-14 07:02 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_f6e81041\System.Xml.dll
    + 2011-10-14 07:03 . 2011-10-14 07:03 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_797ba0b3\System.Xml.dll
    + 2011-10-14 07:03 . 2011-10-14 07:03 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_f59ac5b2\System.Windows.Forms.dll
    + 2011-10-14 07:02 . 2011-10-14 07:02 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_dcd9aec2\System.Windows.Forms.dll
    + 2011-10-14 07:03 . 2011-10-14 07:03 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_87e786f4\System.Drawing.dll
    + 2011-10-14 07:03 . 2011-10-14 07:03 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_bc5b0646\System.Design.dll
    + 2011-10-14 07:02 . 2011-10-14 07:02 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_08db7f55\System.Design.dll
    + 2011-10-14 07:03 . 2011-10-14 07:03 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_ac1aa4cb\mscorlib.dll
    + 2011-10-14 07:04 . 2011-10-14 07:04 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_78199dce\mscorlib.dll
    + 2011-10-14 07:23 . 2011-10-14 07:23 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f7a7354ec8caf25b925dacddd4708895\WindowsLive.Writer.ApplicationFramework.ni.dll
    + 2011-10-14 07:23 . 2011-10-14 07:23 2002944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\83940c528eed55bd159cf9ec64bd6a7f\WindowsLive.Writer.CoreServices.ni.dll
    + 2011-10-14 07:22 . 2011-10-14 07:22 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\10d171bdddc43882948ad0e286a4da5e\WindowsLive.Writer.PostEditor.ni.dll
    + 2011-10-14 07:14 . 2011-10-14 07:14 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll
    + 2011-10-14 07:19 . 2011-10-14 07:19 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\55d4813580b1e5d268ff0564942cee9c\UIAutomationClientsideProviders.ni.dll
    + 2011-10-14 07:14 . 2011-10-14 07:14 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
    + 2011-10-14 07:19 . 2011-10-14 07:19 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
    + 2011-10-14 07:28 . 2011-10-14 07:28 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\17902fdb0e0d3bc8b49bce693415fe7e\System.WorkflowServices.ni.dll
    + 2011-10-14 07:28 . 2011-10-14 07:28 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\f72c5f649951b0403e62bfab6c453e6f\System.Workflow.Runtime.ni.dll
    + 2011-10-14 07:27 . 2011-10-14 07:27 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\0aa4f4174204c93cc5181df4a6b2fb09\System.Workflow.ComponentModel.ni.dll
    + 2011-10-14 07:27 . 2011-10-14 07:27 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\921629dc69a5a895101097c88ae67897\System.Workflow.Activities.ni.dll
    + 2011-10-14 07:23 . 2011-10-14 07:23 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6303e256d2ac0843c3e4c24172c90544\System.Web.Services.ni.dll
    + 2011-10-14 07:27 . 2011-10-14 07:27 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\f5dac0448a1dbe2687a5df92904d6274\System.Web.Mobile.ni.dll
    + 2011-10-14 07:27 . 2011-10-14 07:27 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\ccaf6bdd256a9b5079fedadcc8993327\System.Web.Extensions.ni.dll
    + 2011-10-14 07:18 . 2011-10-14 07:18 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\c0f4d80054bd14635868ea4a22c3192f\System.Speech.ni.dll
    + 2011-10-14 07:27 . 2011-10-14 07:27 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\9ec7da53380a754b4ad97709df0dd7e7\System.ServiceModel.Web.ni.dll
    + 2011-10-14 07:21 . 2011-10-14 07:21 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll
    + 2011-10-14 07:18 . 2011-10-14 07:18 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0f8e14bfdb27645fb1a92ce26f9bf521\System.Printing.ni.dll
    + 2011-10-14 07:21 . 2011-10-14 07:21 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\d14065ede44df8e9b5d6b60c5ddccc69\System.IdentityModel.ni.dll
    + 2011-10-14 07:18 . 2011-10-14 07:18 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
    + 2011-10-14 07:23 . 2011-10-14 07:23 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\91cd88a803768151c6262853d3454ba7\System.DirectoryServices.ni.dll
    + 2011-10-14 07:22 . 2011-10-14 07:22 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\cc5ac99e8af2738e85cda5525fdd944f\System.Deployment.ni.dll
    + 2011-10-14 07:17 . 2011-10-14 07:17 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
    + 2011-10-14 07:22 . 2011-10-14 07:22 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ef748704f543a8791e23387652d34dfb\System.Data.SqlXml.ni.dll
    + 2011-10-14 07:26 . 2011-10-14 07:26 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\541142d8742e6e88f1e729fafee04e71\System.Data.Services.ni.dll
    + 2011-10-14 07:23 . 2011-10-14 07:23 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\5d5aa4b926ae422607ea833d934665c2\System.Data.OracleClient.ni.dll
    + 2011-10-14 07:18 . 2011-10-14 07:18 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\d96a94076acb8e0c5a96a1b2de4b3a7a\System.Data.Linq.ni.dll
    + 2011-10-14 07:26 . 2011-10-14 07:26 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\a3ce22c2a84fdcb008d72d230ee0b2c0\System.Data.Entity.ni.dll
    + 2011-10-14 07:17 . 2011-10-14 07:17 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\d507b9e0e50e453793ee5e01c07a5485\System.Core.ni.dll
    + 2011-10-14 07:17 . 2011-10-14 07:17 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\714e9504255565bd9076fe13628e104a\ReachFramework.ni.dll
    + 2011-10-14 07:17 . 2011-10-14 07:17 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7dc6ee14234b0686182ced75f7dae990\PresentationUI.ni.dll
    + 2011-10-14 07:14 . 2011-10-14 07:14 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b42ad515bb20ec1f1250c040371c6730\PresentationBuildTasks.ni.dll
    + 2011-10-14 07:24 . 2011-10-14 07:24 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\24331b719aa25ac2b21099e32232840c\Microsoft.VisualBasic.ni.dll
    + 2011-10-14 07:24 . 2011-10-14 07:24 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\ce1ecd602ca089eb13a9b428dc7f0449\Microsoft.Transactions.Bridge.ni.dll
    + 2011-10-14 07:26 . 2011-10-14 07:26 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\8ad32b72258899177c07dc5912b5b748\Microsoft.JScript.ni.dll
    + 2011-10-14 07:24 . 2011-10-14 07:24 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\50e7c5eb58c982dba7b21cd10a69b095\Microsoft.Build.Tasks.ni.dll
    + 2011-10-14 07:24 . 2011-10-14 07:24 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\415cef6abab5bb959f200f6c537bc289\Microsoft.Build.Tasks.v3.5.ni.dll
    + 2011-10-14 07:24 . 2011-10-14 07:24 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\eea7bcc8d356e3f2dcb4f36dfc1c6bc0\Microsoft.Build.Engine.ni.dll
    + 2011-10-14 07:11 . 2011-10-14 07:11 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    - 2010-10-07 07:07 . 2010-10-07 07:07 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    - 2010-10-07 07:07 . 2010-10-07 07:07 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2011-10-14 07:12 . 2011-10-14 07:12 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    - 2010-10-07 07:07 . 2010-10-07 07:07 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2011-10-14 07:11 . 2011-10-14 07:11 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2010-10-07 07:07 . 2010-10-07 07:07 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2011-10-14 07:11 . 2011-10-14 07:11 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2011-10-14 07:11 . 2011-10-14 07:11 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    - 2010-10-07 07:07 . 2010-10-07 07:07 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2011-10-14 07:11 . 2011-10-14 07:11 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    - 2010-10-07 07:07 . 2010-10-07 07:07 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2011-10-14 07:11 . 2011-10-14 07:11 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    - 2010-10-07 07:07 . 2010-10-07 07:07 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2011-10-14 07:01 . 2011-10-14 07:01 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    - 2010-10-07 07:01 . 2010-10-07 07:01 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    + 2011-10-14 07:01 . 2011-10-14 07:01 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
    - 2010-10-07 07:01 . 2010-10-07 07:01 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
    + 2011-09-24 04:58 . 2010-12-31 13:10 1854976 c:\windows\$NtUninstallKB2555917$\win32k.sys
    + 2011-02-09 08:05 . 2010-07-27 06:30 8462336 c:\windows\$NtUninstallKB2483185$\shell32.dll
    + 2011-03-09 08:01 . 2009-06-10 13:19 2066432 c:\windows\$NtUninstallKB2481109$\mstscax.dll
    + 2011-03-09 08:01 . 2008-04-14 20:00 2061824 c:\windows\$NtUninstallKB2481109$\lhmstscx.dll
    + 2011-02-09 08:05 . 2010-10-26 13:25 1853312 c:\windows\$NtUninstallKB2479628$\win32k.sys
    + 2011-02-09 08:01 . 2010-04-27 13:59 2146304 c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
    + 2011-02-09 08:01 . 2010-04-27 13:05 2024448 c:\windows\$NtUninstallKB2393802$\ntkrpamp.exe
    + 2011-02-09 08:01 . 2010-04-27 13:05 2024448 c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
    + 2011-02-09 08:01 . 2010-04-27 13:59 2146304 c:\windows\$NtUninstallKB2393802$\ntkrnlmp.exe
    + 2009-07-27 22:13 . 2009-07-27 22:13 8462848 c:\windows\$hf_mig$\KB971029\SP3QFE\shell32.dll
    + 2011-06-21 18:43 . 2011-06-21 18:43 1172992 c:\windows\$hf_mig$\KB2559049-IE7\SP3QFE\urlmon.dll
    + 2011-07-22 16:32 . 2011-07-22 16:32 3615744 c:\windows\$hf_mig$\KB2559049-IE7\SP3QFE\mshtml.dll
    + 2011-06-21 18:43 . 2011-06-21 18:43 6081024 c:\windows\$hf_mig$\KB2559049-IE7\SP3QFE\ieframe.dll
    + 2011-09-24 04:32 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB2559049-IE7\SP3QFE\ieapfltr.dat
    + 2011-06-02 14:07 . 2011-06-02 14:07 1867904 c:\windows\$hf_mig$\KB2555917\SP3QFE\win32k.sys
    + 2011-01-21 14:42 . 2011-01-21 14:42 8463360 c:\windows\$hf_mig$\KB2483185\SP3QFE\shell32.dll
    + 2010-12-20 23:20 . 2010-12-20 23:20 1171968 c:\windows\$hf_mig$\KB2482017-IE7\SP3QFE\urlmon.dll
    + 2010-12-20 23:20 . 2010-12-20 23:20 3609088 c:\windows\$hf_mig$\KB2482017-IE7\SP3QFE\mshtml.dll
    + 2010-12-20 23:20 . 2010-12-20 23:20 6080000 c:\windows\$hf_mig$\KB2482017-IE7\SP3QFE\ieframe.dll
    + 2011-02-09 01:04 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB2482017-IE7\SP3QFE\ieapfltr.dat
    + 2011-02-02 07:57 . 2011-02-02 07:57 2069504 c:\windows\$hf_mig$\KB2481109\SP3QFE\lhmstscx.dll
    + 2010-12-31 13:14 . 2010-12-31 13:14 1864064 c:\windows\$hf_mig$\KB2479628\SP3QFE\win32k.sys
    + 2011-02-09 01:02 . 2010-12-09 13:43 2192768 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
    + 2011-02-09 01:02 . 2010-12-09 13:09 2027008 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrpamp.exe
    + 2010-12-09 23:39 . 2010-12-09 23:39 2069376 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
    + 2011-02-09 01:02 . 2010-12-09 13:47 2148864 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlmp.exe
    + 2009-07-28 07:35 . 2011-10-14 07:04 48324552 c:\windows\system32\MRT.exe
    + 2011-07-13 02:49 . 2011-07-13 02:49 11459584 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2572067\M2572067Uninstall.msp
    + 2011-10-14 07:13 . 2011-10-14 07:13 20333568 c:\windows\Installer\8707e0a.msp
    + 2011-07-12 00:43 . 2011-07-12 00:43 11641344 c:\windows\Installer\8707dff.msp
    + 2011-07-12 19:50 . 2011-07-12 19:50 17555968 c:\windows\Installer\8707df6.msp
    + 2011-03-28 07:27 . 2011-03-28 07:27 15456256 c:\windows\Installer\5f6f14.msp
    + 2011-09-24 05:05 . 2011-09-24 05:05 20333056 c:\windows\Installer\5f6e9b.msp
    + 2011-02-19 08:00 . 2011-02-19 08:00 20308992 c:\windows\Installer\23dbf5e.msp
    + 2009-04-03 23:21 . 2009-04-03 23:21 16037736 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\OART.DLL
    + 2011-10-14 07:19 . 2011-10-14 07:19 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
    + 2011-10-14 07:23 . 2011-10-14 07:23 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
    + 2011-10-14 07:22 . 2011-10-14 07:22 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\ceadaf3b3d017c7a1ef10a06f8009f6f\System.ServiceModel.ni.dll
    + 2011-10-14 07:18 . 2011-10-14 07:18 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\c6374d32e4af7b7e3e46b32176f76558\System.Design.ni.dll
    + 2011-10-14 07:16 . 2011-10-14 07:16 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\054488924fcc579cce9fa0209dafe28b\PresentationFramework.ni.dll
    + 2011-10-14 07:15 . 2011-10-14 07:15 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll
    + 2011-10-14 07:13 . 2011-10-14 07:13 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-24 68856]
    "ooVoo.exe "= "c:\program files\ooVoo\oovoo.exe" [2011-01-25 22504120]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PLFSetL "= "c:\windows\PLFSetL.exe" [2007-07-05 94208]
    "MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "Malwarebytes' Anti-Malware "= "c:\documents and settings\Administrator\My Documents\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @= "Service "
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
    backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
    Alaunch [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
    2010-03-11 02:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
    2008-10-03 19:18 294544 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 20:00 15360 ------w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
    2008-09-04 05:46 425984 -c--a-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2009-01-20 19:22 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-09-16 16:05 133104 ----atw- c:\documents and settings\Sampson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35]
    2010-09-03 07:56 6300480 ----a-w- c:\program files\Hitman Pro 3.5\HitmanPro35.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2008-02-28 22:00 166424 ----a-w- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2008-02-28 22:00 141848 ----a-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    2008-04-14 20:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2008-12-03 06:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    2008-04-14 20:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2008-02-28 22:00 137752 ----a-w- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    2008-04-14 20:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    2008-04-14 20:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2008-12-30 21:58 18082304 ----a-w- c:\windows\RTHDCPL.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-12-09 20:50 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-07-24 08:14 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2008-04-25 16:32 1044480 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
     
    wealthymike,
    #21
  2. 2011/10/28
    wealthymike

    wealthymike Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    112
    Likes Received:
    0
    "c:\\Program Files\\uTorrent\\uTorrent.exe "=
    "c:\\Documents and Settings\\Sampson\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll "=
    "c:\\Documents and Settings\\Sampson\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\\Documents and Settings\\Sampson\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe "=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe "=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
    "c:\\Program Files\\ooVoo\\ooVoo.exe "=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5910:TCP "= 5910:TCP:vnc5910
    "443:TCP "= 443:TCP:eek:oVoo TCP port 443
    "443:UDP "= 443:UDP:eek:oVoo UDP port 443
    "37674:TCP "= 37674:TCP:eek:oVoo TCP port 37674
    "37674:UDP "= 37674:UDP:eek:oVoo UDP port 37674
    "37675:UDP "= 37675:UDP:eek:oVoo UDP port 37675
    .
    R1 MpKslb7e52cb9;MpKslb7e52cb9;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D80B019-2C7E-4B72-BD66-0814C1010AEB}\MpKslb7e52cb9.sys [10/28/2011 10:28 PM 28752]
    R2 MBAMService;MBAMService;c:\documents and settings\Administrator\My Documents\Malwarebytes' Anti-Malware\mbamservice.exe [10/21/2011 9:31 PM 366152]
    R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [11/10/2008 2:43 AM 345336]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/8/2010 8:16 AM 20952]
    S1 fygdedqo;fygdedqo;\??\c:\windows\system32\drivers\fygdedqo.sys --> c:\windows\system32\drivers\fygdedqo.sys [?]
    S1 gpmeurhn;gpmeurhn;\??\c:\windows\system32\drivers\gpmeurhn.sys --> c:\windows\system32\drivers\gpmeurhn.sys [?]
    S1 MpKsl010ea02a;MpKsl010ea02a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{22ECF731-E227-42C0-83F8-B952F276E6A3}\MpKsl010ea02a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{22ECF731-E227-42C0-83F8-B952F276E6A3}\MpKsl010ea02a.sys [?]
    S1 MpKsl030a44e1;MpKsl030a44e1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BDBA4EC-84D2-474D-9FAF-7A950E8FAF96}\MpKsl030a44e1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BDBA4EC-84D2-474D-9FAF-7A950E8FAF96}\MpKsl030a44e1.sys [?]
    S1 MpKsl0c10adeb;MpKsl0c10adeb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BDBA4EC-84D2-474D-9FAF-7A950E8FAF96}\MpKsl0c10adeb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BDBA4EC-84D2-474D-9FAF-7A950E8FAF96}\MpKsl0c10adeb.sys [?]
    S1 MpKsl17429ce3;MpKsl17429ce3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BDBA4EC-84D2-474D-9FAF-7A950E8FAF96}\MpKsl17429ce3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BDBA4EC-84D2-474D-9FAF-7A950E8FAF96}\MpKsl17429ce3.sys [?]
    S1 MpKsl22a910ed;MpKsl22a910ed;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BDBA4EC-84D2-474D-9FAF-7A950E8FAF96}\MpKsl22a910ed.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BDBA4EC-84D2-474D-9FAF-7A950E8FAF96}\MpKsl22a910ed.sys [?]
    S1 MpKsl24c5363a;MpKsl24c5363a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{22ECF731-E227-42C0-83F8-B952F276E6A3}\MpKsl24c5363a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{22ECF731-E227-42C0-83F8-B952F276E6A3}\MpKsl24c5363a.sys [?]
    S1 MpKsl2838d7d8;MpKsl2838d7d8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BDBA4EC-84D2-474D-9FAF-7A950E8FAF96}\MpKsl2838d7d8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BDBA4EC-84D2-474D-9FAF-7A950E8FAF96}\MpKsl2838d7d8.sys [?]
    S1 MpKsl28bae63f;MpKsl28bae63f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BDBA4EC-84D2-474D-9FAF-7A950E8FAF96}\MpKsl28bae63f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BDBA4EC-84D2-474D-9FAF-7A950E8FAF96}\MpKsl28bae63f.sys [?]
    S1 MpKsl36012d76;MpKsl36012d76;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96539227-4ABF-467F-9B3F-841CA3046CF2}\MpKsl36012d76.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96539227-4ABF-467F-9B3F-841CA3046CF2}\MpKsl36012d76.sys [?]
    S1 MpKsl46755472;MpKsl46755472;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96539227-4ABF-467F-9B3F-841CA3046CF2}\MpKsl46755472.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96539227-4ABF-467F-9B3F-841CA3046CF2}\MpKsl46755472.sys [?]
    S1 MpKsl4810c523;MpKsl4810c523;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96539227-4ABF-467F-9B3F-841CA3046CF2}\MpKsl4810c523.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96539227-4ABF-467F-9B3F-841CA3046CF2}\MpKsl4810c523.sys [?]
    S1 MpKsl49f130b2;MpKsl49f130b2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4BEFD774-8352-474B-BA31-E8232F27F6AB}\MpKsl49f130b2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4BEFD774-8352-474B-BA31-E8232F27F6AB}\MpKsl49f130b2.sys [?]
    S1 MpKsl4d20a7a7;MpKsl4d20a7a7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{539D9822-EB00-4CC0-B8EF-918F365AD60B}\MpKsl4d20a7a7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{539D9822-EB00-4CC0-B8EF-918F365AD60B}\MpKsl4d20a7a7.sys [?]
    S1 MpKsl5e987e0a;MpKsl5e987e0a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BDBA4EC-84D2-474D-9FAF-7A950E8FAF96}\MpKsl5e987e0a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BDBA4EC-84D2-474D-9FAF-7A950E8FAF96}\MpKsl5e987e0a.sys [?]
    S1 MpKsl64547547;MpKsl64547547;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{361880F1-7A5F-4D65-8BD6-C1E55DD49634}\MpKsl64547547.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{361880F1-7A5F-4D65-8BD6-C1E55DD49634}\MpKsl64547547.sys [?]
    S1 MpKsl6c4102e0;MpKsl6c4102e0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BDBA4EC-84D2-474D-9FAF-7A950E8FAF96}\MpKsl6c4102e0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BDBA4EC-84D2-474D-9FAF-7A950E8FAF96}\MpKsl6c4102e0.sys [?]
    S1 MpKsl70f3197d;MpKsl70f3197d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA89F20F-5940-4FCE-B772-456D4ABBE2B9}\MpKsl70f3197d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA89F20F-5940-4FCE-B772-456D4ABBE2B9}\MpKsl70f3197d.sys [?]
    S1 MpKsl71d30839;MpKsl71d30839;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{22ECF731-E227-42C0-83F8-B952F276E6A3}\MpKsl71d30839.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{22ECF731-E227-42C0-83F8-B952F276E6A3}\MpKsl71d30839.sys [?]
    S1 MpKsl79c32c4f;MpKsl79c32c4f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D6861BA9-B1FF-4991-92C9-09D1B72CD902}\MpKsl79c32c4f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D6861BA9-B1FF-4991-92C9-09D1B72CD902}\MpKsl79c32c4f.sys [?]
    S1 MpKsl7bde59b6;MpKsl7bde59b6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BDBA4EC-84D2-474D-9FAF-7A950E8FAF96}\MpKsl7bde59b6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BDBA4EC-84D2-474D-9FAF-7A950E8FAF96}\MpKsl7bde59b6.sys [?]
    S1 MpKsl8977b720;MpKsl8977b720;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5D20CF1-9F48-41C3-B382-D0085D3E8569}\MpKsl8977b720.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5D20CF1-9F48-41C3-B382-D0085D3E8569}\MpKsl8977b720.sys [?]
    S1 MpKsl8ebeab4c;MpKsl8ebeab4c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BAC4168C-5BE6-4878-9E87-75F850FA9C2C}\MpKsl8ebeab4c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BAC4168C-5BE6-4878-9E87-75F850FA9C2C}\MpKsl8ebeab4c.sys [?]
    S1 MpKsl91c20ae9;MpKsl91c20ae9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D6861BA9-B1FF-4991-92C9-09D1B72CD902}\MpKsl91c20ae9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D6861BA9-B1FF-4991-92C9-09D1B72CD902}\MpKsl91c20ae9.sys [?]
    S1 MpKsla6469ac3;MpKsla6469ac3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96539227-4ABF-467F-9B3F-841CA3046CF2}\MpKsla6469ac3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96539227-4ABF-467F-9B3F-841CA3046CF2}\MpKsla6469ac3.sys [?]
    S1 MpKslb7ac0a9b;MpKslb7ac0a9b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{49C345AA-F74D-47F1-8B80-3DAE937EC489}\MpKslb7ac0a9b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{49C345AA-F74D-47F1-8B80-3DAE937EC489}\MpKslb7ac0a9b.sys [?]
    S1 MpKslb8df17f0;MpKslb8df17f0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{22ECF731-E227-42C0-83F8-B952F276E6A3}\MpKslb8df17f0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{22ECF731-E227-42C0-83F8-B952F276E6A3}\MpKslb8df17f0.sys [?]
    S1 MpKslc49888fc;MpKslc49888fc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BF8DB92D-234A-4527-8E0D-193A9FA45751}\MpKslc49888fc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BF8DB92D-234A-4527-8E0D-193A9FA45751}\MpKslc49888fc.sys [?]
    S1 MpKslc5f8b137;MpKslc5f8b137;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BDBA4EC-84D2-474D-9FAF-7A950E8FAF96}\MpKslc5f8b137.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BDBA4EC-84D2-474D-9FAF-7A950E8FAF96}\MpKslc5f8b137.sys [?]
    S1 MpKslcc48d426;MpKslcc48d426;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{361880F1-7A5F-4D65-8BD6-C1E55DD49634}\MpKslcc48d426.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{361880F1-7A5F-4D65-8BD6-C1E55DD49634}\MpKslcc48d426.sys [?]
    S1 MpKsldbcd1722;MpKsldbcd1722;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{63E59F8B-55A2-45BC-8714-7B6818B43AD2}\MpKsldbcd1722.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{63E59F8B-55A2-45BC-8714-7B6818B43AD2}\MpKsldbcd1722.sys [?]
    S1 MpKslf36ac8fa;MpKslf36ac8fa;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BDBA4EC-84D2-474D-9FAF-7A950E8FAF96}\MpKslf36ac8fa.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BDBA4EC-84D2-474D-9FAF-7A950E8FAF96}\MpKslf36ac8fa.sys [?]
    S1 MpKslffd7d35b;MpKslffd7d35b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BDBA4EC-84D2-474D-9FAF-7A950E8FAF96}\MpKslffd7d35b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9BDBA4EC-84D2-474D-9FAF-7A950E8FAF96}\MpKslffd7d35b.sys [?]
    S2 CrossLoopService;CrossLoop Service;c:\documents and settings\Sampson\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [2/22/2010 10:11 AM 560792]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/19/2010 4:55 AM 135664]
    S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/20/2009 3:22 PM 30192]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/19/2010 4:55 AM 135664]
    S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [4/8/2010 1:30 PM 16968]
    S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [7/8/2008 1:16 PM 96856]
    S3 QCFilterGAD;Gobi AD USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterGAD.sys [7/24/2009 4:08 AM 5248]
    S3 qcusbnetGAD;Gobi AD USB-NDIS miniport;c:\windows\system32\drivers\qcusbnetGAD.sys [7/24/2009 4:08 AM 115200]
    S3 qcusbserGAD;Gobi AD USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserGAD.sys [2/17/2009 12:42 AM 103680]
    S3 uvnc_service;uvnc_service;c:\documents and settings\Sampson\Local Settings\Application Data\CrossLoop\winvnc.exe [2/22/2010 10:11 AM 1590216]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 38564191
    *NewlyCreated* - APPMGMT
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - FGLYRPOB
    *NewlyCreated* - FGLYRPOD
    *NewlyCreated* - MBAMSWISSARMY
    *NewlyCreated* - MPKSL0D58A4DD
    *NewlyCreated* - MPKSLB7E52CB9
    *NewlyCreated* - MPKSLC59C5A75
    *NewlyCreated* - MPKSLD5F18380
    *NewlyCreated* - MPKSLF38C4CDF
    *Deregistered* - 38564191
    *Deregistered* - aswMBR
    *Deregistered* - fglyrpob
    *Deregistered* - fglyrpod
    *Deregistered* - MBAMSwissArmy
    *Deregistered* - MpKsl0d58a4dd
    *Deregistered* - MpKslc59c5a75
    *Deregistered* - MpKsld5f18380
    *Deregistered* - MpKslf38c4cdf
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-28 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-24 08:02]
    .
    2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-19 08:55]
    .
    2011-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-19 08:55]
    .
    2011-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776817393-1407352519-815249355-1006Core.job
    - c:\documents and settings\Sampson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-16 16:05]
    .
    2011-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776817393-1407352519-815249355-1006UA.job
    - c:\documents and settings\Sampson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-16 16:05]
    .
    2011-10-23 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ask.com?o=102874&l=dis&gct=hp
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aoa150
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyServer = 202.55.172.139:3128
    uInternet Settings,ProxyOverride = <local>
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Sampson\Application Data\Mozilla\Firefox\Profiles\l85e7cm8.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=102874&l=dis&gct=hp
    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=HIP&o=102874&locale=en_US&apn_uid=8A36A1C9-49B8-4868-A361-7CD63A42F7DC&apn_ptnrs=6E&apn_sauid=49841CAB-05B6-4E57-9AE1-E5AC023814C1&apn_dtid=YYYYYYYYUS&q=
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-10-28 22:58
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2011-10-28 23:00:51
    ComboFix-quarantined-files.txt 2011-10-29 03:00
    ComboFix2.txt 2010-12-28 06:34
    ComboFix3.txt 2010-09-26 03:53
    ComboFix4.txt 2010-09-26 03:23
    ComboFix5.txt 2011-10-29 02:46
    .
    Pre-Run: 118,710,755,328 bytes free
    Post-Run: 118,964,731,904 bytes free
    .
    - - End Of File - - E82860B08A2A3A7072CB2D7DB3D84289
     
    wealthymike,
    #22


  3. to hide this advert.

  4. 2011/10/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box
    • Click OK
    Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
c:\windows\system32\drivers\fygdedqo.sys
c:\windows\system32\drivers\gpmeurhn.sys


DDS::
uInternet Settings,ProxyServer = 202.55.172.139:3128
uInternet Settings,ProxyOverride = <local>


Driver::
fygdedqo
gpmeurhn

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
    broni,
    #23
  5. 2011/11/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Still with me?
     
    broni,
    #24
Page 2 of 2
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...