Urgent Help with Trojan.Zeroaccess!inf

View previous topic View next topic Go down

Urgent Help with Trojan.Zeroaccess!inf

Post by zeroaccess on Wed Mar 07, 2012 8:51 pm

Hi all,
I started receiving alerts about virus Trojan.Zeroaccess!inf from Symntech since yesterday night. When I try to launch windows in normal mode it freezes after 2-3 minuts. I am not being able to perform full scan or anythig required to diagnos this virus infection. Currently I am running my computer in safe+networking mode so I was able to pull all the logs required here in safe mode only. Please suggest me what actions should i take to remove all spyware/malware/viruses from my computer. This is my work laptop and I work remotely so need to fix this issue quickly! I will greatly appreciate your help.

Logs:

OTL.txt

OTL logfile created on: 3/7/2012 12:56:50 PM - Run 1
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Documents and Settings\ravis\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 3.02 Gb Available Physical Memory | 86.67% Memory free
5.33 Gb Paging File | 5.04 Gb Available in Paging File | 94.45% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.71 Gb Total Space | 112.07 Gb Free Space | 48.16% Space Free | Partition Type: NTFS

Computer Name: RSHARMA6400 | User Name: ravis | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/07 12:55:58 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ravis\Desktop\OTL.com
PRC - [2010/07/12 14:11:42 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/07/12 14:11:40 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/05/04 04:52:24 | 000,112,416 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2iexp.dll
MOD - [2011/05/04 04:51:59 | 000,008,192 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll
MOD - [2008/08/01 09:41:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (TcUsb)
SRV - File not found [Auto | Stopped] -- -- (steamdvr)
SRV - File not found [Auto | Stopped] -- -- (SiS300i)
SRV - File not found [Auto | Stopped] -- -- (oracle_load_balancer_60_client-forms6ip9)
SRV - File not found [Auto | Stopped] -- -- (nvedavt)
SRV - File not found [Auto | Stopped] -- -- (nimcdlbk)
SRV - File not found [Auto | Stopped] -- -- (Maplom)
SRV - File not found [Auto | Stopped] -- -- (KLOGNT)
SRV - File not found [Auto | Stopped] -- -- (iAimFP5)
SRV - File not found [Auto | Stopped] -- -- (HFACSVC)
SRV - File not found [Auto | Stopped] -- -- (emAudio)
SRV - File not found [Auto | Stopped] -- -- (automate5)
SRV - File not found [Auto | Stopped] -- -- (AsusACPI)
SRV - [2012/01/09 09:09:13 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Stopped] -- C:\WINDOWS\system32\rpcnet.exe -- (Rpcnet) Remote Procedure Call (RPC)
SRV - [2010/09/21 15:10:14 | 000,254,464 | ---- | M] () [On_Demand | Stopped] -- C:\oracle\product\10.1.0\Db_1\BIN\agntsvc.exe -- (OracleOraDb10g_home1SNMPPeerMasterAgent)
SRV - [2010/09/21 15:10:14 | 000,187,392 | ---- | M] () [On_Demand | Stopped] -- C:\oracle\product\10.1.0\Db_1\BIN\encsvc.exe -- (OracleOraDb10g_home1SNMPPeerEncapsulator)
SRV - [2010/09/21 15:08:34 | 000,773,444 | ---- | M] () [Auto | Stopped] -- C:\oracle\product\10.1.0\Db_1\bin\ocssd.exe -- (OracleCSService)
SRV - [2010/07/12 14:11:42 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/07/12 14:11:42 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/07/12 14:11:40 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/07/12 14:11:40 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Smc.exe -- (SmcService)
SRV - [2010/07/12 14:11:40 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\SNAC.EXE -- (SNAC)
SRV - [2010/01/22 21:57:08 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2010/01/22 21:56:44 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/01/22 21:56:28 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/01/22 21:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/03/20 19:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/09/25 12:25:14 | 000,237,657 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- c:\Program Files\IDT\DellXPM09B_6087v035\WDM\stacsv.exe -- (STacSV)
SRV - [2008/07/31 22:41:50 | 000,808,296 | ---- | M] (Broadcom Corporation) [Auto | Stopped] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2008/07/31 22:41:50 | 000,021,352 | ---- | M] (Broadcom Corporation) [Auto | Stopped] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2008/07/10 21:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/07/10 21:32:38 | 000,352,256 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2008/07/10 21:23:22 | 000,901,120 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/07/10 21:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2006/09/25 10:21:58 | 000,053,248 | ---- | M] () [Auto | Stopped] -- C:\Program Files\IPSec Client\lucentikesvc.exe -- (LucentIKE)
SRV - [2006/07/05 15:19:26 | 000,058,368 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\CVSNT\cvslock.exe -- (cvslock)
SRV - [2006/07/05 15:19:26 | 000,037,888 | ---- | M] (March Hare Software Ltd) [On_Demand | Stopped] -- C:\Program Files\CVSNT\cvsservice.exe -- (cvsnt)
SRV - [2005/08/12 17:37:50 | 001,504,256 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


========== Driver Services (SafeList) ==========

DRV - [2012/02/27 13:22:49 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120306.036\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/02/27 13:22:49 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120306.036\NAVENG.SYS -- (NAVENG)
DRV - [2012/02/03 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/03 04:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/16 15:19:48 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/07/12 14:11:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/07/12 14:11:42 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/07/12 14:11:42 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/07/12 14:11:38 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/07/12 14:11:38 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2010/07/12 14:11:36 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/07/12 14:11:36 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2010/04/30 17:09:44 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/04/30 17:09:22 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/01/22 21:58:02 | 000,032,688 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2010/01/22 21:57:58 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2010/01/22 21:57:56 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2010/01/22 21:57:54 | 000,854,192 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2010/01/22 21:57:54 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci)
DRV - [2010/01/22 21:56:46 | 000,014,896 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\vmparport.sys -- (VMparport)
DRV - [2010/01/22 21:00:42 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2010/01/22 17:13:00 | 000,016,560 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009/10/12 14:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2008/09/25 12:26:28 | 001,391,418 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/09/19 02:03:00 | 000,277,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008/08/27 13:37:18 | 000,112,128 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/08/07 18:42:48 | 000,991,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/08/03 23:35:28 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/07/31 22:39:26 | 000,032,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2008/07/24 19:42:48 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/06/26 07:15:34 | 003,630,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/06/04 15:14:00 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/06/04 15:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008/06/03 18:30:22 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/05/21 15:02:48 | 000,534,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/05/08 14:53:36 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/05/08 14:52:54 | 000,210,688 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/05/08 14:52:50 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/04/18 16:48:50 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/04/04 14:40:50 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel(R)
DRV - [2008/02/04 18:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/02/04 18:57:30 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/09/20 12:59:14 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/07/23 15:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 15:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 15:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 15:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 15:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 15:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 15:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 15:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 14:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 14:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/06/08 02:00:02 | 000,148,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OA001Afx.sys -- (OA001Afx)
DRV - [2007/02/24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/09/25 10:17:02 | 000,270,804 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\luipsec.sys -- (LuIPSec)
DRV - [2005/08/12 17:35:56 | 000,305,739 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2005/05/17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/01/26 05:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/10/27 13:32:02 | 000,146,888 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E B9 02 08 D6 05 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0
FF - prefs.js..extensions.enabledItems: {a6fd85ed-e919-4a43-a5af-8da18bda539f}:1.0.10
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.3.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\ravis\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\ravis\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\ravis\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\ravis\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files\Fiddler2\FiddlerHook [2012/02/07 17:48:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/10/04 16:10:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 12:40:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/07 10:53:36 | 000,000,000 | ---D | M]

[2010/09/30 10:03:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ravis\Application Data\Mozilla\Extensions
[2012/02/01 11:32:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ravis\Application Data\Mozilla\Firefox\Profiles\hi4mcift.default\extensions
[2010/10/21 16:41:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ravis\Application Data\Mozilla\Firefox\Profiles\hi4mcift.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/27 16:17:13 | 000,000,000 | ---D | M] (Selenium IDE) -- C:\Documents and Settings\ravis\Application Data\Mozilla\Firefox\Profiles\hi4mcift.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}
[2012/01/14 15:21:24 | 000,000,000 | ---D | M] ("Premiumplay Codec-C") -- C:\Documents and Settings\ravis\Application Data\Mozilla\Firefox\Profiles\hi4mcift.default\extensions\crossriderapp435@crossrider.com
[2011/11/28 23:20:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RAVIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HI4MCIFT.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012/02/17 12:40:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/15 17:28:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/15 17:28:37 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (DivX Plus Web Player HTML5

zeroaccess
Novice
Novice

Posts Posts : 15
Joined Joined : 2012-03-07
Gender Gender : Male
OS OS : XP
Points Points : 17543
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Urgent Help with Trojan.Zeroaccess!inf

Post by zeroaccess on Wed Mar 07, 2012 8:53 pm

***Continued***

< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/04/01 16:48:30 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/04/01 16:48:30 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/04/01 16:48:30 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/04/01 16:48:30 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/04/01 16:48:30 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2009/04/01 16:48:30 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-02-17 04:44:32

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/17 12:40:00 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/17 12:40:00 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/17 12:40:00 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/17 12:40:04 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/17 12:40:04 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/17 12:40:04 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 07:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 07:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 07:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/17 12:40:00 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/17 12:40:00 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/17 12:40:00 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/17 12:40:04 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/17 12:40:04 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/17 12:40:04 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 07:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 07:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 07:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 60 bytes -> C:\Visio Standard:AFP_AfpInfo

< End of report >

Extras.txt:

OTL Extras logfile created on: 3/7/2012 12:56:50 PM - Run 1
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Documents and Settings\ravis\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 3.02 Gb Available Physical Memory | 86.67% Memory free
5.33 Gb Paging File | 5.04 Gb Available in Paging File | 94.45% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.71 Gb Total Space | 112.07 Gb Free Space | 48.16% Space Free | Partition Type: NTFS

Computer Name: RSHARMA6400 | User Name: ravis | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = 192.168.0.0/16

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\VMware\VMware Player\vmware-authd.exe" = C:\Program Files\VMware\VMware Player\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)
"C:\Program Files\IBM\SDP\runtimes\base_v7\java\bin\java.exe" = C:\Program Files\IBM\SDP\runtimes\base_v7\java\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (IBM)
"C:\Program Files\IBM\SDP\jdk\jre\bin\javaw.exe" = C:\Program Files\IBM\SDP\jdk\jre\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (IBM)
"C:\Program Files\IBM\SDP\runtimes\base_v7\java\jre\bin\javaw.exe" = C:\Program Files\IBM\SDP\runtimes\base_v7\java\jre\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (IBM)
"C:\Program Files\IBM\SDPShared\plugins\org.eclipse.tptp.platform.ac.win_ia32_4.4.103.v200908130946\agent_controller\bin\ACServer.exe" = C:\Program Files\IBM\SDPShared\plugins\org.eclipse.tptp.platform.ac.win_ia32_4.4.103.v200908130946\agent_controller\bin\ACServer.exe:*:Enabled:ACServer -- ()
"C:\WINDOWS\system32\[You must be registered and logged in to see this link.] = C:\WINDOWS\system32\[You must be registered and logged in to see this link.] Transfer Program -- (Microsoft Corporation)
"C:\Documents and Settings\ravis\Local Settings\temp\LRE77.tmp\jre\bin\java.exe" = C:\Documents and Settings\ravis\Local Settings\temp\LRE77.tmp\jre\bin\java.exe:*:Enabled:Java launcher
"C:\Documents and Settings\ravis\Local Settings\temp\LRE7F.tmp\jre\bin\java.exe" = C:\Documents and Settings\ravis\Local Settings\temp\LRE7F.tmp\jre\bin\java.exe:*:Enabled:Java launcher
"C:\Documents and Settings\ravis\Local Settings\temp\LRE85.tmp\jre\bin\java.exe" = C:\Documents and Settings\ravis\Local Settings\temp\LRE85.tmp\jre\bin\java.exe:*:Enabled:Java launcher
"C:\IBM\WebSphere\AppServer\java\bin\java.exe" = C:\IBM\WebSphere\AppServer\java\bin\java.exe:*:Enabled:Java launcher -- (IBM)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\IBM\WebSphere\AppServer\java\jre\bin\javaw.exe" = C:\IBM\WebSphere\AppServer\java\jre\bin\javaw.exe:*:Enabled:Java launcher -- (IBM)
"C:\Program Files\IBM\SDP\eclipse.exe" = C:\Program Files\IBM\SDP\eclipse.exe:*:Enabled:eclipse -- ()
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Documents and Settings\ravis\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\ravis\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec AntiVirus\Smc.exe" = C:\Program Files\Symantec AntiVirus\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec AntiVirus\SNAC.EXE" = C:\Program Files\Symantec AntiVirus\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\VMware\VMware Player\vmware-authd.exe" = C:\Program Files\VMware\VMware Player\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\IBM\SDP\jdk\jre\bin\javaw.exe" = C:\Program Files\IBM\SDP\jdk\jre\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (IBM)
"C:\IBM\WebSphere\AppServer\java\bin\java.exe" = C:\IBM\WebSphere\AppServer\java\bin\java.exe:*:Enabled:Java launcher -- (IBM)
"C:\Program Files\IBM\SDP\eclipse.exe" = C:\Program Files\IBM\SDP\eclipse.exe:*:Enabled:eclipse -- ()
"C:\Documents and Settings\ravis\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\ravis\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\IBM\SDP\runtimes\base_v7\java\bin\java.exe" = C:\Program Files\IBM\SDP\runtimes\base_v7\java\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (IBM)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{066D25F6-8B8B-433C-88B4-EDF41D604E7E}" = Broadcom USH Host Components
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{08333C2F-8219-48E8-8569-E53D4C761882}" = Network Recording Player
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{1727CD47-A408-11d2-AFAD-00C04F72FB3E}" = VBA
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java(TM) SE Development Kit 6 Update 21
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Ver.3.53.02
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C480BB2-42A9-40C6-AA5F-7AA20FC7C7F3}" = CVSNT 2.5.03.2382
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9DD31A27-8A55-47A2-BBE8-9C062BF187E9}" = Q Enterprise Messenger 4.x
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi Software
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0F57A2C-7392-11D4-8126-00C04F04AEDF}" = Lucent IPSec Client
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CDD4495B-0424-42F0-8D89-70D47E21BD69}" = AT&T Connect Participant Application v8.9.35
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7EC8A27-CDA2-46AE-8A26-4104A04FA5BE}" = 32 Bit HP CIO Components Installer
"{DBFA7530-0CBF-11D3-8CC0-00C04F72C04D}" = Visio 2000
"{DF6320E3-B716-4FAB-99CD-18AB6A2C3970}" = DJ Java Decompiler v.3.11.11.95
"{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
"{E8814A8F-3B06-11D3-8CD7-00C04F72C04D}" = Microsoft Visual Studio Service Pack 3
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OA001" = Integrated Webcam Driver (1.03.02.0919)
"D2D77DC2-8299-11D1-8949-444553540000_is1" = WinCvs 2.0
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup" = DivX Setup
"Drug Lord 2" = Drug Lord 2
"Fiddler2" = Fiddler2
"IBM Installation Manager" = IBM Installation Manager
"IBM WebSphere Portal 6.1.0.3" = IBM WebSphere Portal 6.1.0.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"IM-IBM Software Delivery Platform" = IBM Software Delivery Platform
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Motive Model Builder 4.2" = Motive Model Builder 4.2
"Motive Overlay Builder 4.2" = Motive Overlay Builder 4.2
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"Spotify" = Spotify
"STANDARD" = Microsoft Office Standard 2007
"TortoiseCVS_is1" = TortoiseCVS 1.10.10
"Veetle TV" = Veetle TV 0.9.18
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.1.5
"VMware_Player" = VMware Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WordWeb" = WordWeb
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
"WSBAA61ND" = IBM WebSphere Application Server Network Deployment V6.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/7/2012 1:16:45 PM | Computer Name = RSHARMA6400 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 3/7/2012 1:17:25 PM | Computer Name = RSHARMA6400 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Zeroaccess!inf in File: C:\WINDOWS\system32\ozoneinstallerservice.dll
by: Auto-Protect scan. Action: Delete failed : Leave Alone failed. Action Description:


Error - 3/7/2012 1:18:14 PM | Computer Name = RSHARMA6400 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 3/7/2012 1:22:27 PM | Computer Name = RSHARMA6400 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 3/7/2012 1:23:58 PM | Computer Name = RSHARMA6400 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 3/7/2012 1:29:55 PM | Computer Name = RSHARMA6400 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 3/7/2012 1:29:56 PM | Computer Name = RSHARMA6400 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 3/7/2012 1:31:00 PM | Computer Name = RSHARMA6400 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 3/7/2012 1:47:43 PM | Computer Name = RSHARMA6400 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 3/7/2012 1:49:16 PM | Computer Name = RSHARMA6400 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

[ System Events ]
Error - 3/7/2012 12:07:56 PM | Computer Name = RSHARMA6400 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 3/7/2012 12:24:44 PM | Computer Name = RSHARMA6400 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain BISON-NT due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 3/7/2012 12:28:15 PM | Computer Name = RSHARMA6400 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/7/2012 12:33:27 PM | Computer Name = RSHARMA6400 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/7/2012 12:37:46 PM | Computer Name = RSHARMA6400 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 3/7/2012 12:37:47 PM | Computer Name = RSHARMA6400 | Source = Service Control Manager | ID = 7000
Description = The VMware VMparport service failed to start due to the following
error: %%20

Error - 3/7/2012 12:37:47 PM | Computer Name = RSHARMA6400 | Source = Service Control Manager | ID = 7023
Description = The Lxrjd31d service terminated with the following error: %%126

Error - 3/7/2012 12:37:47 PM | Computer Name = RSHARMA6400 | Source = Service Control Manager | ID = 7023
Description = The A88xEnc service terminated with the following error: %%126

Error - 3/7/2012 1:05:49 PM | Computer Name = RSHARMA6400 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/7/2012 1:39:31 PM | Computer Name = RSHARMA6400 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >

Checkup.txt:

Results of screen317's Security Check version 0.99.31
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Symantec Endpoint Protection
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
Java DB 10.5.3.0
Java(TM) 6 Update 26
Java(TM) SE Development Kit 6 Update 21
DJ Java Decompiler v.3.11.11.95
Java version out of date!
Adobe Flash Player 11.1.102.55
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (10.0.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Symantec AntiVirus Rtvscan.exe
``````````End of Log````````````

aswMBR Logs:

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-07 13:12:55
-----------------------------
13:12:55.734 OS Version: Windows 5.1.2600 Service Pack 3
13:12:55.734 Number of processors: 2 586 0x170A
13:12:55.734 ComputerName: RSHARMA6400 UserName: ravis
13:13:13.796 Initialize success
13:19:42.640 AVAST engine defs: 12030700
13:34:17.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:34:17.390 Disk 0 Vendor: WDC_WD2500BJKT-75F4T0 11.01A11 Size: 238475MB BusType: 3
13:34:17.437 Disk 0 MBR read successfully
13:34:17.453 Disk 0 MBR scan
13:34:17.531 Disk 0 Windows XP default MBR code
13:34:17.546 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 180 MB offset 63
13:34:17.593 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 238292 MB offset 369495
13:34:17.609 Disk 0 scanning sectors +488392065
13:34:17.718 Disk 0 scanning C:\WINDOWS\system32\drivers
13:34:25.656 File: C:\WINDOWS\system32\drivers\i8042prt.sys **INFECTED** Win32:Alureon-AQT [Rtk]
13:34:34.609 Disk 0 trace - called modules:
13:34:34.640 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8ad9afd0]<<
13:34:34.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae1d908]
13:34:34.640 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> [0x8aeeb030]
13:34:34.640 \Driver\00000462[0x8ae2c178] -> IRP_MJ_CREATE -> 0x8ad9afd0
13:34:36.921 AVAST engine scan C:\WINDOWS
13:34:40.718 AVAST engine scan C:\WINDOWS\system32
13:36:48.812 AVAST engine scan C:\WINDOWS\system32\drivers
13:36:56.968 File: C:\WINDOWS\system32\drivers\i8042prt.sys **INFECTED** Win32:Alureon-AQT [Rtk]
13:37:05.937 AVAST engine scan C:\Documents and Settings\ravis
15:39:31.140 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ravis\Desktop\MBR.dat"
15:39:31.453 The log file has been saved successfully to "C:\Documents and Settings\ravis\Desktop\aswMBR.txt"

Please let me know if anything more required.

zeroaccess
Novice
Novice

Posts Posts : 15
Joined Joined : 2012-03-07
Gender Gender : Male
OS OS : XP
Points Points : 17543
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Urgent Help with Trojan.Zeroaccess!inf

Post by Superdave on Wed Mar 07, 2012 11:41 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
Download Combofix from any of the links below, and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [URL="[You must be registered and logged in to see this link.][You must be registered and logged in to see this link.]here[/URL[/url]] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Urgent Help with Trojan.Zeroaccess!inf

Post by zeroaccess on Thu Mar 08, 2012 12:13 am

Hi Dave,

Thanks for responding. I tried to disable File System Auto-Protect on Symantec Endpoint Protection but I dont have access writes. Although I was successful in disabling Proactive Threat protection. Is it fine to run ComboFix in this condition?

zeroaccess
Novice
Novice

Posts Posts : 15
Joined Joined : 2012-03-07
Gender Gender : Male
OS OS : XP
Points Points : 17543
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Urgent Help with Trojan.Zeroaccess!inf

Post by Superdave on Thu Mar 08, 2012 12:55 am

[You must be registered and logged in to see this link.] wrote:Hi Dave,

Thanks for responding. I tried to disable File System Auto-Protect on Symantec Endpoint Protection but I dont have access writes. Although I was successful in disabling Proactive Threat protection. Is it fine to run ComboFix in this condition?

It's not ideal but run it anyway.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Urgent Help with Trojan.Zeroaccess!inf

Post by zeroaccess on Thu Mar 08, 2012 2:15 am

Logs from ComboFix:

ComboFix 12-03-07.05 - ravis 03/07/2012 20:30:20.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2945 [GMT -5:00]
Running from: c:\documents and settings\ravis\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LP
c:\program files\LP\008B\21.tmp
c:\program files\LP\008B\22.tmp
c:\program files\LP\008B\3.tmp
c:\program files\LP\008B\4.tmp
c:\program files\LP\008B\5.tmp
c:\windows\$NtUninstallKB11978$
c:\windows\$NtUninstallKB11978$\2721746160\@
c:\windows\$NtUninstallKB11978$\2721746160\cfg.ini
c:\windows\$NtUninstallKB11978$\2721746160\Desktop.ini
c:\windows\$NtUninstallKB11978$\2721746160\L\omwwmsab
c:\windows\$NtUninstallKB11978$\2721746160\oemid
c:\windows\$NtUninstallKB11978$\2721746160\U\00000001.@
c:\windows\$NtUninstallKB11978$\2721746160\U\00000002.@
c:\windows\$NtUninstallKB11978$\2721746160\U\00000004.@
c:\windows\$NtUninstallKB11978$\2721746160\U\80000000.@
c:\windows\$NtUninstallKB11978$\2721746160\U\80000004.@
c:\windows\$NtUninstallKB11978$\2721746160\U\80000032.@
c:\windows\$NtUninstallKB11978$\2721746160\version
c:\windows\$NtUninstallKB11978$\2941787473
c:\windows\system32\421233B1B1.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\IWPDGINA.DLL
c:\windows\system32\mapserver6.3.dll.VIRUS
c:\windows\system32\SaiNtBus.dll.Virus
c:\windows\system32\service.dll
.
Infected copy of c:\windows\system32\drivers\i8042prt.sys was found and disinfected
Restored copy from - The cat found it Smile
.
((((((((((((((((((((((((( Files Created from 2012-02-08 to 2012-03-08 )))))))))))))))))))))))))))))))
.
.
2012-03-08 01:25 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-03-07 17:04 . 2012-03-07 17:27 -------- d-----w- c:\documents and settings\ravis\Local Settings\Application Data\NPE
2012-03-07 17:04 . 2012-03-07 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2012-03-07 15:56 . 2012-03-07 15:56 -------- d-----w- c:\documents and settings\ravis\Application Data\InstallShield
2012-02-29 00:45 . 2012-02-29 00:45 -------- d-----w- C:\spoolerlogs
2012-02-27 01:20 . 2012-03-06 18:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-02-25 18:30 . 2012-02-25 18:30 -------- d-----w- c:\program files\ATT
2012-02-25 18:27 . 2012-02-25 18:27 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2012-02-25 18:05 . 2012-02-25 18:05 -------- d-----w- c:\program files\ATT-HSI
2012-02-24 18:21 . 2012-02-24 18:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2012-02-22 14:45 . 2012-02-22 14:45 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-22 04:26 . 2012-02-22 14:44 -------- d-----w- c:\documents and settings\ravis\Application Data\B0C6D
2012-02-17 04:19 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-17 04:19 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-08 01:49 . 2010-09-16 17:00 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-03-08 01:49 . 2009-04-02 16:36 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-03-08 00:18 . 2010-09-16 17:42 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2012-03-05 18:19 . 2011-01-17 17:31 62736 ----a-r- c:\documents and settings\ravis\Application Data\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\PullClientStartSho_CD6A27034E724245941D2EB3A8CF0DD5.exe
2012-03-05 18:19 . 2011-01-17 17:31 62736 ----a-r- c:\documents and settings\ravis\Application Data\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\ParticipantStartSh_DF0BA5751BF84E0AABDD4B6DA83B3B0C.exe
2012-03-05 18:19 . 2011-01-17 17:31 62736 ----a-r- c:\documents and settings\ravis\Application Data\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\NewShortcut11_0A40599CA5B444D89111273D573729A6.exe
2012-03-05 18:19 . 2011-01-17 17:31 62736 ----a-r- c:\documents and settings\ravis\Application Data\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\MyATTStartShortcut_37B266125E564D7BBC298658403757C7.exe
2012-03-05 18:19 . 2011-01-17 17:31 62736 ----a-r- c:\documents and settings\ravis\Application Data\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\LSUStartShortcut1_0C445A24F06A4871AC024995E6B63EA6.exe
2012-03-05 18:19 . 2011-01-17 17:31 62736 ----a-r- c:\documents and settings\ravis\Application Data\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\LSUDesktopShortcut_5E8B335F6B1645798E61AE17118989A8.exe
2012-03-05 18:19 . 2011-01-17 17:31 62736 ----a-r- c:\documents and settings\ravis\Application Data\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\ARPPRODUCTICON.exe
2012-03-05 18:19 . 2011-01-17 17:31 58640 ----a-r- c:\documents and settings\ravis\Application Data\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\MyATTDesktopShortc_F98F597BB2C24BCA8A2E00E99FF50C40.exe
2012-03-05 18:19 . 2011-01-17 17:31 46352 ----a-r- c:\documents and settings\ravis\Application Data\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\ParticipantHelpSta_AFE5E24C07B1432883124EEC348980E5.exe
2012-01-12 16:53 . 2004-08-04 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 14:41 . 2011-05-18 02:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-09 14:09 . 2007-06-12 18:02 58288 ------w- c:\windows\system32\rpcnet.exe
2011-12-17 19:46 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-17 17:40 . 2011-05-03 15:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-14 01:17 . 2011-05-14 01:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
+ 2011-05-14 06:06 . 2011-05-14 06:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-14 06:23 . 2011-05-14 06:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-13 23:37 . 2011-05-13 23:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
+ 2012-03-08 01:49 . 2012-03-08 01:49 16384 c:\windows\Temp\Perflib_Perfdata_ec8.dat
+ 2012-03-08 01:28 . 2012-03-08 01:28 16384 c:\windows\Temp\Perflib_Perfdata_dec.dat
+ 2012-03-08 01:49 . 2012-03-08 01:49 16384 c:\windows\Temp\Perflib_Perfdata_560.dat
+ 2008-04-14 00:12 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
- 2008-04-14 00:12 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
- 2011-04-06 21:17 . 2011-02-05 18:25 82184 c:\windows\system32\spool\prtprocs\w32x86\lmdippr8.dll
+ 2011-04-06 21:17 . 2011-05-12 23:32 82184 c:\windows\system32\spool\prtprocs\w32x86\lmdippr8.dll
+ 2011-08-24 22:14 . 2009-02-25 21:32 59928 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co08ea\fxcompchannel.dll
+ 2011-08-24 22:14 . 2010-01-20 15:30 20480 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co08ea\cioum.dll
+ 2011-08-24 22:14 . 2009-02-25 21:32 59928 c:\windows\system32\spool\drivers\w32x86\3\fxcompchannel.dll
+ 2011-08-24 22:14 . 2010-01-20 15:30 20480 c:\windows\system32\spool\drivers\w32x86\3\cioum.dll
+ 2011-05-08 22:31 . 2010-04-20 01:47 41984 c:\windows\system32\ReinstallBackups\0026\DriverFiles\usbaapl.sys
+ 2004-08-04 12:00 . 2012-03-08 01:53 70550 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2011-11-18 12:35 60416 c:\windows\system32\packager.exe
+ 2004-08-04 12:00 . 2011-09-26 16:41 20480 c:\windows\system32\oleaccrc.dll
+ 2009-04-01 21:09 . 2012-02-08 15:46 82195 c:\windows\system32\nvModes.dat
- 2004-08-04 12:00 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll
+ 2004-08-04 12:00 . 2011-12-17 19:46 66560 c:\windows\system32\mshtmled.dll
+ 2007-08-14 00:54 . 2011-12-17 19:46 55296 c:\windows\system32\msfeedsbs.dll
- 2007-08-14 00:54 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll
+ 2011-05-08 22:56 . 2011-12-01 10:13 26964 c:\windows\system32\mlfcache.dat
+ 2004-08-04 12:00 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
- 2004-08-04 12:00 . 2008-04-14 00:11 23040 c:\windows\system32\mciseq.dll
- 2011-04-06 21:17 . 2011-02-05 18:25 82696 c:\windows\system32\lmdimon8.dll
+ 2011-04-06 21:17 . 2011-05-12 23:32 82696 c:\windows\system32\lmdimon8.dll
- 2004-08-04 12:00 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2011-12-17 19:46 25600 c:\windows\system32\jsproxy.dll
+ 2011-08-31 04:05 . 2011-08-31 04:05 50536 c:\windows\system32\jdns_sd.dll
+ 2010-08-21 21:13 . 2011-09-12 19:19 35328 c:\windows\system32\identprv.dll
+ 2010-08-06 16:13 . 2010-08-06 16:13 20480 c:\windows\system32\hpzisn12.dll
+ 2010-08-06 16:13 . 2010-08-06 16:13 29696 c:\windows\system32\hpzipt12.dll
+ 2010-08-06 16:13 . 2010-08-06 16:13 34816 c:\windows\system32\HPZipr12.dll
+ 2010-08-06 16:13 . 2010-08-06 16:13 53760 c:\windows\system32\HPZipm12.dll
+ 2010-08-06 16:13 . 2010-08-06 16:13 44032 c:\windows\system32\HPZinw12.dll
+ 2010-08-06 16:13 . 2010-08-06 16:13 50688 c:\windows\system32\HPZidr12.dll
+ 2011-08-24 22:14 . 2009-02-25 23:57 18944 c:\windows\system32\hppmopjl.dll
+ 2011-08-24 22:14 . 2011-02-09 08:52 49252 c:\windows\system32\hpmnque.dll
+ 2011-08-24 22:14 . 2011-02-09 08:52 49250 c:\windows\system32\hpmnndps.dll
+ 2010-01-19 20:10 . 2010-01-19 20:10 63488 c:\windows\system32\HPBWSDR.DLL
+ 2010-09-27 19:14 . 2010-09-27 19:14 41472 c:\windows\system32\hpbpro.dll
+ 2010-09-27 19:14 . 2010-09-27 19:14 25600 c:\windows\system32\hpboid.dll
+ 2010-09-27 19:14 . 2010-09-27 19:14 24576 c:\windows\system32\hpbmiapi.dll
+ 2011-08-24 22:14 . 2009-02-25 21:32 59928 c:\windows\system32\fxcompchannel.dll
+ 2011-10-12 22:09 . 2011-08-02 22:38 42496 c:\windows\system32\DRVSTORE\usbaapl_091115F4EDEB41DBA0EC91574CE905B4E0482482\usbaapl.sys
+ 2011-10-12 22:09 . 2011-08-02 22:38 18432 c:\windows\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\netaapl.sys
+ 2011-08-24 22:15 . 2009-02-26 00:01 16800 c:\windows\system32\DRVSTORE\hpzius13_05B772480188F6E84B5F710AEE01E9B1B210F3EC\drivers\dot4\WinxP\Hppaufd0.sys
+ 2011-08-24 22:15 . 2009-02-26 00:01 21568 c:\windows\system32\DRVSTORE\hpzius13_05B772480188F6E84B5F710AEE01E9B1B210F3EC\drivers\dot4\Win2000\HPZius12.sys
+ 2011-08-24 22:15 . 2009-02-26 00:01 16496 c:\windows\system32\DRVSTORE\hpzius13_05B772480188F6E84B5F710AEE01E9B1B210F3EC\drivers\dot4\Win2000\hpzipr12.sys
+ 2011-08-24 22:15 . 2009-02-26 00:01 49920 c:\windows\system32\DRVSTORE\hpzius13_05B772480188F6E84B5F710AEE01E9B1B210F3EC\drivers\dot4\Win2000\hpzid412.sys
+ 2011-08-24 22:15 . 2009-02-26 00:01 16496 c:\windows\system32\DRVSTORE\hpzipr13_C718F0BCB766AB304B4D56547604A8F299727A28\drivers\dot4\Win2000\HPZipr12.sys
+ 2011-08-24 22:15 . 2009-02-26 00:01 21568 c:\windows\system32\DRVSTORE\hpzipa13_B4F2E66F9403AB9C236B40903CCEBDF6D65EA31F\drivers\dot4\Win2000\HPZius12.sys
+ 2011-08-24 22:15 . 2009-02-26 00:01 16496 c:\windows\system32\DRVSTORE\hpzipa13_B4F2E66F9403AB9C236B40903CCEBDF6D65EA31F\drivers\dot4\Win2000\HPzipr12.sys
+ 2011-08-24 22:15 . 2009-02-26 00:01 49920 c:\windows\system32\DRVSTORE\hpzipa13_B4F2E66F9403AB9C236B40903CCEBDF6D65EA31F\drivers\dot4\Win2000\HPZid412.sys
+ 2011-08-24 22:15 . 2009-02-26 00:01 49920 c:\windows\system32\DRVSTORE\hpzid413_3A5260A84B6806AEEBD1C8CDBBDCA867E793704A\drivers\dot4\Win2000\HPZid412.sys
+ 2011-08-24 22:15 . 2009-02-25 23:58 26136 c:\windows\system32\DRVSTORE\hpmews01_33D63207E97D1A77C777E63C334E1AB26C93BCA4\hpfxgen.sys
+ 2011-08-24 22:15 . 2009-02-25 23:58 17432 c:\windows\system32\DRVSTORE\hpmews01_33D63207E97D1A77C777E63C334E1AB26C93BCA4\hpfxbulk.sys
+ 2010-11-03 14:23 . 2011-08-02 22:38 42496 c:\windows\system32\drivers\usbaapl.sys
+ 2004-08-04 12:00 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys
- 2010-11-12 00:44 . 2010-11-12 00:44 94208 c:\windows\system32\dpl100.dll
+ 2011-07-22 20:51 . 2011-07-22 20:51 94208 c:\windows\system32\dpl100.dll
+ 2011-08-31 04:05 . 2011-08-31 04:05 73064 c:\windows\system32\dnssd.dll
+ 2011-08-31 04:05 . 2011-08-31 04:05 83816 c:\windows\system32\dns-sd.exe
+ 2010-09-16 21:25 . 2011-12-17 19:46 12800 c:\windows\system32\dllcache\xpshims.dll
- 2010-09-16 21:25 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2012-01-19 15:35 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
+ 2004-08-04 12:00 . 2011-09-26 16:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2011-08-16 22:56 . 2011-07-08 14:02 10496 c:\windows\system32\dllcache\ndistapi.sys
+ 2007-08-14 00:54 . 2011-12-17 19:46 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-08-14 00:54 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-04-01 22:06 . 2011-12-17 19:46 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-04-01 22:06 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2012-01-19 15:35 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
- 2007-08-14 00:44 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-14 00:44 . 2011-12-17 19:46 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-14 00:54 . 2011-12-17 19:46 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2007-08-14 00:54 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-09-16 20:29 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2010-09-16 20:29 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2004-08-04 12:00 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
+ 2004-08-04 12:00 . 2011-10-28 05:31 33280 c:\windows\system32\csrsrv.dll
+ 2009-04-01 20:49 . 2012-02-26 17:02 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-01 20:49 . 2011-04-27 21:56 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-01 20:49 . 2012-02-26 17:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-04-01 20:49 . 2011-04-27 21:56 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-11-03 17:25 . 2012-02-26 17:02 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-04-01 20:49 . 2011-04-27 21:56 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-12-25 09:49 . 2011-12-25 09:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2011-07-18 14:33 . 2011-07-18 14:33 19968 c:\windows\Installer\9f249.msi
+ 2011-08-24 22:14 . 2011-08-24 22:14 66048 c:\windows\Installer\1a1b667.msi
+ 2012-02-01 21:07 . 2012-02-01 21:07 22016 c:\windows\Installer\132e497.msi
+ 2011-05-26 20:50 . 2011-05-26 20:50 99678 c:\windows\Installer\{DF6320E3-B716-4FAB-99CD-18AB6A2C3970}\controlPanelIcon.exe
- 2010-11-03 17:03 . 2011-04-14 14:31 35088 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-11-03 17:03 . 2012-01-09 14:18 35088 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-11-03 17:03 . 2011-04-14 14:31 18704 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-11-03 17:03 . 2012-01-09 14:18 18704 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-11-03 17:03 . 2012-01-09 14:18 20240 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-11-03 17:03 . 2011-04-14 14:31 20240 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-04-02 14:21 . 2012-02-17 04:37 35088 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-04-02 14:21 . 2011-04-14 14:35 35088 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-04-02 14:21 . 2011-04-14 14:35 18704 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-04-02 14:21 . 2012-02-17 04:37 18704 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-04-02 14:21 . 2011-04-14 14:35 20240 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-04-02 14:21 . 2012-02-17 04:37 20240 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-10-20 14:40 . 2011-03-14 19:23 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-10-20 14:40 . 2012-02-17 04:38 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-10-12 22:04 . 2011-10-12 22:04 27136 c:\windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
+ 2009-02-26 18:09 . 2009-02-26 18:09 10120 c:\windows\Installer\$PatchCache$\Managed\00002109210000000000000000F01FEC\12.0.6612\XLCALL32.DLL
+ 2009-02-26 23:43 . 2009-02-26 23:43 71520 c:\windows\Installer\$PatchCache$\Managed\00002109210000000000000000F01FEC\12.0.6612\XL12CNVP.DLL
+ 2009-02-26 22:45 . 2009-02-26 22:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002109210000000000000000F01FEC\12.0.6612\WRD12EXE.EXE
+ 2006-07-24 15:50 . 2006-07-24 15:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002109210000000000000000F01FEC\12.0.6612\VBAME.DLL
+ 2006-07-24 15:50 . 2006-07-24 15:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002109210000000000000000F01FEC\12.0.6612\MSADDNDR.DLL
+ 2009-04-02 14:21 . 2009-04-02 14:21 35648 c:\windows\Installer\$PatchCache$\Managed\00002109210000000000000000F01FEC\12.0.4518\OLCTLPIA.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 56192 c:\windows\Installer\$PatchCache$\Managed\00002109210000000000000000F01FEC\12.0.4518\ACECNFLT.EXE
+ 2006-07-24 15:50 . 2006-07-24 15:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\VBAME.DLL
+ 2011-07-20 11:17 . 2011-07-20 11:17 33152 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\SETLANG.EXE
+ 2011-07-27 10:53 . 2011-07-27 10:53 39464 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\REFIEBAR.DLL
+ 2009-02-27 01:21 . 2009-02-27 01:21 38224 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\REFEDIT.DLL
+ 2011-07-27 11:17 . 2011-07-27 11:17 22432 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\OISCTRL.DLL
+ 2011-07-27 10:53 . 2011-07-27 10:53 64872 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\NAME.DLL
+ 2009-02-26 23:07 . 2009-02-26 23:07 67440 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\MSOHTMED.EXE
+ 2009-02-26 23:07 . 2009-02-26 23:07 75120 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\MSOHEV.DLL
+ 2009-02-27 01:21 . 2009-02-27 01:21 25968 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\MSOEURO.DLL
+ 2011-07-27 10:34 . 2011-07-27 10:34 13712 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\MSOCFU.DLL
+ 2006-07-24 15:50 . 2006-07-24 15:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\MSADDNDR.DLL
+ 2011-07-27 23:49 . 2011-07-27 23:49 56696 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\EXP_XPS.DLL
+ 2011-07-27 23:49 . 2011-07-27 23:49 95608 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\EXP_PDF.DLL
+ 2009-02-26 23:07 . 2009-02-26 23:07 53120 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\AUTHZAX.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 55168 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\ACERCLR.DLL
+ 2009-02-26 17:18 . 2009-02-26 17:18 14192 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\ACEODTXT.DLL
+ 2009-02-26 17:18 . 2009-02-26 17:18 14192 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\ACEODPDX.DLL
+ 2009-02-26 17:18 . 2009-02-26 17:18 14192 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\ACEODEXL.DLL
+ 2009-02-26 17:18 . 2009-02-26 17:18 14192 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\ACEODDBS.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 47024 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\ACEERR.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 55240 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\ACECNFLT.EXE
+ 2006-10-27 03:59 . 2006-10-27 03:59 98072 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\VIEWMODL.DLL
+ 2012-02-17 04:38 . 2011-11-04 19:20 12800 c:\windows\ie8updates\KB2647516-IE8\xpshims.dll
+ 2012-02-17 04:38 . 2011-11-04 19:20 66560 c:\windows\ie8updates\KB2647516-IE8\mshtmled.dll
+ 2012-02-17 04:38 . 2011-11-04 19:20 55296 c:\windows\ie8updates\KB2647516-IE8\msfeedsbs.dll
+ 2012-02-17 04:38 . 2011-11-04 19:20 43520 c:\windows\ie8updates\KB2647516-IE8\licmgr10.dll
+ 2012-02-17 04:38 . 2011-11-04 19:20 25600 c:\windows\ie8updates\KB2647516-IE8\jsproxy.dll
+ 2012-01-09 14:42 . 2011-08-22 23:48 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
+ 2012-01-09 14:42 . 2011-08-22 23:48 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
+ 2012-01-09 14:42 . 2011-08-22 23:48 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
+ 2012-01-09 14:42 . 2011-08-22 23:48 43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
+ 2012-01-09 14:42 . 2011-08-22 23:48 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
+ 2011-10-18 15:07 . 2011-06-23 18:36 12800 c:\windows\ie8updates\KB2586448-IE8\xpshims.dll
+ 2011-10-18 15:07 . 2011-06-23 18:36 66560 c:\windows\ie8updates\KB2586448-IE8\mshtmled.dll
+ 2011-10-18 15:07 . 2011-06-23 18:36 55296 c:\windows\ie8updates\KB2586448-IE8\msfeedsbs.dll
+ 2011-10-18 15:07 . 2011-06-23 18:36 43520 c:\windows\ie8updates\KB2586448-IE8\licmgr10.dll
+ 2011-10-18 15:07 . 2011-06-23 18:36 25600 c:\windows\ie8updates\KB2586448-IE8\jsproxy.dll
+ 2011-08-16 22:59 . 2011-04-25 16:11 12800 c:\windows\ie8updates\KB2559049-IE8\xpshims.dll
+ 2011-08-16 22:59 . 2011-04-25 16:11 66560 c:\windows\ie8updates\KB2559049-IE8\mshtmled.dll
+ 2011-08-16 22:59 . 2011-04-25 16:11 55296 c:\windows\ie8updates\KB2559049-IE8\msfeedsbs.dll
+ 2011-08-16 22:59 . 2011-04-25 16:11 43520 c:\windows\ie8updates\KB2559049-IE8\licmgr10.dll
+ 2011-08-16 22:59 . 2011-04-25 16:11 25600 c:\windows\ie8updates\KB2559049-IE8\jsproxy.dll
+ 2011-06-17 00:42 . 2011-02-22 23:06 12800 c:\windows\ie8updates\KB2530548-IE8\xpshims.dll
+ 2011-06-17 00:42 . 2011-02-22 23:06 66560 c:\windows\ie8updates\KB2530548-IE8\mshtmled.dll
+ 2011-06-17 00:42 . 2011-02-22 23:06 55296 c:\windows\ie8updates\KB2530548-IE8\msfeedsbs.dll
+ 2011-06-17 00:42 . 2011-02-22 23:06 43520 c:\windows\ie8updates\KB2530548-IE8\licmgr10.dll
+ 2011-06-17 00:42 . 2011-02-22 23:06 25600 c:\windows\ie8updates\KB2530548-IE8\jsproxy.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 41472 c:\windows\Downloaded Program Files\WebEx\1224\wbxtrace.dll
+ 2011-05-20 21:58 . 2011-05-20 21:58 28160 c:\windows\Downloaded Program Files\WebEx\1224\wbxpdm.dll
+ 2011-05-20 21:58 . 2011-05-20 21:58 49152 c:\windows\Downloaded Program Files\WebEx\1224\wbxdmsinter.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 57856 c:\windows\Downloaded Program Files\WebEx\1224\wbxcrypt.dll
+ 2011-05-20 21:58 . 2011-05-20 21:58 52736 c:\windows\Downloaded Program Files\WebEx\1224\raurl.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 80384 c:\windows\Downloaded Program Files\WebEx\1224\mticket.dll
+ 2011-11-10 20:00 . 2011-11-10 20:00 38912 c:\windows\Downloaded Program Files\WebEx\1224\MJPGDecoder.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 50176 c:\windows\Downloaded Program Files\WebEx\1224\atpack.dll
+ 2011-05-20 21:58 . 2011-05-20 21:58 81408 c:\windows\Downloaded Program Files\WebEx\1224\atjpeg60.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 50688 c:\windows\Downloaded Program Files\WebEx\1224\atdocvu.dll
+ 2011-05-20 21:58 . 2011-05-20 21:58 69632 c:\windows\Downloaded Program Files\WebEx\1224\atcarmcl.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 44856 c:\windows\Downloaded Program Files\WebEx\1224\atasanot.exe
+ 2011-10-18 15:19 . 2011-10-18 15:19 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
+ 2012-02-17 04:54 . 2012-02-17 04:54 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\dab766b18e6fe0a8f53a93c56be7b40e\System.Windows.Presentation.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\31b65443e56a470d199f293085576e05\System.Web.DynamicData.Design.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\89dfd3999ad1d72c59243d7b4bf40d5a\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-10-18 15:33 . 2011-10-18 15:33 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e6a9cd66d11a21776dbf425e8e28099c\System.AddIn.Contract.ni.dll
+ 2012-02-17 04:45 . 2012-02-17 04:45 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3aa4296d4aa01fe0533de2c15f818d5f\PresentationFontCache.ni.exe
+ 2012-02-17 04:44 . 2012-02-17 04:44 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\820acb71782d9cd006800b3ac7e1ca53\PresentationCFFRasterizer.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\d07f0222f62dbed7898a6e2e909d407a\Microsoft.Vsa.ni.dll
+ 2011-10-18 15:33 . 2011-10-18 15:33 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll
+ 2011-10-18 15:33 . 2011-10-18 15:33 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll
+ 2011-10-18 15:33 . 2011-10-18 15:33 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ab7ce2d94ca725c3889a4e3c1ee88ece\dfsvc.ni.exe
+ 2011-10-18 15:33 . 2011-10-18 15:33 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-02-17 04:43 . 2012-02-17 04:43 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-04-14 14:33 . 2011-04-14 14:33 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-02-17 04:43 . 2012-02-17 04:43 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-11-11 15:41 . 2011-11-11 15:41 11144 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2011-11-11 15:41 . 2011-11-11 15:41 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2010-09-16 21:15 . 2010-09-16 21:15 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2011-11-11 15:41 . 2011-11-11 15:41 34696 c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2012-01-19 15:44 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2646524\update\spcustom.dll
+ 2012-01-19 15:44 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2646524\spmsg.dll
+ 2011-11-17 20:05 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2641690\update\spcustom.dll
+ 2011-11-17 20:05 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2641690\spmsg.dll
+ 2012-01-09 14:43 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2639417\update\spcustom.dll
+ 2012-01-09 14:43 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2639417\spmsg.dll
+ 2012-01-09 14:14 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2633171\update\spcustom.dll
+ 2012-01-09 14:11 . 2011-10-26 10:50 16896 c:\windows\$hf_mig$\KB2633171\update\mpsyschk.dll
+ 2012-01-09 14:14 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2633171\spmsg.dll
+ 2012-01-19 15:44 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2631813\update\spcustom.dll
+ 2012-01-19 15:44 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2631813\spmsg.dll
+ 2012-01-09 14:43 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2624667\update\spcustom.dll
+ 2012-01-09 14:43 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2624667\spmsg.dll
+ 2012-01-09 14:14 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2620712\update\spcustom.dll
+ 2012-01-09 14:14 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2620712\spmsg.dll
+ 2012-01-09 14:11 . 2011-10-28 05:31 33280 c:\windows\$hf_mig$\KB2620712\SP3QFE\csrsrv.dll
+ 2012-01-09 14:16 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2619339\update\spcustom.dll
+ 2012-01-09 14:16 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2619339\spmsg.dll
+ 2012-01-09 14:15 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2618451\update\spcustom.dll
+ 2012-01-09 14:15 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2618451\spmsg.dll
+ 2012-01-09 14:42 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2618444-IE8\update\spcustom.dll
+ 2012-01-09 14:42 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2618444-IE8\spmsg.dll
+ 2012-01-09 14:12 . 2011-11-04 19:19 12800 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\xpshims.dll
+ 2012-01-09 14:12 . 2011-11-04 19:19 66560 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mshtmled.dll
+ 2012-01-09 14:12 . 2011-11-04 19:19 55296 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\msfeedsbs.dll
+ 2012-01-09 14:12 . 2011-11-04 19:19 43520 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\licmgr10.dll
+ 2012-01-09 14:12 . 2011-11-04 19:19 25600 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\jsproxy.dll
+ 2011-09-16 00:22 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2616676\update\spcustom.dll
+ 2011-09-16 00:22 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2616676\spmsg.dll
+ 2011-10-18 15:14 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2616676-v2\update\spcustom.dll
+ 2011-10-18 15:14 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2616676-v2\spmsg.dll
+ 2012-01-19 15:41 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2603381\update\spcustom.dll
+ 2012-01-19 15:41 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2603381\spmsg.dll
+ 2012-01-19 15:41 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2598479\update\spcustom.dll
+ 2012-01-19 15:41 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2598479\spmsg.dll
+ 2012-01-19 15:35 . 2011-10-14 14:45 23040 c:\windows\$hf_mig$\KB2598479\SP3QFE\mciseq.dll
+ 2011-10-18 15:08 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2592799\update\spcustom.dll
+ 2011-10-18 15:08 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2592799\spmsg.dll
+ 2011-10-18 15:07 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2586448-IE8\update\spcustom.dll
+ 2011-10-18 15:07 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2586448-IE8\spmsg.dll
+ 2011-10-18 15:05 . 2011-08-22 23:47 12800 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\xpshims.dll
+ 2011-10-18 15:05 . 2011-08-22 23:47 66560 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtmled.dll
+ 2011-10-18 15:05 . 2011-08-22 23:47 55296 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\msfeedsbs.dll
+ 2011-10-18 15:05 . 2011-08-22 23:47 43520 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\licmgr10.dll
+ 2011-10-18 15:05 . 2011-08-22 23:47 25600 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\jsproxy.dll
+ 2012-01-19 15:44 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2585542\update\spcustom.dll
+ 2012-01-19 15:44 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2585542\spmsg.dll
+ 2012-01-19 15:39 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2584146\update\spcustom.dll
+ 2012-01-19 15:39 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2584146\spmsg.dll
+ 2012-01-19 15:35 . 2011-11-18 12:41 60416 c:\windows\$hf_mig$\KB2584146\SP3QFE\packager.exe
+ 2011-09-16 00:20 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2570947\update\spcustom.dll
+ 2011-09-16 00:20 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2570947\spmsg.dll
+ 2011-08-16 23:02 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2570222\update\spcustom.dll
+ 2011-08-16 23:02 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2570222\spmsg.dll
+ 2011-08-16 23:03 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2567680\update\spcustom.dll
+ 2011-08-16 23:03 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2567680\spmsg.dll
+ 2011-10-18 15:08 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2567053\update\spcustom.dll
+ 2011-10-18 15:08 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2567053\spmsg.dll
+ 2011-08-16 22:59 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2566454\update\spcustom.dll
+ 2011-08-16 22:59 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2566454\spmsg.dll
+ 2011-08-16 22:56 . 2011-07-08 13:51 10496 c:\windows\$hf_mig$\KB2566454\SP3QFE\ndistapi.sys
+ 2011-08-16 22:59 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2562937\update\spcustom.dll
+ 2011-08-16 22:59 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2562937\spmsg.dll
+ 2011-08-16 23:00 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2559049-IE8\update\spcustom.dll
+ 2011-08-16 23:00 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2559049-IE8\spmsg.dll
+ 2011-08-16 22:56 . 2011-06-23 18:33 12800 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\xpshims.dll
+ 2011-08-16 22:56 . 2011-06-23 18:33 66560 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtmled.dll
+ 2011-08-16 22:56 . 2011-06-23 18:33 55296 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\msfeedsbs.dll
+ 2011-08-16 22:56 . 2011-06-23 18:33 43520 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\licmgr10.dll
+ 2011-08-16 22:56 . 2011-06-23 18:33 25600 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\jsproxy.dll
+ 2011-07-18 14:28 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2555917\update\spcustom.dll
+ 2011-07-18 14:28 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2555917\spmsg.dll
+ 2011-06-17 00:39 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2544893\update\spcustom.dll
+ 2011-06-17 00:39 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2544893\spmsg.dll
+ 2011-11-17 20:07 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2544893-v2\update\spcustom.dll
+ 2011-11-17 20:07 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2544893-v2\spmsg.dll
+ 2011-06-17 00:36 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2544521-IE8\update\spcustom.dll
+ 2011-06-17 00:36 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2544521-IE8\spmsg.dll
+ 2011-07-18 14:30 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2541763\update\spcustom.dll
+ 2011-07-18 14:30 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2541763\spmsg.dll
+ 2011-06-17 00:42 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2536276\update\spcustom.dll
+ 2011-06-17 00:42 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2536276\spmsg.dll
+ 2011-08-16 23:02 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2536276-v2\update\spcustom.dll
+ 2011-08-16 23:02 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2536276-v2\spmsg.dll
+ 2011-06-17 00:42 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2535512\update\spcustom.dll
+ 2011-06-17 00:42 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2535512\spmsg.dll
+ 2011-06-17 00:42 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2530548-IE8\update\spcustom.dll
+ 2011-06-17 00:42 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2530548-IE8\spmsg.dll
+ 2011-06-17 00:19 . 2011-04-25 16:09 12800 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\xpshims.dll
+ 2011-06-17 00:19 . 2011-04-25 16:09 66560 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\mshtmled.dll
+ 2011-06-17 00:19 . 2011-04-25 16:09 55296 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\msfeedsbs.dll
+ 2011-06-17 00:19 . 2011-04-25 16:09 43520 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\licmgr10.dll
+ 2011-06-17 00:19 . 2011-04-25 16:09 25600 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\jsproxy.dll
+ 2011-07-18 14:38 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2507938\update\spcustom.dll
+ 2011-07-18 14:38 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2507938\spmsg.dll
+ 2011-07-18 14:25 . 2011-04-26 11:02 33280 c:\windows\$hf_mig$\KB2507938\SP3QFE\csrsrv.dll
+ 2011-06-17 00:43 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2503665\update\spcustom.dll
+ 2011-06-17 00:43 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2503665\spmsg.dll
+ 2011-06-17 00:43 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2476490\update\spcustom.dll
+ 2011-06-17 00:43 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2476490\spmsg.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\wm.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\wceusbsh.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\WaveFDE.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\USBDeviceService.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\USBCamera.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\tones.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\TMKEmu.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\TMHIDSRV.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\tdpipe.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\symantecantibotdriver.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\superproserver.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\ssdiagn.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\spcsutilityservice.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\slabbus.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\s116mgmt.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\rtl8185.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\rimmptsk.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\qserver.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\PSSdk23.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\pdlnctdl.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\o2flash.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\mssqlserveradhelper.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\MMRTKRNL.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\lxcgcustomerconnect.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\LUsbFilt.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\license.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\imonnt.dll
+ 2010-09-27 19:14 . 2010-09-27 19:14 7680 c:\windows\system32\hpbprops.dll
+ 2010-09-27 19:14 . 2010-09-27 19:14 7680 c:\windows\system32\hpboidps.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\FTSER2K.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\edspport.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\cqmgserv.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\cqmghost.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\cdfs.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\AVRec.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\alcxwdm.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\agp440.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\adobeversioncue.dll
+ 2011-11-30 11:41 . 2011-11-30 11:43 1901 c:\windows\panose.bin
+ 2011-05-20 21:58 . 2011-05-20 21:58 8704 c:\windows\Downloaded Program Files\WebEx\1224\atmemmgr.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 9216 c:\windows\Downloaded Program Files\WebEx\1224\atkbctl.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-02-17 04:43 . 2012-02-17 04:43 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-04-14 14:33 . 2011-04-14 14:33 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-04-14 14:32 . 2011-04-14 14:32 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-01-19 15:35 . 2011-11-03 18:17 4608 c:\windows\$hf_mig$\KB2603381\update\customaddreg.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-05-14 06:17 . 2011-05-14 06:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
+ 2011-05-14 06:12 . 2011-05-14 06:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
+ 2011-05-14 06:11 . 2011-05-14 06:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
- 2004-08-04 12:00 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
+ 2004-08-04 12:00 . 2011-11-25 21:57 293376 c:\windows\system32\winsrv.dll
+ 2004-08-04 12:00 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 176128 c:\windows\system32\winmm.dll
- 2004-08-04 12:00 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
+ 2004-08-04 12:00 . 2011-11-16 14:21 354816 c:\windows\system32\winhttp.dll
- 2004-08-04 12:00 . 2009-03-08 09:34 105984 c:\windows\system32\url.dll
+ 2004-08-04 12:00 . 2011-12-17 19:46 105984 c:\windows\system32\url.dll
+ 2008-07-30 00:59 . 2011-09-26 16:41 611328 c:\windows\system32\uiautomationcore.dll

zeroaccess
Novice
Novice

Posts Posts : 15
Joined Joined : 2012-03-07
Gender Gender : Male
OS OS : XP
Points Points : 17543
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Urgent Help with Trojan.Zeroaccess!inf

Post by zeroaccess on Thu Mar 08, 2012 2:16 am

And More**

+ 2011-08-24 22:14 . 2011-02-09 17:24 314880 c:\windows\system32\spool\prtprocs\w32x86\hpcpp112.dll
+ 2011-08-24 22:14 . 2009-07-13 23:16 542208 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co08ea\pscript5.dll
+ 2011-08-24 22:14 . 2009-07-13 23:16 726016 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co08ea\ps5ui.dll
+ 2011-08-24 22:14 . 2010-03-25 16:10 146944 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co08ea\hpsysobj.dll
+ 2011-08-24 22:14 . 2010-09-19 19:51 167480 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co08ea\hppccompio.dll
+ 2011-08-24 22:14 . 2011-02-09 17:13 867328 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co08ea\hpmur112.dll
+ 2011-08-24 22:14 . 2011-02-09 17:12 181248 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co08ea\hpmpw081.dll
+ 2011-08-24 22:14 . 2011-02-09 17:12 246272 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co08ea\hpmpm081.dll
+ 2011-08-24 22:14 . 2011-02-09 17:11 784384 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co08ea\hpmdp112.dll
+ 2011-08-24 22:14 . 2011-02-09 17:24 132608 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co08ea\hpfxcomw.dll
+ 2011-08-24 22:14 . 2010-09-23 23:31 532992 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co08ea\HPDRVJCT.dll
+ 2011-08-24 22:14 . 2011-02-09 17:24 660480 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co08ea\hpcsr112.dll
+ 2011-08-24 22:14 . 2009-02-25 23:57 135168 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co08ea\hpcsat20.dll
+ 2011-08-24 22:14 . 2011-02-09 17:24 287232 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co08ea\hpcpn112.dll
+ 2011-08-24 22:14 . 2011-02-09 17:24 276480 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co08ea\hpcpe112.dll
+ 2011-08-24 22:14 . 2011-02-09 17:24 536576 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co08ea\hpcev112.dll
+ 2011-08-24 22:14 . 2010-04-23 11:18 507904 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co08ea\hpcdmc32.dll
+ 2011-08-24 22:14 . 2011-02-09 17:24 321536 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co08ea\hpcc3112.dll
+ 2011-08-24 22:14 . 2010-10-05 20:34 348160 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co08ea\cioum32.msi
+ 2011-08-24 22:14 . 2009-07-13 23:16 542208 c:\windows\system32\spool\drivers\w32x86\3\pscript5.dll
+ 2011-08-24 22:14 . 2009-07-13 23:16 726016 c:\windows\system32\spool\drivers\w32x86\3\ps5ui.dll
- 2011-04-06 21:17 . 2011-02-05 18:25 160008 c:\windows\system32\spool\drivers\w32x86\3\lmdiui8.dll
+ 2012-02-01 20:36 . 2011-05-12 23:32 160008 c:\windows\system32\spool\drivers\w32x86\3\lmdiui8.dll
- 2011-04-06 21:17 . 2011-02-05 18:25 984336 c:\windows\system32\spool\drivers\w32x86\3\lmdigraph8.dll
+ 2012-02-01 20:36 . 2011-05-12 23:32 984336 c:\windows\system32\spool\drivers\w32x86\3\lmdigraph8.dll
+ 2011-08-24 22:14 . 2010-03-25 16:10 146944 c:\windows\system32\spool\drivers\w32x86\3\hpsysobj.dll
+ 2011-08-24 22:14 . 2010-09-19 19:51 167480 c:\windows\system32\spool\drivers\w32x86\3\hppccompio.dll
+ 2011-08-24 22:14 . 2011-02-09 17:13 867328 c:\windows\system32\spool\drivers\w32x86\3\hpmur112.dll
+ 2011-08-24 22:14 . 2011-02-09 17:12 181248 c:\windows\system32\spool\drivers\w32x86\3\hpmpw081.dll
+ 2011-08-24 22:14 . 2011-02-09 17:12 246272 c:\windows\system32\spool\drivers\w32x86\3\hpmpm081.dll
+ 2011-08-24 22:14 . 2011-02-09 17:11 784384 c:\windows\system32\spool\drivers\w32x86\3\hpmdp112.dll
+ 2011-08-24 22:14 . 2011-02-09 17:24 132608 c:\windows\system32\spool\drivers\w32x86\3\hpfxcomw.dll
+ 2011-08-24 22:14 . 2010-09-23 23:31 532992 c:\windows\system32\spool\drivers\w32x86\3\HPDRVJCT.dll
+ 2011-08-24 22:14 . 2011-02-09 17:24 660480 c:\windows\system32\spool\drivers\w32x86\3\hpcsr112.dll
+ 2011-08-24 22:14 . 2009-02-25 23:57 135168 c:\windows\system32\spool\drivers\w32x86\3\hpcsat20.dll
+ 2011-08-24 22:14 . 2011-02-09 17:24 287232 c:\windows\system32\spool\drivers\w32x86\3\hpcpn112.dll
+ 2011-08-24 22:14 . 2011-02-09 17:24 276480 c:\windows\system32\spool\drivers\w32x86\3\hpcpe112.dll
+ 2011-08-24 22:14 . 2011-02-09 17:24 536576 c:\windows\system32\spool\drivers\w32x86\3\hpcev112.dll
+ 2007-02-16 16:22 . 2010-04-23 11:18 507904 c:\windows\system32\spool\drivers\w32x86\3\hpcdmc32.dll
+ 2011-08-24 22:14 . 2011-02-09 17:24 321536 c:\windows\system32\spool\drivers\w32x86\3\hpcc3112.dll
+ 2011-08-24 22:14 . 2010-10-05 20:34 348160 c:\windows\system32\spool\drivers\w32x86\3\cioum32.msi
+ 2004-08-04 12:00 . 2011-11-16 14:21 152064 c:\windows\system32\schannel.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 386048 c:\windows\system32\qdvd.dll
+ 2004-08-04 12:00 . 2011-11-03 15:28 386048 c:\windows\system32\qdvd.dll
+ 2004-08-04 12:00 . 2012-03-08 01:53 439612 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 551936 c:\windows\system32\oleaut32.dll
+ 2004-08-04 12:00 . 2011-09-26 16:41 220160 c:\windows\system32\oleacc.dll
- 2004-08-04 12:00 . 2011-02-22 23:06 206848 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2011-12-17 19:46 206848 c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2011-12-17 19:46 611840 c:\windows\system32\mstime.dll
- 2007-08-14 00:54 . 2011-02-22 23:06 602112 c:\windows\system32\msfeeds.dll
+ 2007-08-14 00:54 . 2011-12-17 19:46 602112 c:\windows\system32\msfeeds.dll
+ 2011-11-11 15:33 . 2011-11-11 15:33 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe
+ 2012-01-09 14:41 . 2012-01-09 14:41 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
+ 2012-01-09 14:41 . 2012-01-09 14:41 335520 c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.dll
+ 2011-10-28 01:37 . 2011-10-28 01:37 247968 c:\windows\system32\Macromed\Flash\FlashUtil11c_Plugin.exe
+ 2011-10-14 14:03 . 2011-10-14 14:03 247968 c:\windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe
+ 2011-07-18 15:52 . 2011-05-04 09:52 157472 c:\windows\system32\javaws.exe
- 2011-04-28 18:25 . 2011-02-03 02:40 157472 c:\windows\system32\javaws.exe
- 2011-04-28 18:25 . 2011-02-03 02:40 145184 c:\windows\system32\javaw.exe
+ 2011-07-18 15:52 . 2011-05-04 09:52 145184 c:\windows\system32\javaw.exe
- 2011-04-28 18:25 . 2011-02-03 02:40 145184 c:\windows\system32\java.exe
+ 2011-07-18 15:52 . 2011-05-04 09:52 145184 c:\windows\system32\java.exe
- 2009-04-01 20:43 . 2011-03-07 05:33 692736 c:\windows\system32\inetcomm.dll
+ 2009-04-01 20:43 . 2011-10-10 14:22 692736 c:\windows\system32\inetcomm.dll
- 2004-08-04 12:00 . 2011-02-22 23:06 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2011-12-17 19:46 184320 c:\windows\system32\iepeers.dll
- 2004-08-04 12:00 . 2011-02-22 23:06 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2011-12-17 19:46 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2011-12-16 12:23 174080 c:\windows\system32\ie4uinit.exe
+ 2011-08-24 22:14 . 2010-09-19 19:51 167480 c:\windows\system32\hppccompio.dll
+ 2011-08-24 22:14 . 2011-02-09 17:12 223232 c:\windows\system32\hpmtp112.dll
+ 2011-08-24 22:14 . 2011-02-09 17:12 181248 c:\windows\system32\hpmpw081.dll
+ 2011-08-24 22:14 . 2009-02-26 00:01 372736 c:\windows\system32\hpmprein.dll
+ 2011-08-24 22:14 . 2011-02-09 17:12 246272 c:\windows\system32\hpmpm081.dll
+ 2011-08-24 22:14 . 2011-02-09 17:12 328704 c:\windows\system32\hpmml112.dll
+ 2011-08-24 22:14 . 2011-02-09 17:12 278528 c:\windows\system32\hpmja112.dll
+ 2011-08-24 22:14 . 2011-02-09 17:11 111104 c:\windows\system32\hpmco112.dll
+ 2010-05-06 20:19 . 2010-05-06 20:19 162816 c:\windows\system32\hplbddrv.dll
+ 2011-08-24 22:14 . 2011-02-09 17:24 287232 c:\windows\system32\hpcpn112.dll
+ 2009-04-01 14:32 . 2012-02-17 13:22 148400 c:\windows\system32\FNTCACHE.DAT
- 2004-08-04 12:00 . 2011-02-09 13:53 186880 c:\windows\system32\encdec.dll
+ 2004-08-04 12:00 . 2011-10-18 11:13 186880 c:\windows\system32\encdec.dll
+ 2011-08-24 22:15 . 2009-02-26 00:01 286720 c:\windows\system32\DRVSTORE\hpzius13_05B772480188F6E84B5F710AEE01E9B1B210F3EC\HPZc3212.dll
+ 2011-08-24 22:15 . 2009-02-26 00:01 372736 c:\windows\system32\DRVSTORE\hpzius13_05B772480188F6E84B5F710AEE01E9B1B210F3EC\drivers\dot4\Win2000\hppldcoi.dll
+ 2011-08-24 22:15 . 2009-02-26 00:01 309760 c:\windows\system32\DRVSTORE\hpzius13_05B772480188F6E84B5F710AEE01E9B1B210F3EC\drivers\dot4\Win2000\difxapi.dll
+ 2011-08-24 22:15 . 2009-02-26 00:01 286720 c:\windows\system32\DRVSTORE\hpzipa13_B4F2E66F9403AB9C236B40903CCEBDF6D65EA31F\HPZc3212.dll
+ 2011-08-24 22:15 . 2009-02-26 00:01 372736 c:\windows\system32\DRVSTORE\hpzipa13_B4F2E66F9403AB9C236B40903CCEBDF6D65EA31F\drivers\dot4\Win2000\hppldcoi.dll
+ 2011-08-24 22:15 . 2009-02-26 00:01 309760 c:\windows\system32\DRVSTORE\hpzipa13_B4F2E66F9403AB9C236B40903CCEBDF6D65EA31F\drivers\dot4\Win2000\difxapi.dll
+ 2011-08-24 22:15 . 2009-02-25 23:59 188416 c:\windows\system32\DRVSTORE\hpmews01_33D63207E97D1A77C777E63C334E1AB26C93BCA4\hpmews01.dll
+ 2011-08-24 22:15 . 2009-02-26 00:01 372736 c:\windows\system32\DRVSTORE\hpcu112d_4A30E2406538FCCFC21B9F0B1C80F26AA9530955\hpmprein.dll
+ 2011-08-24 22:15 . 2011-02-09 17:11 111104 c:\windows\system32\DRVSTORE\hpcu112d_4A30E2406538FCCFC21B9F0B1C80F26AA9530955\hpmco112.dll
+ 2011-08-24 22:15 . 2009-02-26 00:01 309760 c:\windows\system32\DRVSTORE\hpcu112d_4A30E2406538FCCFC21B9F0B1C80F26AA9530955\drivers\dot4\Win2000\difxapi.dll
- 2009-04-01 20:42 . 2008-04-14 00:13 139656 c:\windows\system32\drivers\rdpwd.sys
+ 2009-04-01 20:42 . 2011-06-24 14:10 139656 c:\windows\system32\drivers\rdpwd.sys
+ 2004-08-04 12:00 . 2011-04-21 13:37 105472 c:\windows\system32\drivers\mup.sys
+ 2004-08-04 12:00 . 2011-07-15 13:29 456320 c:\windows\system32\drivers\mrxsmb.sys
+ 2004-08-04 12:00 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd.sys
- 2004-08-04 12:00 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys
+ 2011-08-31 04:05 . 2011-08-31 04:05 178536 c:\windows\system32\dnssdX.dll
+ 2010-09-20 16:23 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
- 2010-09-20 16:23 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2012-01-19 15:35 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
+ 2007-08-14 00:54 . 2011-12-17 19:46 916992 c:\windows\system32\dllcache\wininet.dll
- 2010-09-16 20:28 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2010-09-16 20:28 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2007-08-14 00:54 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll
+ 2007-08-14 00:44 . 2011-12-17 19:46 105984 c:\windows\system32\dllcache\url.dll
- 2007-08-14 00:44 . 2009-03-08 09:34 105984 c:\windows\system32\dllcache\url.dll
+ 2008-12-05 06:54 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
+ 2011-08-16 22:56 . 2011-06-24 14:10 139656 c:\windows\system32\dllcache\rdpwd.sys
+ 2012-01-19 15:35 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
+ 2011-06-17 00:19 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
+ 2004-08-04 12:00 . 2011-09-26 16:41 220160 c:\windows\system32\dllcache\oleacc.dll
+ 2007-08-14 00:44 . 2011-12-17 19:46 206848 c:\windows\system32\dllcache\occache.dll
- 2007-08-14 00:44 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll
+ 2011-06-17 00:19 . 2011-04-21 13:37 105472 c:\windows\system32\dllcache\mup.sys
+ 2007-08-14 00:54 . 2011-12-17 19:46 611840 c:\windows\system32\dllcache\mstime.dll
- 2007-08-14 00:54 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-04-01 22:06 . 2011-12-17 19:46 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2009-04-01 22:06 . 2011-02-22 23:06 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-04-01 22:00 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys
- 2009-04-01 22:00 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-04-01 22:00 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-09-16 21:25 . 2011-12-17 19:46 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2010-09-16 21:25 . 2011-02-22 23:06 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2007-08-14 00:54 . 2011-12-17 19:46 184320 c:\windows\system32\dllcache\iepeers.dll
- 2007-08-14 00:54 . 2011-02-22 23:06 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-09-16 21:25 . 2011-12-17 19:46 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-09-16 21:25 . 2011-02-22 23:06 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2007-08-14 00:39 . 2011-02-22 23:06 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-14 00:39 . 2011-12-17 19:46 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-14 00:39 . 2011-12-16 12:23 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2011-03-14 19:04 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
+ 2011-03-14 19:04 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll
+ 2011-09-16 00:00 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
- 2008-06-20 11:40 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys
+ 2008-06-20 11:40 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys
+ 2011-08-24 22:14 . 2009-02-26 00:01 309760 c:\windows\system32\difxapi.dll
- 2010-09-20 18:30 . 2011-02-03 02:40 472808 c:\windows\system32\deployJava1.dll
+ 2010-09-20 18:30 . 2011-05-04 09:52 472808 c:\windows\system32\deployJava1.dll
+ 2004-08-04 12:00 . 2011-09-28 07:06 599040 c:\windows\system32\crypt32.dll
- 2004-08-04 12:00 . 2008-04-14 00:11 599040 c:\windows\system32\crypt32.dll
+ 2012-02-26 15:43 . 2012-02-27 05:26 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
- 2010-09-20 16:21 . 2010-09-20 16:39 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
+ 2010-09-17 14:15 . 2012-03-08 01:02 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2010-09-17 14:15 . 2011-04-15 14:46 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2011-12-25 09:49 . 2011-12-25 09:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2011-07-07 10:18 . 2011-07-07 10:18 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-01-18 09:39 . 2011-01-18 09:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-01-18 09:39 . 2011-01-18 09:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-03-25 11:15 . 2011-03-25 11:15 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2011-01-18 09:39 . 2011-01-18 09:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-07-07 10:18 . 2011-07-07 10:18 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2012-02-22 17:09 . 2012-02-22 17:09 331264 c:\windows\Installer\610dca.msi
+ 2011-12-25 11:40 . 2011-12-25 11:40 819200 c:\windows\Installer\52373.msp
+ 2011-07-18 15:53 . 2011-07-18 15:53 203776 c:\windows\Installer\41c6c9.msi
+ 2012-01-19 16:35 . 2012-01-19 16:35 333824 c:\windows\Installer\2bdf37.msi
+ 2011-06-17 00:39 . 2011-06-17 00:39 467456 c:\windows\Installer\233bd70.msi
+ 2011-10-04 21:10 . 2011-10-04 21:10 178688 c:\windows\Installer\165d31c.msi
+ 2011-05-26 20:50 . 2011-05-26 20:50 570880 c:\windows\Installer\1655473.msi
+ 2012-01-30 16:08 . 2012-01-30 16:08 380928 c:\windows\Installer\{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}\iTunesIco.exe
- 2010-09-16 21:14 . 2010-09-16 21:14 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2011-11-11 15:39 . 2011-11-11 15:39 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2010-11-03 17:03 . 2011-04-14 14:31 327952 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\visicon.exe
+ 2010-11-03 17:03 . 2012-01-09 14:18 327952 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\visicon.exe
+ 2010-11-03 17:03 . 2012-01-09 14:18 217864 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\misc.exe
- 2010-11-03 17:03 . 2011-04-14 14:31 217864 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\misc.exe
- 2009-04-02 14:21 . 2011-04-14 14:35 888080 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-04-02 14:21 . 2012-02-17 04:37 888080 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-04-02 14:21 . 2012-02-17 04:37 922384 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\pptico.exe
- 2009-04-02 14:21 . 2011-04-14 14:35 922384 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\pptico.exe
- 2009-04-02 14:21 . 2011-04-14 14:35 845584 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-04-02 14:21 . 2012-02-17 04:37 845584 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-04-02 14:21 . 2012-02-17 04:37 217864 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\misc.exe
- 2009-04-02 14:21 . 2011-04-14 14:35 217864 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\misc.exe
+ 2011-01-14 12:10 . 2011-01-14 12:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL
+ 2011-01-14 12:10 . 2011-01-14 12:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL
+ 2007-06-08 00:51 . 2007-06-08 00:51 125320 c:\windows\Installer\$PatchCache$\Managed\00002109210000000000000000F01FEC\12.0.6612\SSGEN.DLL
+ 2011-05-31 21:58 . 2011-05-31 21:58 521080 c:\windows\Installer\$PatchCache$\Managed\00002109210000000000000000F01FEC\12.0.6612\POWERPNT.EXE
+ 2007-06-08 00:51 . 2007-06-08 00:51 465800 c:\windows\Installer\$PatchCache$\Managed\00002109210000000000000000F01FEC\12.0.6612\OUTLFLTR.DLL
+ 2008-03-19 11:27 . 2008-03-19 11:27 661536 c:\windows\Installer\$PatchCache$\Managed\00002109210000000000000000F01FEC\12.0.6612\OGALEGIT.DLL
+ 2006-07-24 15:50 . 2006-07-24 15:50 125744 c:\windows\Installer\$PatchCache$\Managed\00002109210000000000000000F01FEC\12.0.6612\MSSTDFMT.DLL
+ 2008-10-25 11:18 . 2008-10-25 11:18 172880 c:\windows\Installer\$PatchCache$\Managed\00002109210000000000000000F01FEC\12.0.6612\IEAWSDC.DLL
+ 2006-10-27 20:35 . 2006-10-27 20:35 436512 c:\windows\Installer\$PatchCache$\Managed\00002109210000000000000000F01FEC\12.0.4518\UMOUTLOOKADDIN.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 764800 c:\windows\Installer\$PatchCache$\Managed\00002109210000000000000000F01FEC\12.0.4518\ACECNF.DLL
+ 2011-07-27 10:58 . 2011-07-27 10:58 439160 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\SETUP.EXE
+ 2011-07-27 10:54 . 2011-07-27 10:54 503184 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\SELFCERT.EXE
+ 2011-07-27 10:36 . 2011-07-27 10:36 481640 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\PORTCONN.DLL
+ 2007-06-08 00:51 . 2007-06-08 00:51 465800 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\OUTLFLTR.DLL
+ 2011-07-27 11:17 . 2011-07-27 11:17 284560 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\OISGRAPH.DLL
+ 2011-07-27 11:16 . 2011-07-27 11:16 997768 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\OISAPP.DLL
+ 2011-07-27 11:16 . 2011-07-27 11:16 273792 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\OIS.EXE
+ 2008-03-19 11:27 . 2008-03-19 11:27 661536 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\OGALEGIT.DLL
+ 2009-02-26 21:24 . 2009-02-26 21:24 231864 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\ODEPLOY.EXE
+ 2011-07-20 11:22 . 2011-07-20 11:22 538968 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\MSTORES.DLL
+ 2011-07-20 11:22 . 2011-07-20 11:22 144728 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\MSTORE.EXE
+ 2011-07-20 11:22 . 2011-07-20 11:22 832360 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\MSTORDB.EXE
+ 2006-07-24 15:50 . 2006-07-24 15:50 125744 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\MSSTDFMT.DLL
+ 2009-02-26 04:02 . 2009-02-26 04:02 504176 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\MSSOAP30.DLL
+ 2011-05-31 23:19 . 2011-05-31 23:19 732000 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\MSPROOF6.DLL
+ 2009-02-26 03:46 . 2009-02-26 03:46 435568 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\MSORUN.DLL
+ 2011-07-27 10:53 . 2011-07-27 10:53 427856 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\MSODCW.DLL
+ 2011-07-27 10:34 . 2011-07-27 10:34 160632 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\MSOCF.DLL
+ 2011-06-23 15:54 . 2011-06-23 15:54 119160 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\MSCONV97.DLL
+ 2011-07-20 11:22 . 2011-07-20 11:22 828264 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\MEDCAT.DLL
+ 2008-10-25 11:18 . 2008-10-25 11:18 172880 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\IEAWSDC.DLL
+ 2009-02-26 21:24 . 2009-02-26 21:24 970128 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\FPWEC.DLL
+ 2011-07-27 11:13 . 2011-07-27 11:13 434080 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\DWTRIG20.EXE
+ 2011-07-27 11:13 . 2011-07-27 11:13 439128 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\DWDCW20.DLL
+ 2011-07-27 10:53 . 2011-07-27 10:53 105872 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\DSSM.EXE
+ 2011-07-27 12:13 . 2011-07-27 12:13 204664 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\CLVIEW.EXE
+ 2011-07-27 12:20 . 2011-07-27 12:20 400216 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\CDLMSO.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 370608 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\ACEXBE.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 223152 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\ACETXT.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 550840 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\ACEREP.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 288688 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\ACER3X.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 255920 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\ACER2X.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 391096 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\ACEPDE.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 378808 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\ACEOLEDB.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 278912 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\ACEODBC.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 206776 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\ACELTS.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 632752 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\ACEEXCL.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 337848 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\ACEEXCH.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 186304 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\ACEES.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 571320 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\ACEDAO.DLL
+ 2011-07-27 10:41 . 2011-07-27 10:41 763848 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\ACECNF.DLL
+ 2006-10-27 03:59 . 2006-10-27 03:59 120088 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\PROJMODL.DLL
+ 2012-02-17 04:38 . 2011-11-04 19:20 916992 c:\windows\ie8updates\KB2647516-IE8\wininet.dll
+ 2012-02-17 04:38 . 2011-11-04 19:20 105984 c:\windows\ie8updates\KB2647516-IE8\url.dll
+ 2012-02-17 04:38 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2647516-IE8\spuninst\updspapi.dll
+ 2012-02-17 04:38 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2647516-IE8\spuninst\spuninst.exe
+ 2012-02-17 04:38 . 2011-11-04 19:20 206848 c:\windows\ie8updates\KB2647516-IE8\occache.dll
+ 2012-02-17 04:38 . 2011-11-04 19:20 611840 c:\windows\ie8updates\KB2647516-IE8\mstime.dll
+ 2012-02-17 04:38 . 2011-11-04 19:20 602112 c:\windows\ie8updates\KB2647516-IE8\msfeeds.dll
+ 2012-02-17 04:38 . 2011-11-04 19:20 247808 c:\windows\ie8updates\KB2647516-IE8\ieproxy.dll
+ 2012-02-17 04:38 . 2011-11-04 19:20 184320 c:\windows\ie8updates\KB2647516-IE8\iepeers.dll
+ 2012-02-17 04:38 . 2011-11-04 19:20 743424 c:\windows\ie8updates\KB2647516-IE8\iedvtool.dll
+ 2012-02-17 04:38 . 2011-11-04 19:20 387584 c:\windows\ie8updates\KB2647516-IE8\iedkcs32.dll
+ 2012-02-17 04:38 . 2011-11-04 11:24 174080 c:\windows\ie8updates\KB2647516-IE8\ie4uinit.exe
+ 2012-01-09 14:42 . 2011-08-22 23:48 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
+ 2012-01-09 14:42 . 2011-08-22 23:48 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
+ 2012-01-09 14:42 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
+ 2012-01-09 14:42 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
+ 2012-01-09 14:42 . 2011-08-22 23:48 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
+ 2012-01-09 14:42 . 2011-08-22 23:48 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
+ 2012-01-09 14:42 . 2011-08-22 23:48 602112 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
+ 2012-01-09 14:42 . 2011-08-22 23:48 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
+ 2012-01-09 14:42 . 2011-08-22 23:48 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
+ 2012-01-09 14:42 . 2011-08-22 23:48 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
+ 2012-01-09 14:42 . 2011-08-22 23:48 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
+ 2012-01-09 14:42 . 2011-08-22 11:56 174080 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
+ 2011-10-18 15:07 . 2011-06-23 18:36 916480 c:\windows\ie8updates\KB2586448-IE8\wininet.dll
+ 2011-10-18 15:07 . 2011-06-23 18:36 105984 c:\windows\ie8updates\KB2586448-IE8\url.dll
+ 2011-10-18 15:07 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2586448-IE8\spuninst\updspapi.dll
+ 2011-10-18 15:07 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2586448-IE8\spuninst\spuninst.exe
+ 2011-10-18 15:07 . 2011-06-23 18:36 206848 c:\windows\ie8updates\KB2586448-IE8\occache.dll
+ 2011-10-18 15:07 . 2011-06-23 18:36 611840 c:\windows\ie8updates\KB2586448-IE8\mstime.dll
+ 2011-10-18 15:07 . 2011-06-23 18:36 602112 c:\windows\ie8updates\KB2586448-IE8\msfeeds.dll
+ 2011-10-18 15:07 . 2011-06-23 18:36 247808 c:\windows\ie8updates\KB2586448-IE8\ieproxy.dll
+ 2011-10-18 15:07 . 2011-06-23 18:36 184320 c:\windows\ie8updates\KB2586448-IE8\iepeers.dll
+ 2011-10-18 15:07 . 2011-06-23 18:36 743424 c:\windows\ie8updates\KB2586448-IE8\iedvtool.dll
+ 2011-10-18 15:07 . 2011-06-23 18:36 387584 c:\windows\ie8updates\KB2586448-IE8\iedkcs32.dll
+ 2011-10-18 15:07 . 2011-06-23 12:05 173568 c:\windows\ie8updates\KB2586448-IE8\ie4uinit.exe
+ 2011-08-16 22:59 . 2011-04-25 16:11 916480 c:\windows\ie8updates\KB2559049-IE8\wininet.dll
+ 2011-08-16 22:59 . 2009-03-08 09:34 105984 c:\windows\ie8updates\KB2559049-IE8\url.dll
+ 2011-08-16 23:00 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2559049-IE8\spuninst\updspapi.dll
+ 2011-08-16 23:00 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2559049-IE8\spuninst\spuninst.exe
+ 2011-08-16 22:59 . 2011-04-25 16:11 206848 c:\windows\ie8updates\KB2559049-IE8\occache.dll
+ 2011-08-16 22:59 . 2011-04-25 16:11 611840 c:\windows\ie8updates\KB2559049-IE8\mstime.dll
+ 2011-08-16 22:59 . 2011-04-25 16:11 602112 c:\windows\ie8updates\KB2559049-IE8\msfeeds.dll
+ 2011-08-16 22:59 . 2011-04-25 16:11 247808 c:\windows\ie8updates\KB2559049-IE8\ieproxy.dll
+ 2011-08-16 22:59 . 2011-04-25 16:11 184320 c:\windows\ie8updates\KB2559049-IE8\iepeers.dll
+ 2011-08-16 22:59 . 2011-04-25 16:11 743424 c:\windows\ie8updates\KB2559049-IE8\iedvtool.dll
+ 2011-08-16 22:59 . 2011-04-25 16:11 387584 c:\windows\ie8updates\KB2559049-IE8\iedkcs32.dll
+ 2011-08-16 22:59 . 2011-04-25 12:01 173568 c:\windows\ie8updates\KB2559049-IE8\ie4uinit.exe
+ 2011-06-17 00:36 . 2009-03-08 09:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2011-06-17 00:36 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2011-06-17 00:36 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2011-06-17 00:42 . 2011-02-22 23:06 916480 c:\windows\ie8updates\KB2530548-IE8\wininet.dll
+ 2011-06-17 00:42 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2530548-IE8\spuninst\updspapi.dll
+ 2011-06-17 00:42 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2530548-IE8\spuninst\spuninst.exe
+ 2011-06-17 00:42 . 2011-02-22 23:06 206848 c:\windows\ie8updates\KB2530548-IE8\occache.dll
+ 2011-06-17 00:42 . 2011-02-22 23:06 611840 c:\windows\ie8updates\KB2530548-IE8\mstime.dll
+ 2011-06-17 00:42 . 2011-02-22 23:06 602112 c:\windows\ie8updates\KB2530548-IE8\msfeeds.dll
+ 2011-06-17 00:42 . 2011-02-22 23:06 247808 c:\windows\ie8updates\KB2530548-IE8\ieproxy.dll
+ 2011-06-17 00:42 . 2011-02-22 23:06 184320 c:\windows\ie8updates\KB2530548-IE8\iepeers.dll
+ 2011-06-17 00:42 . 2011-02-22 23:06 743424 c:\windows\ie8updates\KB2530548-IE8\iedvtool.dll
+ 2011-06-17 00:42 . 2011-02-22 23:06 387584 c:\windows\ie8updates\KB2530548-IE8\iedkcs32.dll
+ 2011-06-17 00:42 . 2011-02-18 11:49 173568 c:\windows\ie8updates\KB2530548-IE8\ie4uinit.exe
+ 2009-04-01 22:00 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-05-20 21:58 . 2011-11-10 20:00 115712 c:\windows\Downloaded Program Files\WebEx\1224\wsertp.dll
+ 2011-11-10 20:00 . 2011-11-10 20:00 173568 c:\windows\Downloaded Program Files\WebEx\1224\welsvp.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 307712 c:\windows\Downloaded Program Files\WebEx\1224\welsenc.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 285696 c:\windows\Downloaded Program Files\WebEx\1224\welsdec.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 211256 c:\windows\Downloaded Program Files\WebEx\1224\wbxreport.exe
+ 2011-05-20 21:58 . 2011-05-20 21:58 106296 c:\windows\Downloaded Program Files\WebEx\1224\wbxdmsupload.exe
+ 2011-05-20 21:58 . 2011-05-20 21:58 483328 c:\windows\Downloaded Program Files\WebEx\1224\wbxdmsmgr.dll
+ 2011-05-20 21:58 . 2011-05-20 21:58 243712 c:\windows\Downloaded Program Files\WebEx\1224\uilibres.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 119296 c:\windows\Downloaded Program Files\WebEx\1224\PsImgStrm.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 777216 c:\windows\Downloaded Program Files\WebEx\1224\mutiltpd.dll
+ 2011-05-20 21:58 . 2011-05-20 21:58 655872 c:\windows\Downloaded Program Files\WebEx\1224\msvcr90.dll
+ 2011-05-20 21:58 . 2011-05-20 21:58 568832 c:\windows\Downloaded Program Files\WebEx\1224\msvcp90.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 342016 c:\windows\Downloaded Program Files\WebEx\1224\msvc.dll
+ 2011-05-20 21:58 . 2011-05-20 21:58 535040 c:\windows\Downloaded Program Files\WebEx\1224\mmssl32.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 390144 c:\windows\Downloaded Program Files\WebEx\1224\mfs.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 599552 c:\windows\Downloaded Program Files\WebEx\1224\mcsnew.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 156160 c:\windows\Downloaded Program Files\WebEx\1224\hybridaudio.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 135168 c:\windows\Downloaded Program Files\WebEx\1224\fetrupld.dll
+ 2011-05-20 21:58 . 2011-05-20 21:58 841216 c:\windows\Downloaded Program Files\WebEx\1224\atwbxui11.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 150840 c:\windows\Downloaded Program Files\WebEx\1224\atucfobj.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 367616 c:\windows\Downloaded Program Files\WebEx\1224\attp.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 481280 c:\windows\Downloaded Program Files\WebEx\1224\atpollk2.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 132096 c:\windows\Downloaded Program Files\WebEx\1224\atpng12.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 122880 c:\windows\Downloaded Program Files\WebEx\1224\atplayim.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 210432 c:\windows\Downloaded Program Files\WebEx\1224\atnote.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 338432 c:\windows\Downloaded Program Files\WebEx\1224\atlchat.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 574264 c:\windows\Downloaded Program Files\WebEx\1224\atgpcext.dll
+ 2011-05-20 21:58 . 2011-05-20 21:58 113976 c:\windows\Downloaded Program Files\WebEx\1224\atgpcdec.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 114176 c:\windows\Downloaded Program Files\WebEx\1224\atdl2006.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 183808 c:\windows\Downloaded Program Files\WebEx\1224\atasuicom.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 140088 c:\windows\Downloaded Program Files\WebEx\1224\atasnt40.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 466232 c:\windows\Downloaded Program Files\WebEx\1224\atasctrl.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 122368 c:\windows\Downloaded Program Files\WebEx\1224\atas32.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 662528 c:\windows\Downloaded Program Files\WebEx\1224\atarm.dll
+ 2011-01-10 22:02 . 2011-05-10 15:02 735232 c:\windows\Downloaded Program Files\WebEx\1124\wseclient.dll
+ 2011-01-10 22:02 . 2011-05-10 15:02 278016 c:\windows\Downloaded Program Files\WebEx\1124\msvc.dll
+ 2009-08-20 13:54 . 2009-08-20 13:54 463928 c:\windows\Downloaded Program Files\HPVirtualRooms35.dll
+ 2010-10-05 20:01 . 2011-11-10 20:00 516408 c:\windows\Downloaded Program Files\atcliun.exe
+ 2012-02-17 04:52 . 2012-02-17 04:52 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\edc5691acfb65ac37f49de2ec497083a\WsatConfig.ni.exe
+ 2012-02-17 04:46 . 2012-02-17 04:46 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\4ad8369d6a60765d7e9b43cdf9023f41\WindowsFormsIntegration.ni.dll
+ 2011-10-18 15:19 . 2011-10-18 15:19 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f102afdffdbe2565bcedb7fa0626b865\UIAutomationTypes.ni.dll
+ 2012-02-17 04:46 . 2012-02-17 04:46 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\68f4157e570c77df653057c0583395bd\UIAutomationClient.ni.dll
+ 2012-02-17 04:54 . 2012-02-17 04:54 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c2a12bd4056b44f8005a7eb3af161e6a\System.Xml.Linq.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\fc63b434b2f253cd27625487f7b02ac0\System.Web.Routing.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\67877f896b2b0e42286e838fe307f3fd\System.Web.RegularExpressions.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\86650d4fb220f94f25bb5da42a03d454\System.Web.Extensions.Design.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\654465871e547e131668874de7c60b8c\System.Web.Entity.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f0d6895f6e709d425cb5da6053c603d2\System.Web.Entity.Design.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3f3b7dc7208e302e39a2dfb5b2cb953b\System.Web.DynamicData.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\e9cddd213343f15d611b14620d649bb0\System.Web.Abstractions.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
+ 2012-02-17 04:52 . 2012-02-17 04:52 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\5fb9981f4147b537b53be9d58bf4e9b4\System.Security.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1335dd98ce5ce22ad1f51cc274ca5a1d\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\a4b2b1ee81acd843970d9a81b281f1c1\System.Net.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e3436edde657a5111d39d5b2eecf9715\System.Management.Instrumentation.ni.dll
+ 2012-02-17 04:52 . 2012-02-17 04:52 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\974ded7dd3bca225a1b90de778846c78\System.IO.Log.ni.dll
+ 2012-02-17 04:52 . 2012-02-17 04:52 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\01eba24390736a59c39becd825b5756e\System.IdentityModel.Selectors.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.Wrapper.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll
+ 2012-02-17 04:45 . 2012-02-17 04:45 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e9ae7ae6d1e9edc7aaf819889cd1c692\System.Drawing.Design.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\78a370dc153011708dd9e4cb0e606bfc\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6e644fc7464d9fe23fc9cd6001296f2f\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\bac39be66bb9f987c1948b766833f8e6\System.Data.Services.Client.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\2b5ecd231320e57010043c408783d80b\System.Data.Services.Design.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\4ac9ac2326720485aefd4d79d2024945\System.Data.Entity.Design.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\d504d550fd0a6994fcb1466ea7be92af\System.Data.DataSetExtensions.ni.dll
+ 2012-02-17 04:52 . 2012-02-17 04:52 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\28637135c6939e74450bbbf110b12643\System.Configuration.Install.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\958b5c0114d664ab5ba72575c301e2ea\System.AddIn.ni.dll
+ 2012-02-17 04:52 . 2012-02-17 04:52 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4dcff3b0e79fc27e31549bb2af00efb5\SMSvcHost.ni.exe
+ 2012-02-17 04:52 . 2012-02-17 04:52 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bd3bfd5b6ef659dac4d6cccb34577d33\SMDiagnostics.ni.dll
+ 2012-02-17 04:52 . 2012-02-17 04:52 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\edec83be646eb52204c991371751a428\ServiceModelReg.ni.exe
+ 2012-02-17 04:45 . 2012-02-17 04:45 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\52015457bc28e7a9a563d9eab8ab0015\PresentationFramework.Royale.ni.dll
+ 2012-02-17 04:45 . 2012-02-17 04:45 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\46a680814559114706a33282e9df4b7a\PresentationFramework.Classic.ni.dll
+ 2012-02-17 04:45 . 2012-02-17 04:45 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2713754549b1114c9152d33efe5f72c7\PresentationFramework.Aero.ni.dll
+ 2012-02-17 04:45 . 2012-02-17 04:45 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1552f18ca434c1dca6d082df476d089a\PresentationFramework.Luna.ni.dll
+ 2012-02-17 04:52 . 2012-02-17 04:52 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7c51497b188c82e2ccbe6315549ce023\MSBuild.ni.exe
+ 2012-02-17 04:52 . 2012-02-17 04:52 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f0f6dd614d294295c5d8386cc4192034\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-17 04:52 . 2012-02-17 04:52 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\fd1338828beec8737fed8f50f4fcc567\Microsoft.Build.Utilities.ni.dll
+ 2012-02-17 04:52 . 2012-02-17 04:52 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\0d5f999c4b7e51151548c37c676c1b8e\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-17 04:52 . 2012-02-17 04:52 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\792168ce8fe03a3db43e12cf736cf91e\Microsoft.Build.Engine.ni.dll
+ 2012-02-17 04:52 . 2012-02-17 04:52 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\0a5277c34ddc1f55df1defb4231e814f\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-10-18 15:33 . 2011-10-18 15:33 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
+ 2012-02-17 04:52 . 2012-02-17 04:52 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a8df37aadb089f1f34d3d2f103966fbc\ComSvcConfig.ni.exe
+ 2012-02-17 04:52 . 2012-02-17 04:52 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\25ce400b547f517258c8afb0480390ea\AspNetMMCExt.ni.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-17 04:43 . 2012-02-17 04:43 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-02-17 04:43 . 2012-02-17 04:43 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-04-14 14:33 . 2011-04-14 14:33 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-04-14 14:33 . 2011-04-14 14:33 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-02-17 04:43 . 2012-02-17 04:43 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-04-14 14:33 . 2011-04-14 14:33 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-02-17 04:43 . 2012-02-17 04:43 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-04-14 14:33 . 2011-04-14 14:33 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-17 04:43 . 2012-02-17 04:43 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-04-14 14:33 . 2011-04-14 14:33 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-02-17 04:43 . 2012-02-17 04:43 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-11-11 15:41 . 2011-11-11 15:41 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
- 2010-09-16 21:15 . 2010-09-16 21:15 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2011-11-11 15:41 . 2011-11-11 15:41 350080 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2011-11-11 15:41 . 2011-11-11 15:41 149368 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll

zeroaccess
Novice
Novice

Posts Posts : 15
Joined Joined : 2012-03-07
Gender Gender : Male
OS OS : XP
Points Points : 17543
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Urgent Help with Trojan.Zeroaccess!inf

Post by zeroaccess on Thu Mar 08, 2012 2:18 am

And more***
+ 2012-01-19 15:44 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2646524\update\updspapi.dll
+ 2012-01-19 15:44 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2646524\update\update.exe
+ 2012-01-19 15:44 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2646524\spuninst.exe
+ 2012-01-19 15:35 . 2011-11-25 21:56 293376 c:\windows\$hf_mig$\KB2646524\SP3QFE\winsrv.dll
+ 2011-11-17 20:05 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2641690\update\updspapi.dll
+ 2011-11-17 20:05 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2641690\update\update.exe
+ 2011-11-17 20:05 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2641690\spuninst.exe
+ 2011-11-17 19:34 . 2011-09-28 07:05 599552 c:\windows\$hf_mig$\KB2641690\SP3QFE\crypt32.dll
+ 2012-01-09 14:43 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2639417\update\updspapi.dll
+ 2012-01-09 14:43 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2639417\update\update.exe
+ 2012-01-09 14:43 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2639417\spuninst.exe
+ 2012-01-09 14:14 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2633171\update\updspapi.dll
+ 2012-01-09 14:14 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2633171\update\update.exe
+ 2012-01-09 14:14 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2633171\spuninst.exe
+ 2012-01-19 15:44 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2631813\update\updspapi.dll
+ 2012-01-19 15:44 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2631813\update\update.exe
+ 2012-01-19 15:44 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2631813\spuninst.exe
+ 2012-01-19 15:35 . 2011-11-03 15:27 386048 c:\windows\$hf_mig$\KB2631813\SP3QFE\qdvd.dll
+ 2012-01-09 14:43 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2624667\update\updspapi.dll
+ 2012-01-09 14:43 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2624667\update\update.exe
+ 2012-01-09 14:43 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2624667\spuninst.exe
+ 2012-01-09 14:14 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2620712\update\updspapi.dll
+ 2012-01-09 14:14 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2620712\update\update.exe
+ 2012-01-09 14:14 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2620712\spuninst.exe
+ 2012-01-09 14:16 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2619339\update\updspapi.dll
+ 2012-01-09 14:16 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2619339\update\update.exe
+ 2012-01-09 14:16 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2619339\spuninst.exe
+ 2012-01-09 14:11 . 2011-10-18 11:12 186880 c:\windows\$hf_mig$\KB2619339\SP3QFE\encdec.dll
+ 2012-01-09 14:15 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2618451\update\updspapi.dll
+ 2012-01-09 14:15 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2618451\update\update.exe
+ 2012-01-09 14:15 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2618451\spuninst.exe
+ 2012-01-09 14:42 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2618444-IE8\update\updspapi.dll
+ 2012-01-09 14:42 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2618444-IE8\update\update.exe
+ 2012-01-09 14:42 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2618444-IE8\spuninst.exe
+ 2012-01-09 14:12 . 2011-11-04 19:19 919552 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll
+ 2012-01-09 14:12 . 2011-11-04 19:19 105984 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\url.dll
+ 2012-01-09 14:12 . 2011-11-04 19:19 206848 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\occache.dll
+ 2012-01-09 14:12 . 2011-11-04 19:19 611840 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mstime.dll
+ 2012-01-09 14:12 . 2011-11-04 19:19 602112 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\msfeeds.dll
+ 2012-01-09 14:12 . 2011-11-04 19:19 247808 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\ieproxy.dll
+ 2012-01-09 14:12 . 2011-11-04 19:19 184320 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\iepeers.dll
+ 2012-01-09 14:12 . 2011-11-04 19:19 743424 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\iedvtool.dll
+ 2012-01-09 14:12 . 2011-11-04 19:19 387584 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\iedkcs32.dll
+ 2012-01-09 14:12 . 2011-10-25 12:01 174080 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\ie4uinit.exe
+ 2011-09-16 00:22 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2616676\update\updspapi.dll
+ 2011-09-16 00:22 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2616676\update\update.exe
+ 2011-09-16 00:22 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2616676\spuninst.exe
+ 2011-09-16 00:00 . 2011-09-09 09:11 599552 c:\windows\$hf_mig$\KB2616676\SP3QFE\crypt32.dll
+ 2011-10-18 15:14 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2616676-v2\update\updspapi.dll
+ 2011-10-18 15:14 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2616676-v2\update\update.exe
+ 2011-10-18 15:14 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2616676-v2\spuninst.exe
+ 2011-10-18 15:05 . 2011-09-09 09:11 599552 c:\windows\$hf_mig$\KB2616676-v2\SP3QFE\crypt32.dll
+ 2012-01-19 15:41 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2603381\update\updspapi.dll
+ 2012-01-19 15:41 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2603381\update\update.exe
+ 2012-01-19 15:40 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2603381\spuninst.exe
+ 2012-01-19 15:41 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2598479\update\updspapi.dll
+ 2012-01-19 15:41 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2598479\update\update.exe
+ 2012-01-19 15:41 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2598479\spuninst.exe
+ 2012-01-19 15:35 . 2011-10-14 14:45 176128 c:\windows\$hf_mig$\KB2598479\SP3QFE\winmm.dll
+ 2011-10-18 15:08 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2592799\update\updspapi.dll
+ 2011-10-18 15:08 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2592799\update\update.exe
+ 2011-10-18 15:08 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2592799\spuninst.exe
+ 2011-10-18 15:05 . 2011-08-17 13:41 138496 c:\windows\$hf_mig$\KB2592799\SP3QFE\afd.sys
+ 2011-10-18 15:07 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2586448-IE8\update\updspapi.dll
+ 2011-10-18 15:07 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2586448-IE8\update\update.exe
+ 2011-10-18 15:07 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2586448-IE8\spuninst.exe
+ 2011-10-18 15:05 . 2011-08-22 23:47 919552 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll
+ 2011-10-18 15:05 . 2011-08-22 23:47 105984 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\url.dll
+ 2011-10-18 15:05 . 2011-08-22 23:47 206848 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\occache.dll
+ 2011-10-18 15:05 . 2011-08-22 23:47 611840 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mstime.dll
+ 2011-10-18 15:05 . 2011-08-22 23:47 602112 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\msfeeds.dll
+ 2011-10-18 15:05 . 2011-08-22 23:47 247808 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\ieproxy.dll
+ 2011-10-18 15:05 . 2011-08-22 23:47 184320 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\iepeers.dll
+ 2011-10-18 15:05 . 2011-08-22 23:47 743424 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\iedvtool.dll
+ 2011-10-18 15:05 . 2011-08-22 23:47 387584 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\iedkcs32.dll
+ 2011-10-18 15:05 . 2011-08-22 11:52 174080 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\ie4uinit.exe
+ 2012-01-19 15:44 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2585542\update\updspapi.dll
+ 2012-01-19 15:44 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2585542\update\update.exe
+ 2012-01-19 15:44 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2585542\spuninst.exe
+ 2012-01-19 15:35 . 2011-11-16 14:20 354816 c:\windows\$hf_mig$\KB2585542\SP3QFE\winhttp.dll
+ 2012-01-19 15:35 . 2011-11-16 14:20 152064 c:\windows\$hf_mig$\KB2585542\SP3QFE\schannel.dll
+ 2012-01-19 15:39 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2584146\update\updspapi.dll
+ 2012-01-19 15:39 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2584146\update\update.exe
+ 2012-01-19 15:39 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2584146\spuninst.exe
+ 2011-09-16 00:20 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2570947\update\updspapi.dll
+ 2011-09-16 00:20 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2570947\update\update.exe
+ 2011-09-16 00:20 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2570947\spuninst.exe
+ 2011-08-16 23:02 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2570222\update\updspapi.dll
+ 2011-08-16 23:02 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2570222\update\update.exe
+ 2011-08-16 23:02 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2570222\spuninst.exe
+ 2011-08-16 22:56 . 2011-06-24 14:09 139656 c:\windows\$hf_mig$\KB2570222\SP3QFE\rdpwd.sys
+ 2011-08-16 23:03 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2567680\update\updspapi.dll
+ 2011-08-16 23:03 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2567680\update\update.exe
+ 2011-08-16 23:03 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2567680\spuninst.exe
+ 2011-08-16 22:56 . 2011-06-20 17:43 293376 c:\windows\$hf_mig$\KB2567680\SP3QFE\winsrv.dll
+ 2011-10-18 15:08 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2567053\update\updspapi.dll
+ 2011-10-18 15:08 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2567053\update\update.exe
+ 2011-10-18 15:08 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2567053\spuninst.exe
+ 2011-08-16 22:59 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2566454\update\updspapi.dll
+ 2011-08-16 22:59 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2566454\update\update.exe
+ 2011-08-16 22:59 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2566454\spuninst.exe
+ 2011-08-16 22:59 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2562937\update\updspapi.dll
+ 2011-08-16 22:59 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2562937\update\update.exe
+ 2011-08-16 22:59 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2562937\spuninst.exe
+ 2011-08-16 23:00 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2559049-IE8\update\updspapi.dll
+ 2011-08-16 23:00 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2559049-IE8\update\update.exe
+ 2011-08-16 23:00 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2559049-IE8\spuninst.exe
+ 2011-08-16 22:56 . 2011-06-23 18:33 919552 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
+ 2011-08-16 22:56 . 2011-06-23 18:33 105984 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\url.dll
+ 2011-08-16 22:56 . 2011-06-23 18:33 206848 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\occache.dll
+ 2011-08-16 22:56 . 2011-06-23 18:33 611840 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mstime.dll
+ 2011-08-16 22:56 . 2011-06-23 18:33 602112 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\msfeeds.dll
+ 2011-08-16 22:56 . 2011-06-23 18:33 247808 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\ieproxy.dll
+ 2011-08-16 22:56 . 2011-06-23 18:33 184320 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\iepeers.dll
+ 2011-08-16 22:56 . 2011-06-23 18:33 743424 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\iedvtool.dll
+ 2011-08-16 22:56 . 2011-06-23 18:33 387584 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\iedkcs32.dll
+ 2011-08-16 22:56 . 2011-06-23 12:19 173568 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\ie4uinit.exe
+ 2011-07-18 14:28 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2555917\update\updspapi.dll
+ 2011-07-18 14:28 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2555917\update\update.exe
+ 2011-07-18 14:28 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2555917\spuninst.exe
+ 2011-06-17 00:39 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2544893\update\updspapi.dll
+ 2011-06-17 00:39 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2544893\update\update.exe
+ 2011-06-17 00:39 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2544893\spuninst.exe
+ 2011-06-17 00:19 . 2011-05-02 15:30 692736 c:\windows\$hf_mig$\KB2544893\SP3QFE\inetcomm.dll
+ 2011-11-17 20:07 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2544893-v2\update\updspapi.dll
+ 2011-11-17 20:07 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2544893-v2\update\update.exe
+ 2011-11-17 20:07 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2544893-v2\spuninst.exe
+ 2011-11-17 19:37 . 2011-10-10 14:21 692736 c:\windows\$hf_mig$\KB2544893-v2\SP3QFE\inetcomm.dll
+ 2011-06-17 00:36 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2544521-IE8\update\updspapi.dll
+ 2011-06-17 00:36 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2544521-IE8\update\update.exe
+ 2011-06-17 00:36 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2544521-IE8\spuninst.exe
+ 2011-06-17 00:19 . 2011-04-30 02:59 758784 c:\windows\$hf_mig$\KB2544521-IE8\SP3QFE\vgx.dll
+ 2011-07-18 14:30 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2541763\update\updspapi.dll
+ 2011-07-18 14:30 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2541763\update\update.exe
+ 2011-07-18 14:30 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2541763\spuninst.exe
+ 2011-07-18 14:25 . 2011-04-29 17:23 151552 c:\windows\$hf_mig$\KB2541763\SP3QFE\schannel.dll
+ 2011-06-17 00:42 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2536276\update\updspapi.dll
+ 2011-06-17 00:42 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2536276\update\update.exe
+ 2011-06-17 00:42 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2536276\spuninst.exe
+ 2011-06-17 00:19 . 2011-04-29 16:47 457856 c:\windows\$hf_mig$\KB2536276\SP3QFE\mrxsmb.sys
+ 2011-08-16 23:02 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2536276-v2\update\updspapi.dll
+ 2011-08-16 23:02 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2536276-v2\update\update.exe
+ 2011-08-16 23:02 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2536276-v2\spuninst.exe
+ 2011-08-16 22:56 . 2011-07-15 13:29 457856 c:\windows\$hf_mig$\KB2536276-v2\SP3QFE\mrxsmb.sys
+ 2011-06-17 00:42 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2535512\update\updspapi.dll
+ 2011-06-17 00:42 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2535512\update\update.exe
+ 2011-06-17 00:42 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2535512\spuninst.exe
+ 2011-06-17 00:19 . 2011-04-21 13:52 105472 c:\windows\$hf_mig$\KB2535512\SP3QFE\mup.sys
+ 2011-06-17 00:42 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2530548-IE8\update\updspapi.dll
+ 2011-06-17 00:42 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2530548-IE8\update\update.exe
+ 2011-06-17 00:42 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2530548-IE8\spuninst.exe
+ 2011-06-17 00:19 . 2011-04-25 16:09 919552 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\wininet.dll
+ 2011-06-17 00:19 . 2011-04-25 16:09 206848 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\occache.dll
+ 2011-06-17 00:19 . 2011-04-25 16:09 611840 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\mstime.dll
+ 2011-06-17 00:19 . 2011-04-25 16:09 602112 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\msfeeds.dll
+ 2011-06-17 00:19 . 2011-04-25 16:09 247808 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\ieproxy.dll
+ 2011-06-17 00:19 . 2011-04-25 16:09 184320 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\iepeers.dll
+ 2011-06-17 00:19 . 2011-04-25 16:09 743424 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\iedvtool.dll
+ 2011-06-17 00:19 . 2011-04-25 16:09 387584 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\iedkcs32.dll
+ 2011-06-17 00:19 . 2011-04-25 11:37 173568 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\ie4uinit.exe
+ 2011-07-18 14:38 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2507938\update\updspapi.dll
+ 2011-07-18 14:38 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2507938\update\update.exe
+ 2011-07-18 14:38 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2507938\spuninst.exe
+ 2011-07-18 14:25 . 2011-04-26 11:02 293376 c:\windows\$hf_mig$\KB2507938\SP3QFE\winsrv.dll
+ 2011-06-17 00:43 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2503665\update\updspapi.dll
+ 2011-06-17 00:43 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2503665\update\update.exe
+ 2011-06-17 00:43 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2503665\spuninst.exe
+ 2011-06-17 00:19 . 2011-02-16 13:25 138496 c:\windows\$hf_mig$\KB2503665\SP3QFE\afd.sys
+ 2011-06-17 00:43 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2476490\update\updspapi.dll
+ 2011-06-17 00:43 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2476490\update\update.exe
+ 2011-06-17 00:43 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2476490\spuninst.exe
+ 2011-06-17 00:19 . 2010-12-20 17:30 552448 c:\windows\$hf_mig$\KB2476490\SP3QFE\oleaut32.dll
+ 2011-05-14 01:04 . 2011-05-14 01:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
+ 2011-05-14 01:04 . 2011-05-14 01:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
+ 2010-11-03 14:23 . 2011-08-02 22:38 4517664 c:\windows\system32\usbaaplrc.dll
+ 2004-08-04 12:00 . 2011-12-17 19:46 1212416 c:\windows\system32\urlmon.dll
+ 2011-08-24 22:14 . 2011-02-09 17:15 1639424 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co08ea\hpmux112.dll
+ 2011-08-24 22:14 . 2011-02-09 17:13 2107904 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co08ea\hpmsn112.dll
+ 2011-08-24 22:14 . 2011-02-09 17:12 1244160 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co08ea\hpmsl112.dll
+ 2011-08-24 22:14 . 2011-02-09 17:21 3718144 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co08ea\hpcur112.dll
+ 2011-08-24 22:14 . 2011-02-09 17:24 4088832 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co08ea\hpcui112.dll
+ 2011-08-24 22:14 . 2011-02-09 17:21 4494848 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co08ea\hpcst112.dll
+ 2011-08-24 22:14 . 2011-02-09 17:24 1013248 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co08ea\hpcss112.dll
+ 2011-08-24 22:14 . 2011-02-09 17:24 1699840 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co08ea\hpcls112.dll
+ 2011-08-24 22:14 . 2010-02-26 01:20 3210240 c:\windows\system32\spool\drivers\w32x86\hewlett_packardhp_co08ea\hpbcfgre.dll
+ 2011-08-24 22:14 . 2011-02-09 17:15 1639424 c:\windows\system32\spool\drivers\w32x86\3\hpmux112.dll
+ 2011-08-24 22:14 . 2011-02-09 17:13 2107904 c:\windows\system32\spool\drivers\w32x86\3\hpmsn112.dll
+ 2011-08-24 22:14 . 2011-02-09 17:12 1244160 c:\windows\system32\spool\drivers\w32x86\3\hpmsl112.dll
+ 2011-08-24 22:14 . 2011-02-09 17:21 3718144 c:\windows\system32\spool\drivers\w32x86\3\hpcur112.dll
+ 2011-08-24 22:14 . 2011-02-09 17:24 4088832 c:\windows\system32\spool\drivers\w32x86\3\hpcui112.dll
+ 2011-08-24 22:14 . 2011-02-09 17:21 4494848 c:\windows\system32\spool\drivers\w32x86\3\hpcst112.dll
+ 2011-08-24 22:14 . 2011-02-09 17:24 1013248 c:\windows\system32\spool\drivers\w32x86\3\hpcss112.dll
+ 2011-08-24 22:14 . 2011-02-09 17:24 1699840 c:\windows\system32\spool\drivers\w32x86\3\hpcls112.dll
+ 2007-02-16 16:22 . 2010-02-26 01:20 3210240 c:\windows\system32\spool\drivers\w32x86\3\hpbcfgre.dll
+ 2011-05-08 22:31 . 2010-04-20 01:47 3062048 c:\windows\system32\ReinstallBackups\0026\DriverFiles\usbaaplrc.dll
+ 2004-08-04 12:00 . 2011-11-03 15:28 1292288 c:\windows\system32\quartz.dll
+ 2004-08-04 12:00 . 2011-11-01 16:07 1288704 c:\windows\system32\ole32.dll
- 2004-08-04 12:00 . 2010-12-09 13:42 2148864 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 12:00 . 2011-10-25 13:37 2148864 c:\windows\system32\ntoskrnl.exe
- 2004-08-03 22:59 . 2010-12-09 13:07 2027008 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-03 22:59 . 2011-10-25 12:52 2027008 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-04 12:00 . 2011-12-17 19:46 5979136 c:\windows\system32\mshtml.dll
+ 2011-02-18 15:16 . 2011-11-11 15:33 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2007-08-14 00:34 . 2011-12-17 19:46 2000384 c:\windows\system32\iertutil.dll
+ 2011-07-07 08:28 . 2011-07-07 08:28 1193320 c:\windows\system32\FM20.DLL
+ 2011-10-12 22:09 . 2011-08-02 22:38 4517664 c:\windows\system32\DRVSTORE\usbaapl_091115F4EDEB41DBA0EC91574CE905B4E0482482\usbaaplrc.dll
+ 2011-10-12 22:09 . 2010-04-20 01:29 1461992 c:\windows\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\wdfcoinstaller01009.dll
+ 2011-08-24 22:15 . 2010-02-26 01:20 3210240 c:\windows\system32\DRVSTORE\hpcu112d_4A30E2406538FCCFC21B9F0B1C80F26AA9530955\hpbcfgre.dll
+ 2009-02-09 11:13 . 2012-01-12 16:53 1859968 c:\windows\system32\dllcache\win32k.sys
+ 2007-08-14 00:54 . 2011-12-17 19:46 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-07 05:12 . 2011-11-03 15:28 1292288 c:\windows\system32\dllcache\quartz.dll
+ 2010-10-19 22:11 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll
- 2009-04-01 22:00 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-04-01 22:00 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-04-01 22:00 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-04-01 22:00 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-04-01 22:00 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-04-01 22:00 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-04-01 22:00 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-04-01 22:00 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2007-08-14 00:54 . 2011-12-17 19:46 5979136 c:\windows\system32\dllcache\mshtml.dll
+ 2009-04-01 22:06 . 2011-12-17 19:46 2000384 c:\windows\system32\dllcache\iertutil.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-03-25 11:15 . 2011-03-25 11:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-12-25 09:50 . 2011-12-25 09:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-10-26 08:39 . 2011-10-26 08:39 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-07-07 10:18 . 2011-07-07 10:18 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2011-01-18 09:39 . 2011-01-18 09:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-07-07 10:18 . 2011-07-07 10:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-12-01 05:30 . 2011-12-01 05:30 9474048 c:\windows\Installer\b4ffeb.msi
+ 2011-12-01 05:10 . 2011-12-01 05:10 1717248 c:\windows\Installer\a39298.msi
+ 2011-06-21 17:01 . 2011-06-21 17:01 4991488 c:\windows\Installer\9f243.msp
+ 2012-02-28 02:39 . 2012-02-28 02:39 3947520 c:\windows\Installer\9abfc.msi
+ 2011-12-26 04:29 . 2011-12-26 04:29 4368896 c:\windows\Installer\8c2c5.msp
+ 2011-11-01 08:04 . 2011-11-01 08:04 2247168 c:\windows\Installer\8c2bb.msp
+ 2011-11-11 10:44 . 2011-11-11 10:44 9096192 c:\windows\Installer\8c2aa.msp
+ 2011-11-01 08:04 . 2011-11-01 08:04 2531840 c:\windows\Installer\8c28f.msp
+ 2011-11-11 10:45 . 2011-11-11 10:45 1795584 c:\windows\Installer\8c27e.msp
+ 2011-11-11 10:46 . 2011-11-11 10:46 8458240 c:\windows\Installer\8c26d.msp
+ 2011-09-16 00:37 . 2011-09-16 00:37 9186816 c:\windows\Installer\7e021.msp
+ 2011-09-16 00:40 . 2011-09-16 00:40 7959552 c:\windows\Installer\7e019.msp
+ 2011-12-09 01:24 . 2011-12-09 01:24 4989952 c:\windows\Installer\7654e.msp
+ 2011-10-31 03:54 . 2011-10-31 03:54 2748416 c:\windows\Installer\5e835.msp
+ 2012-02-03 20:13 . 2012-02-03 20:13 4988928 c:\windows\Installer\5e824.msp
+ 2012-01-09 16:24 . 2012-01-09 16:24 1530368 c:\windows\Installer\5a3dd4.msi
+ 2011-04-29 17:27 . 2011-04-29 17:27 4158464 c:\windows\Installer\5a0eb.msp
+ 2011-04-28 10:42 . 2011-04-28 10:42 4990976 c:\windows\Installer\5a0da.msp
+ 2011-09-21 21:18 . 2011-09-21 21:18 4985856 c:\windows\Installer\5790e.msp
+ 2011-11-01 19:34 . 2011-11-01 19:34 4250112 c:\windows\Installer\52384.msp
+ 2011-04-29 17:31 . 2011-04-29 17:31 9006080 c:\windows\Installer\233bdbd.msp
+ 2011-04-29 17:28 . 2011-04-29 17:28 1995264 c:\windows\Installer\233bda2.msp
+ 2011-04-29 17:33 . 2011-04-29 17:33 8173568 c:\windows\Installer\233bd87.msp
+ 2011-01-19 04:36 . 2011-01-19 04:36 2687488 c:\windows\Installer\233bd76.msp
+ 2012-01-30 16:08 . 2012-01-30 16:08 5421056 c:\windows\Installer\228cd8.msi
+ 2011-08-10 22:43 . 2011-08-10 22:43 3795968 c:\windows\Installer\213ae19.msp
+ 2011-09-07 02:46 . 2011-09-07 02:46 9006080 c:\windows\Installer\213ae08.msp
+ 2011-08-24 11:37 . 2011-08-24 11:37 4985856 c:\windows\Installer\213adf7.msp
+ 2011-08-10 22:42 . 2011-08-10 22:42 7070208 c:\windows\Installer\213addc.msp
+ 2011-07-21 17:34 . 2011-07-21 17:34 3456000 c:\windows\Installer\213adcc.msp
+ 2011-09-07 02:48 . 2011-09-07 02:48 8181248 c:\windows\Installer\213adc1.msp
+ 2011-07-27 12:39 . 2011-07-27 12:39 9892352 c:\windows\Installer\213ad8e.msp
+ 2011-05-02 05:06 . 2011-05-02 05:06 2705920 c:\windows\Installer\1dc2554.msp
+ 2011-07-27 12:42 . 2011-07-27 12:42 4985856 c:\windows\Installer\1dc254d.msp
+ 2011-10-12 22:09 . 2011-10-12 22:09 2002432 c:\windows\Installer\1a02a90.msi
+ 2011-10-12 22:04 . 2011-10-12 22:04 1769984 c:\windows\Installer\1a0266b.msi
+ 2012-02-01 20:36 . 2012-02-01 20:36 1205760 c:\windows\Installer\115db87.msi
- 2009-04-02 14:21 . 2011-04-14 14:35 1172240 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-04-02 14:21 . 2012-02-17 04:37 1172240 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-01-14 12:10 . 2011-01-14 12:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL
+ 2011-01-14 12:10 . 2011-01-14 12:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL
+ 2011-01-14 12:10 . 2011-01-14 12:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL
+ 2009-10-10 04:10 . 2009-10-10 04:10 2594632 c:\windows\Installer\$PatchCache$\Managed\00002109210000000000000000F01FEC\12.0.6612\VBE6.DLL
+ 2011-05-31 23:24 . 2011-05-31 23:24 2014592 c:\windows\Installer\$PatchCache$\Managed\00002109210000000000000000F01FEC\12.0.6612\PPTVIEW.EXE
+ 2011-07-27 10:44 . 2011-07-27 10:44 8494968 c:\windows\Installer\$PatchCache$\Managed\00002109210000000000000000F01FEC\12.0.6612\PPCORE.DLL
+ 2011-07-27 11:47 . 2011-07-27 11:47 2532736 c:\windows\Installer\$PatchCache$\Managed\00002109210000000000000000F01FEC\12.0.6612\GRAPH.EXE
+ 2009-10-10 04:10 . 2009-10-10 04:10 2594632 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\VBE6.DLL
+ 2011-07-28 00:15 . 2011-07-28 00:15 2335648 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\STSLIST.DLL
+ 2011-07-27 10:59 . 2011-07-27 10:59 6540136 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\OSETUP.DLL
+ 2011-07-07 08:58 . 2011-07-07 08:58 1616240 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\OGL.DLL
+ 2011-07-27 11:51 . 2011-07-27 11:51 7040896 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\OFFOWC.DLL
+ 2011-07-20 11:31 . 2011-07-20 11:31 1523632 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\NLSD0000.DLL
+ 2011-05-27 01:28 . 2011-05-27 01:28 6637952 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\MSORES.DLL
+ 2011-06-22 14:16 . 2011-06-22 14:16 1681784 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\FPSRVUTL.DLL
+ 2011-07-07 08:28 . 2011-07-07 08:28 1193320 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\FM20.DLL
+ 2011-08-04 00:27 . 2011-08-04 00:27 1415072 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\ACECORE.DLL
+ 2012-02-17 04:38 . 2011-11-04 19:20 1212416 c:\windows\ie8updates\KB2647516-IE8\urlmon.dll
+ 2012-02-17 04:38 . 2011-11-04 19:20 5978112 c:\windows\ie8updates\KB2647516-IE8\mshtml.dll
+ 2012-02-17 04:38 . 2011-11-04 19:20 2000384 c:\windows\ie8updates\KB2647516-IE8\iertutil.dll
+ 2012-01-09 14:42 . 2011-08-22 23:48 1212416 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll
+ 2012-01-09 14:42 . 2011-10-03 08:35 5971456 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
+ 2012-01-09 14:42 . 2011-08-22 23:48 2000384 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll
+ 2011-10-18 15:07 . 2011-06-23 18:36 1212416 c:\windows\ie8updates\KB2586448-IE8\urlmon.dll
+ 2011-10-18 15:07 . 2011-07-25 15:17 5969920 c:\windows\ie8updates\KB2586448-IE8\mshtml.dll
+ 2011-10-18 15:07 . 2011-06-23 18:36 1991680 c:\windows\ie8updates\KB2586448-IE8\iertutil.dll
+ 2011-08-16 22:59 . 2011-04-25 16:11 1211904 c:\windows\ie8updates\KB2559049-IE8\urlmon.dll
+ 2011-08-16 22:59 . 2011-05-30 22:19 5964800 c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
+ 2011-08-16 22:59 . 2011-04-25 16:11 1991680 c:\windows\ie8updates\KB2559049-IE8\iertutil.dll
+ 2011-06-17 00:42 . 2011-02-22 23:06 1210880 c:\windows\ie8updates\KB2530548-IE8\urlmon.dll
+ 2011-06-17 00:42 . 2011-02-22 23:06 5962240 c:\windows\ie8updates\KB2530548-IE8\mshtml.dll
+ 2011-06-17 00:42 . 2011-02-22 23:06 1991680 c:\windows\ie8updates\KB2530548-IE8\iertutil.dll
+ 2009-04-01 22:00 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2009-04-01 22:00 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2009-04-01 22:00 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-04-01 22:00 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-04-01 22:00 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-04-01 22:00 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-04-01 22:00 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2009-04-01 22:00 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2011-05-20 21:58 . 2011-11-10 20:00 1047040 c:\windows\Downloaded Program Files\WebEx\1224\wseclient.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 4941112 c:\windows\Downloaded Program Files\WebEx\1224\webexmgr.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 9019904 c:\windows\Downloaded Program Files\WebEx\1224\pfwres.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 1387008 c:\windows\Downloaded Program Files\WebEx\1224\mcres.dll
+ 2011-11-10 20:00 . 2011-11-10 20:00 1028096 c:\windows\Downloaded Program Files\WebEx\1224\Atwbxui12.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 4004352 c:\windows\Downloaded Program Files\WebEx\1224\atres.dll
+ 2011-05-20 21:58 . 2011-11-10 20:00 2711552 c:\windows\Downloaded Program Files\WebEx\1224\atpdmod.dll
+ 2011-01-10 22:02 . 2011-05-10 15:02 4537656 c:\windows\Downloaded Program Files\WebEx\1124\webexmgr.dll
- 2011-01-10 22:02 . 2011-03-22 20:49 2697728 c:\windows\Downloaded Program Files\WebEx\1124\atpdmod.dll
+ 2011-01-10 22:02 . 2011-05-10 15:02 2697728 c:\windows\Downloaded Program Files\WebEx\1124\atpdmod.dll
+ 2012-02-17 04:44 . 2012-02-17 04:44 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll
+ 2012-02-17 04:46 . 2012-02-17 04:46 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\94f5164ff4f664c5e4e7fb4c3af1abad\UIAutomationClientsideProviders.ni.dll
+ 2012-02-17 04:44 . 2012-02-17 04:44 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
+ 2012-02-17 04:46 . 2012-02-17 04:46 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
+ 2012-02-17 04:54 . 2012-02-17 04:54 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c4c671c737b553db8e07664816475333\System.WorkflowServices.ni.dll
+ 2012-02-17 04:54 . 2012-02-17 04:54 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\248ea47105ff4af6ee75e6fdd5b450a1\System.Workflow.Runtime.ni.dll
+ 2012-02-17 04:54 . 2012-02-17 04:54 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\80a288b6611668160334668cc2608e4a\System.Workflow.ComponentModel.ni.dll
+ 2012-02-17 04:54 . 2012-02-17 04:54 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\4c27548df5897320840ee0d65db38742\System.Workflow.Activities.ni.dll
+ 2012-02-17 04:54 . 2012-02-17 04:54 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\030cde14924eefebc06c240dbfe093a4\System.Web.Mobile.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6379c8ca8ae11effb415139990923ff1\System.Web.Extensions.ni.dll
+ 2012-02-17 04:45 . 2012-02-17 04:45 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\e456140d5d6c43d7383bd36d3f9e12c6\System.Speech.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\285dfbf2380436e187cb624bd1cd4683\System.ServiceModel.Web.ni.dll
+ 2012-02-17 04:52 . 2012-02-17 04:52 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f2532204217dc10f152afd077b09927c\System.Runtime.Serialization.ni.dll
+ 2012-02-17 04:45 . 2012-02-17 04:45 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d51e6bb07124a1d780d1e024858e0dc1\System.Printing.ni.dll
+ 2012-02-17 04:52 . 2012-02-17 04:52 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\8ef05061cd205c4f2a8583d97f32a603\System.IdentityModel.ni.dll
+ 2012-02-17 04:45 . 2012-02-17 04:45 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\77d0e93f024055d04c07cc2700b4c590\System.DirectoryServices.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\707a05a7d5a8d99dd56d1d50311a60d2\System.Deployment.ni.dll
+ 2012-02-17 04:45 . 2012-02-17 04:45 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
+ 2012-02-17 04:52 . 2012-02-17 04:52 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\857300fa64d09c69125451fd8894f3da\System.Data.SqlXml.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\e9d4a1fb13572c769ddd9b86e55baab4\System.Data.Services.ni.dll
+ 2012-02-17 04:45 . 2012-02-17 04:45 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3d9c33f71d15a3e2e240092a244eba3\System.Data.Linq.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\424160369b301ccd1b6fd86265611955\System.Data.Entity.ni.dll
+ 2012-02-17 04:45 . 2012-02-17 04:45 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll
+ 2012-02-17 04:45 . 2012-02-17 04:45 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\33cdfb4c322a528260016ac759230501\ReachFramework.ni.dll
+ 2012-02-17 04:45 . 2012-02-17 04:45 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a6def83aee1aaf3336675ce58ac09013\PresentationUI.ni.dll
+ 2012-02-17 04:44 . 2012-02-17 04:44 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\59cd6ce5a254006179eee92952cd2272\PresentationBuildTasks.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\96e485c02ad346a2bd26a635e7fcb023\Microsoft.VisualBasic.ni.dll
+ 2012-02-17 04:52 . 2012-02-17 04:52 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f7071f9a1c0523540f6aa7f11c302fb6\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\806b1d127ed3e906db972751e87585c4\Microsoft.JScript.ni.dll
+ 2012-02-17 04:52 . 2012-02-17 04:52 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\912789fd859e0887e10a935cade08e72\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-17 04:52 . 2012-02-17 04:52 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\6c1d3eec78906cc2a2ecffb013114c50\Microsoft.Build.Tasks.ni.dll
+ 2012-02-17 04:52 . 2012-02-17 04:52 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d6edd4b4619a9052d3dfe50c3067d5e0\Microsoft.Build.Engine.ni.dll
+ 2012-02-17 04:43 . 2012-02-17 04:43 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-09 14:43 . 2012-01-09 14:43 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2010-10-20 13:56 . 2010-10-20 13:56 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-02-17 04:42 . 2012-02-17 04:42 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-04-14 14:33 . 2011-04-14 14:33 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-02-17 04:43 . 2012-02-17 04:43 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-02-17 04:43 . 2012-02-17 04:43 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-04-14 14:32 . 2011-04-14 14:32 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-11-11 15:41 . 2011-11-11 15:41 1279864 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2012-01-09 14:13 . 2011-11-23 13:29 1868544 c:\windows\$hf_mig$\KB2639417\SP3QFE\win32k.sys
+ 2012-01-09 14:11 . 2011-10-25 13:34 2192768 c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
+ 2012-01-09 14:11 . 2011-10-25 12:52 2027008 c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrpamp.exe
+ 2011-10-25 12:52 . 2011-10-25 12:52 2069376 c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe
+ 2012-01-09 14:11 . 2011-10-25 13:38 2148864 c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlmp.exe
+ 2012-01-19 15:35 . 2011-11-03 15:27 1292288 c:\windows\$hf_mig$\KB2631813\SP3QFE\quartz.dll
+ 2012-01-09 14:13 . 2011-11-01 16:05 1289216 c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
+ 2012-01-09 14:12 . 2011-11-04 19:19 1214464 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\urlmon.dll
+ 2012-01-09 14:12 . 2011-11-04 19:19 5978624 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mshtml.dll
+ 2012-01-09 14:12 . 2011-11-04 19:19 2001408 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\iertutil.dll
+ 2011-10-18 15:05 . 2011-08-22 23:47 1214464 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\urlmon.dll
+ 2011-10-18 15:05 . 2011-10-03 08:34 5972992 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll
+ 2011-10-18 15:05 . 2011-08-22 23:47 2001408 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\iertutil.dll
+ 2011-10-18 15:05 . 2011-09-06 13:25 1867904 c:\windows\$hf_mig$\KB2567053\SP3QFE\win32k.sys
+ 2011-08-16 22:56 . 2011-06-23 18:33 1214464 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\urlmon.dll
+ 2011-08-16 22:56 . 2011-07-25 15:15 5971456 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll
+ 2011-08-16 22:56 . 2011-06-23 18:33 1992192 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\iertutil.dll
+ 2011-07-18 14:25 . 2011-06-02 14:07 1867904 c:\windows\$hf_mig$\KB2555917\SP3QFE\win32k.sys
+ 2011-06-17 00:19 . 2011-04-25 16:09 1213952 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\urlmon.dll
+ 2011-06-17 00:19 . 2011-05-30 22:17 5967360 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\mshtml.dll
+ 2011-06-17 00:19 . 2011-04-25 16:09 1992192 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\iertutil.dll
+ 2011-04-27 22:38 . 2012-03-07 15:56 15980760 c:\windows\system32\Restore\rstrlog.dat
+ 2009-04-01 22:03 . 2012-02-17 04:39 52550552 c:\windows\system32\MRT.exe
+ 2007-08-14 00:54 . 2011-12-18 19:46 11082240 c:\windows\system32\ieframe.dll
+ 2009-04-01 22:06 . 2011-12-18 19:46 11082240 c:\windows\system32\dllcache\ieframe.dll
+ 2011-09-16 00:39 . 2011-09-16 00:39 11163136 c:\windows\Installer\7e010.msp
+ 2011-09-16 00:38 . 2011-09-16 00:38 10838528 c:\windows\Installer\7e005.msp
+ 2011-09-16 00:37 . 2011-09-16 00:37 34428416 c:\windows\Installer\7defd.msp
+ 2011-09-16 00:37 . 2011-09-16 00:37 16691712 c:\windows\Installer\7deec.msp
+ 2012-02-17 04:37 . 2012-02-17 04:37 20333056 c:\windows\Installer\5e82f.msp
+ 2011-04-23 00:41 . 2011-04-23 00:41 11507712 c:\windows\Installer\5a100.msp
+ 2011-10-18 15:18 . 2011-10-18 15:18 20333568 c:\windows\Installer\57923.msp
+ 2011-07-12 01:43 . 2011-07-12 01:43 11641344 c:\windows\Installer\57918.msp
+ 2011-03-28 08:27 . 2011-03-28 08:27 15456256 c:\windows\Installer\233bdc9.msp
+ 2011-06-17 00:43 . 2011-06-17 00:43 20333056 c:\windows\Installer\233bd92.msp
+ 2011-07-27 12:37 . 2011-07-27 12:37 11592192 c:\windows\Installer\213adb0.msp
+ 2011-06-23 18:05 . 2011-06-23 18:05 11961856 c:\windows\Installer\1dc253c.msp
+ 2011-08-30 14:40 . 2011-08-30 14:40 15145832 c:\windows\Installer\$PatchCache$\Managed\00002109210000000000000000F01FEC\12.0.6612\XL12CNV.EXE
+ 2011-08-31 02:25 . 2011-08-31 02:25 18367336 c:\windows\Installer\$PatchCache$\Managed\00002109210000000000000000F01FEC\12.0.6612\EXCEL.EXE
+ 2011-08-17 16:01 . 2011-08-17 16:01 16149352 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.6612\OART.DLL
+ 2012-02-17 04:38 . 2011-11-04 19:20 11081728 c:\windows\ie8updates\KB2647516-IE8\ieframe.dll
+ 2012-01-09 14:42 . 2011-08-23 22:48 11081728 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll
+ 2011-10-18 15:07 . 2011-06-23 18:36 11081728 c:\windows\ie8updates\KB2586448-IE8\ieframe.dll
+ 2011-08-16 22:59 . 2011-04-26 15:11 11081728 c:\windows\ie8updates\KB2559049-IE8\ieframe.dll
+ 2011-06-17 00:42 . 2011-02-22 23:06 11080704 c:\windows\ie8updates\KB2530548-IE8\ieframe.dll
+ 2012-02-17 04:45 . 2012-02-17 04:45 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
+ 2012-02-17 04:53 . 2012-02-17 04:53 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
+ 2012-02-17 04:52 . 2012-02-17 04:52 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1cdcd6d97627d345d5ff446e6ec88b97\System.ServiceModel.ni.dll
+ 2012-02-17 04:45 . 2012-02-17 04:45 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c8f8fb506c32500acc1b6190d054f26\System.Design.ni.dll
+ 2012-02-17 04:45 . 2012-02-17 04:45 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5060105fb9e169399fe45600b1e9215e\PresentationFramework.ni.dll
+ 2012-02-17 04:45 . 2012-02-17 04:45 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\0665bba8c9962deadc418881eb3a2a2a\PresentationCore.ni.dll
+ 2011-10-18 15:18 . 2011-10-18 15:18 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
+ 2011-11-05 08:49 . 2011-11-05 08:49 11083776 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\ieframe.dll
+ 2011-10-18 15:05 . 2011-08-22 23:47 11084288 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\ieframe.dll
+ 2011-06-25 06:03 . 2011-06-25 06:03 11083776 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\ieframe.dll
+ 2011-06-17 00:19 . 2011-04-25 16:09 11083776 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\ieframe.dll
+ 2011-09-16 00:35 . 2011-09-16 00:35 106095104 c:\windows\Installer\7e0b8.msp
+ 2011-09-16 00:34 . 2011-09-16 00:34 428804608 c:\windows\Installer\7dffb.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WordWeb"="c:\program files\WordWeb\wweb32.exe" [2009-11-09 65216]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13537280]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-07-11 1191936]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2009-4-1 1385400]
IPSecClient Icon.lnk - c:\program files\IPSec Client\trayicon.exe [2009-4-1 69632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1879669576-1145832802-666385194-7626\Scripts\Logon\0\0]
"Script"=NAVcheck.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Symantec AntiVirus\\Smc.exe"=
"c:\\Program Files\\Symantec AntiVirus\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\IBM\\SDP\\jdk\\jre\\bin\\javaw.exe"=
"c:\\IBM\\WebSphere\\AppServer\\java\\bin\\java.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\IBM\\SDP\\eclipse.exe"=
"c:\\Documents and Settings\\ravis\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\java\\bin\\java.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [7/31/2008 10:41 PM 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [7/31/2008 10:41 PM 21352]
R2 LucentIKE;LucentIKE;c:\program files\IPSec Client\lucentikesvc.exe [4/1/2009 5:28 PM 53248]
R2 OracleCSService;OracleCSService;c:\oracle\product\10.1.0\Db_1\bin\ocssd.exe service --> c:\oracle\product\10.1.0\Db_1\bin\ocssd.exe service [?]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [1/22/2010 9:57 PM 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [1/22/2010 9:00 PM 563760]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [4/1/2009 4:27 PM 112128]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [4/1/2009 4:07 PM 32808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [4/1/2009 4:00 PM 244368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/3/2012 4:00 AM 106104]
R3 LuIPSec;Lucent VPN Miniport;c:\windows\system32\drivers\luipsec.sys [4/1/2009 5:28 PM 270804]
R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [4/1/2009 3:58 PM 148056]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [4/1/2009 3:58 PM 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [4/1/2009 3:58 PM 277440]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/20/2010 1:27 PM 136176]
S3 cnnctfy2MP;cnnctfy2MP;c:\windows\system32\DRIVERS\cnnctfy2.sys --> c:\windows\system32\DRIVERS\cnnctfy2.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/12/2010 2:11 PM 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/20/2010 1:27 PM 136176]
S3 OracleOraDb10g_home1SNMPPeerEncapsulator;OracleOraDb10g_home1SNMPPeerEncapsulator;c:\oracle\product\10.1.0\Db_1\BIN\encsvc.exe [9/21/2010 3:10 PM 187392]
S3 OracleOraDb10g_home1SNMPPeerMasterAgent;OracleOraDb10g_home1SNMPPeerMasterAgent;c:\oracle\product\10.1.0\Db_1\BIN\agntsvc.exe [9/21/2010 3:10 PM 254464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AsusACPI
sptisrv
w200mdm
SiS300i
iAimFP5
lanusb
F700iat
oracle_load_balancer_60_client-forms6ip9
szkg
KLOGNT
symlcbrd
rbfilter
MtxDma0
anydvd
nvpvrmon
deltafw
armoucfltr
cpqnicmgmt
viaagp1
sfng32
iwebmsg
acdservice
aksfridge
sp_clamsrv
SRS_SSCFilter
nvnforce
caili
cicsclient
btnhnd
naimagent32
dnsexit
backupexecalertserver
adobeactivefilemonitor5.0
mozyFilter
motmodem
AcronisOSSReinstallSvc
mcvsrte
steamdvr
NICSer_WPC300N
PEVSystemStart
hpzipr12
k750obex
HFACSVC
sglfb
TcUsb
nwrdr
nvedavt
nimcdlbk
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 18:26]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 18:26]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1879669576-1145832802-666385194-24616Core.job
- c:\documents and settings\ravis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-15 20:02]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1879669576-1145832802-666385194-24616UA.job
- c:\documents and settings\ravis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-15 20:02]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <-loopback>;*.local
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
DPF: {AA3B0DA1-5B87-4023-A73C-870093008954} - [You must be registered and logged in to see this link.]
DPF: {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\ravis\Application Data\Mozilla\Firefox\Profiles\hi4mcift.default\
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-KB00820405 - c:\documents and settings\ravis\Application Data\KB00820405.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-03-07 20:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2196)
c:\windows\system32\WININET.dll
c:\program files\TortoiseCVS\TortoiseShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Microsoft Shared\OFFICE12\MSOXEV.DLL
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Symantec AntiVirus\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\idt\dellxpm09b_6087v035\wdm\stacsv.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\IPSec Client\LucentIKE.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\nvsvc32.exe
c:\oracle\product\10.1.0\Db_1\bin\ocssd.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\rpcnet.exe
c:\oracle\product\10.1.0\Db_1\bin\ocssd.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\vmnat.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Symantec AntiVirus\SmcGui.exe
c:\windows\System32\NOTEPAD.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\NOTEPAD.EXE
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2012-03-07 21:01:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-08 02:00
ComboFix2.txt 2011-04-28 18:50
.
Pre-Run: 119,838,396,416 bytes free
Post-Run: 120,314,798,080 bytes free
.
- - End Of File - - 91FE01B889638AF1375F80F983207E4F

zeroaccess
Novice
Novice

Posts Posts : 15
Joined Joined : 2012-03-07
Gender Gender : Male
OS OS : XP
Points Points : 17543
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Urgent Help with Trojan.Zeroaccess!inf

Post by zeroaccess on Thu Mar 08, 2012 2:21 am

Please let me know steps to follow. And do you think I'll need help for virus removal? I am asking this because you said you will be assisting with Malware removal only.
Thanks Anyway.. My system already looks smooth.

zeroaccess
Novice
Novice

Posts Posts : 15
Joined Joined : 2012-03-07
Gender Gender : Male
OS OS : XP
Points Points : 17543
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Urgent Help with Trojan.Zeroaccess!inf

Post by Superdave on Thu Mar 08, 2012 3:02 am

Please run aswMBR.exe again and post the log.

Re-running ComboFix to remove infections:


  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::

    Firefox::
    Trusted Zone: $talisma_url$

    DDS::

    Trusted Zone: $talisma_url$
  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • I don't need to see this log from this script.

********************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download [You must be registered and logged in to see this link.]
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from [You must be registered and logged in to see this link.]
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
***************************************************
Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Urgent Help with Trojan.Zeroaccess!inf

Post by zeroaccess on Thu Mar 08, 2012 1:34 pm

Logs from aswMBR:

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-07 13:12:55
-----------------------------
13:12:55.734 OS Version: Windows 5.1.2600 Service Pack 3
13:12:55.734 Number of processors: 2 586 0x170A
13:12:55.734 ComputerName: RSHARMA6400 UserName: ravis
13:13:13.796 Initialize success
13:19:42.640 AVAST engine defs: 12030700
13:34:17.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:34:17.390 Disk 0 Vendor: WDC_WD2500BJKT-75F4T0 11.01A11 Size: 238475MB BusType: 3
13:34:17.437 Disk 0 MBR read successfully
13:34:17.453 Disk 0 MBR scan
13:34:17.531 Disk 0 Windows XP default MBR code
13:34:17.546 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 180 MB offset 63
13:34:17.593 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 238292 MB offset 369495
13:34:17.609 Disk 0 scanning sectors +488392065
13:34:17.718 Disk 0 scanning C:\WINDOWS\system32\drivers
13:34:25.656 File: C:\WINDOWS\system32\drivers\i8042prt.sys **INFECTED** Win32:Alureon-AQT [Rtk]
13:34:34.609 Disk 0 trace - called modules:
13:34:34.640 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8ad9afd0]<<
13:34:34.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae1d908]
13:34:34.640 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> [0x8aeeb030]
13:34:34.640 \Driver\00000462[0x8ae2c178] -> IRP_MJ_CREATE -> 0x8ad9afd0
13:34:36.921 AVAST engine scan C:\WINDOWS
13:34:40.718 AVAST engine scan C:\WINDOWS\system32
13:36:48.812 AVAST engine scan C:\WINDOWS\system32\drivers
13:36:56.968 File: C:\WINDOWS\system32\drivers\i8042prt.sys **INFECTED** Win32:Alureon-AQT [Rtk]
13:37:05.937 AVAST engine scan C:\Documents and Settings\ravis
15:39:31.140 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ravis\Desktop\MBR.dat"
15:39:31.453 The log file has been saved successfully to "C:\Documents and Settings\ravis\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-07 13:12:55
-----------------------------
13:12:55.734 OS Version: Windows 5.1.2600 Service Pack 3
13:12:55.734 Number of processors: 2 586 0x170A
13:12:55.734 ComputerName: RSHARMA6400 UserName: ravis
13:13:13.796 Initialize success
13:19:42.640 AVAST engine defs: 12030700
13:34:17.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:34:17.390 Disk 0 Vendor: WDC_WD2500BJKT-75F4T0 11.01A11 Size: 238475MB BusType: 3
13:34:17.437 Disk 0 MBR read successfully
13:34:17.453 Disk 0 MBR scan
13:34:17.531 Disk 0 Windows XP default MBR code
13:34:17.546 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 180 MB offset 63
13:34:17.593 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 238292 MB offset 369495
13:34:17.609 Disk 0 scanning sectors +488392065
13:34:17.718 Disk 0 scanning C:\WINDOWS\system32\drivers
13:34:25.656 File: C:\WINDOWS\system32\drivers\i8042prt.sys **INFECTED** Win32:Alureon-AQT [Rtk]
13:34:34.609 Disk 0 trace - called modules:
13:34:34.640 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8ad9afd0]<<
13:34:34.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae1d908]
13:34:34.640 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> [0x8aeeb030]
13:34:34.640 \Driver\00000462[0x8ae2c178] -> IRP_MJ_CREATE -> 0x8ad9afd0
13:34:36.921 AVAST engine scan C:\WINDOWS
13:34:40.718 AVAST engine scan C:\WINDOWS\system32
13:36:48.812 AVAST engine scan C:\WINDOWS\system32\drivers
13:36:56.968 File: C:\WINDOWS\system32\drivers\i8042prt.sys **INFECTED** Win32:Alureon-AQT [Rtk]
13:37:05.937 AVAST engine scan C:\Documents and Settings\ravis
15:39:31.140 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ravis\Desktop\MBR.dat"
15:39:31.453 The log file has been saved successfully to "C:\Documents and Settings\ravis\Desktop\aswMBR.txt"
17:55:04.468 File: C:\Documents and Settings\ravis\Desktop\SecurityCheck.exe **HIDDEN**
17:56:53.453 AVAST engine scan C:\Documents and Settings\All Users
18:03:22.968 Scan finished successfully
18:20:15.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ravis\Desktop\MBR.dat"
18:20:16.062 The log file has been saved successfully to "C:\Documents and Settings\ravis\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-07 13:12:55
-----------------------------
13:12:55.734 OS Version: Windows 5.1.2600 Service Pack 3
13:12:55.734 Number of processors: 2 586 0x170A
13:12:55.734 ComputerName: RSHARMA6400 UserName: ravis
13:13:13.796 Initialize success
13:19:42.640 AVAST engine defs: 12030700
13:34:17.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:34:17.390 Disk 0 Vendor: WDC_WD2500BJKT-75F4T0 11.01A11 Size: 238475MB BusType: 3
13:34:17.437 Disk 0 MBR read successfully
13:34:17.453 Disk 0 MBR scan
13:34:17.531 Disk 0 Windows XP default MBR code
13:34:17.546 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 180 MB offset 63
13:34:17.593 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 238292 MB offset 369495
13:34:17.609 Disk 0 scanning sectors +488392065
13:34:17.718 Disk 0 scanning C:\WINDOWS\system32\drivers
13:34:25.656 File: C:\WINDOWS\system32\drivers\i8042prt.sys **INFECTED** Win32:Alureon-AQT [Rtk]
13:34:34.609 Disk 0 trace - called modules:
13:34:34.640 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8ad9afd0]<<
13:34:34.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae1d908]
13:34:34.640 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> [0x8aeeb030]
13:34:34.640 \Driver\00000462[0x8ae2c178] -> IRP_MJ_CREATE -> 0x8ad9afd0
13:34:36.921 AVAST engine scan C:\WINDOWS
13:34:40.718 AVAST engine scan C:\WINDOWS\system32
13:36:48.812 AVAST engine scan C:\WINDOWS\system32\drivers
13:36:56.968 File: C:\WINDOWS\system32\drivers\i8042prt.sys **INFECTED** Win32:Alureon-AQT [Rtk]
13:37:05.937 AVAST engine scan C:\Documents and Settings\ravis
15:39:31.140 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ravis\Desktop\MBR.dat"
15:39:31.453 The log file has been saved successfully to "C:\Documents and Settings\ravis\Desktop\aswMBR.txt"
17:55:04.468 File: C:\Documents and Settings\ravis\Desktop\SecurityCheck.exe **HIDDEN**
17:56:53.453 AVAST engine scan C:\Documents and Settings\All Users
18:03:22.968 Scan finished successfully
18:20:15.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ravis\Desktop\MBR.dat"
18:20:16.062 The log file has been saved successfully to "C:\Documents and Settings\ravis\Desktop\aswMBR.txt"
18:20:27.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ravis\Desktop\MBR.dat"
18:20:27.359 The log file has been saved successfully to "C:\Documents and Settings\ravis\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-07 13:12:55
-----------------------------
13:12:55.734 OS Version: Windows 5.1.2600 Service Pack 3
13:12:55.734 Number of processors: 2 586 0x170A
13:12:55.734 ComputerName: RSHARMA6400 UserName: ravis
13:13:13.796 Initialize success
13:19:42.640 AVAST engine defs: 12030700
13:34:17.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:34:17.390 Disk 0 Vendor: WDC_WD2500BJKT-75F4T0 11.01A11 Size: 238475MB BusType: 3
13:34:17.437 Disk 0 MBR read successfully
13:34:17.453 Disk 0 MBR scan
13:34:17.531 Disk 0 Windows XP default MBR code
13:34:17.546 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 180 MB offset 63
13:34:17.593 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 238292 MB offset 369495
13:34:17.609 Disk 0 scanning sectors +488392065
13:34:17.718 Disk 0 scanning C:\WINDOWS\system32\drivers
13:34:25.656 File: C:\WINDOWS\system32\drivers\i8042prt.sys **INFECTED** Win32:Alureon-AQT [Rtk]
13:34:34.609 Disk 0 trace - called modules:
13:34:34.640 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8ad9afd0]<<
13:34:34.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae1d908]
13:34:34.640 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> [0x8aeeb030]
13:34:34.640 \Driver\00000462[0x8ae2c178] -> IRP_MJ_CREATE -> 0x8ad9afd0
13:34:36.921 AVAST engine scan C:\WINDOWS
13:34:40.718 AVAST engine scan C:\WINDOWS\system32
13:36:48.812 AVAST engine scan C:\WINDOWS\system32\drivers
13:36:56.968 File: C:\WINDOWS\system32\drivers\i8042prt.sys **INFECTED** Win32:Alureon-AQT [Rtk]
13:37:05.937 AVAST engine scan C:\Documents and Settings\ravis
15:39:31.140 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ravis\Desktop\MBR.dat"
15:39:31.453 The log file has been saved successfully to "C:\Documents and Settings\ravis\Desktop\aswMBR.txt"
17:55:04.468 File: C:\Documents and Settings\ravis\Desktop\SecurityCheck.exe **HIDDEN**
17:56:53.453 AVAST engine scan C:\Documents and Settings\All Users
18:03:22.968 Scan finished successfully
18:20:15.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ravis\Desktop\MBR.dat"
18:20:16.062 The log file has been saved successfully to "C:\Documents and Settings\ravis\Desktop\aswMBR.txt"
18:20:27.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ravis\Desktop\MBR.dat"
18:20:27.359 The log file has been saved successfully to "C:\Documents and Settings\ravis\Desktop\aswMBR.txt"
18:20:41.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ravis\Desktop\MBR.dat"
18:20:41.984 The log file has been saved successfully to "C:\Documents and Settings\ravis\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-08 00:09:51
-----------------------------
00:09:51.281 OS Version: Windows 5.1.2600 Service Pack 3
00:09:51.281 Number of processors: 2 586 0x170A
00:09:51.281 ComputerName: RSHARMA6400 UserName: ravis
00:10:04.515 Initialize success
00:10:15.437 AVAST engine defs: 12030701
00:10:20.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
00:10:20.062 Disk 0 Vendor: WDC_WD2500BJKT-75F4T0 11.01A11 Size: 238475MB BusType: 3
00:10:20.140 Disk 0 MBR read successfully
00:10:20.156 Disk 0 MBR scan
00:10:20.312 Disk 0 Windows XP default MBR code
00:10:20.343 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 180 MB offset 63
00:10:20.390 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 238292 MB offset 369495
00:10:20.453 Disk 0 scanning sectors +488392065
00:10:20.578 Disk 0 scanning C:\WINDOWS\system32\drivers
00:10:31.218 Service scanning
00:10:49.140 Modules scanning
00:10:53.234 Disk 0 trace - called modules:
00:10:53.296 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
00:10:58.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aef6ab8]
00:10:58.859 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ae2cd98]
00:10:59.875 AVAST engine scan C:\WINDOWS
00:11:03.734 AVAST engine scan C:\WINDOWS\system32
00:12:57.171 AVAST engine scan C:\WINDOWS\system32\drivers
00:13:11.859 AVAST engine scan C:\Documents and Settings\ravis
04:41:55.515 AVAST engine scan C:\Documents and Settings\All Users
04:47:25.656 Scan finished successfully
07:16:33.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ravis\Desktop\MBR.dat"
07:16:33.765 The log file has been saved successfully to "C:\Documents and Settings\ravis\Desktop\aswMBR.txt"


Will run SUPERAntiSpyware and MBAM now...

zeroaccess
Novice
Novice

Posts Posts : 15
Joined Joined : 2012-03-07
Gender Gender : Male
OS OS : XP
Points Points : 17543
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Urgent Help with Trojan.Zeroaccess!inf

Post by Superdave on Thu Mar 08, 2012 2:31 pm

Please go to [You must be registered and logged in to see this link.]
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code:
C:\WINDOWS\system32\drivers\i8042prt.sys 

* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
************************************************************

  • Download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Urgent Help with Trojan.Zeroaccess!inf

Post by zeroaccess on Thu Mar 08, 2012 5:15 pm

SUPERAntiSpyware Logs:

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 03/08/2012 at 11:50 AM

Application Version : 5.0.1146

Core Rules Database Version : 8315
Trace Rules Database Version: 6127

Scan type : Complete Scan
Total Scan Time : 03:06:51

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 643
Memory threats detected : 0
Registry items scanned : 34703
Registry threats detected : 0
File items scanned : 757946
File threats detected : 28

Trojan.Agent/Gen-Sefnit
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\INSTALLMATE\{32F7DD37-9A2A-B2E0-8C17-57316B50E0C4}\_SETUP.DLL

Adware.Tracking Cookie
account.goodgamestudios.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\K4AFYPL2 ]
cdn.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\K4AFYPL2 ]
cdn2.baronsmedia.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\K4AFYPL2 ]
content.yieldmanager.edgesuite.net [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\K4AFYPL2 ]
convoad.technoratimedia.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\K4AFYPL2 ]
core.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\K4AFYPL2 ]
kaltura.hutchmedia.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\K4AFYPL2 ]
media.heavy.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\K4AFYPL2 ]
media.kyte.tv [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\K4AFYPL2 ]
media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\K4AFYPL2 ]
media.npr.org [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\K4AFYPL2 ]
media.whosay.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\K4AFYPL2 ]
media1.break.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\K4AFYPL2 ]
media2.onsugar.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\K4AFYPL2 ]
media4.onsugar.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\K4AFYPL2 ]
msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\K4AFYPL2 ]
objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\K4AFYPL2 ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\K4AFYPL2 ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\K4AFYPL2 ]
sftrack.searchforce.net [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\K4AFYPL2 ]
speed.pointroll.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\K4AFYPL2 ]
tag.2bluemedia.hiro.tv [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\K4AFYPL2 ]
tag.mediashakers.hiro.tv [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\K4AFYPL2 ]
vitamine.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\K4AFYPL2 ]
[You must be registered and logged in to see this link.] [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\K4AFYPL2 ]

Trojan.Agent/Gen-Sirefef
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000031.SYS

zeroaccess
Novice
Novice

Posts Posts : 15
Joined Joined : 2012-03-07
Gender Gender : Male
OS OS : XP
Points Points : 17543
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Urgent Help with Trojan.Zeroaccess!inf

Post by zeroaccess on Thu Mar 08, 2012 9:44 pm

MBAM Logs:

Malwarebytes Anti-Malware 1.60.1.1000
[You must be registered and logged in to see this link.]

Database version: v2012.03.08.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ravis :: RSHARMA6400 [administrator]

3/8/2012 12:20:01 PM
mbam-log-2012-03-08 (12-20-01).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 745155
Time elapsed: 3 hour(s), 36 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 145
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000069.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000070.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000071.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000073.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000074.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000075.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000076.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000077.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000078.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000079.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000080.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000081.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000082.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000083.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000084.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000085.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000086.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000087.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000088.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000089.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000091.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000092.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000093.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000094.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000095.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000096.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000097.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000098.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000099.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000100.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000101.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000102.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000103.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000104.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000105.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000072.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000090.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000216.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000234.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001149.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001167.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001203.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001221.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000204.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000205.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000206.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000207.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000208.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000209.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000210.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000211.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000212.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000213.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000214.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000215.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000217.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000218.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000219.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000220.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000221.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000222.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000223.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000224.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000225.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000226.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000227.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000228.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000229.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000230.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000231.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000232.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000233.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000235.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000236.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000237.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000238.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0000239.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001133.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001134.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001135.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001136.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001137.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001138.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001139.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001140.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001141.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001142.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001143.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001144.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001145.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001146.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001147.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001148.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001150.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001151.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001152.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001153.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001154.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001155.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001156.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001157.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001158.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001159.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001160.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001161.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001162.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001163.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001164.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001165.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001166.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001168.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001204.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001205.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001206.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001207.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001208.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001209.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001210.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001211.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001212.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001213.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001214.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001215.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001216.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001217.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001218.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001219.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001220.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001222.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001223.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001224.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001225.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001226.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001227.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001228.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001229.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001230.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001231.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001232.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001233.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001234.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001235.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001236.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001237.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9CC1861-E441-467E-8082-E65F54719D9E}\RP1\A0001238.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

(end)

Link from Jotti's malware scan:
[You must be registered and logged in to see this link.]

Running TDSSKiller now

zeroaccess
Novice
Novice

Posts Posts : 15
Joined Joined : 2012-03-07
Gender Gender : Male
OS OS : XP
Points Points : 17543
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Urgent Help with Trojan.Zeroaccess!inf

Post by zeroaccess on Thu Mar 08, 2012 9:49 pm

No infections found by TDSSKiller.

Also my Symantec is reporting that comboFix is a trojan. Is it possible that it can get infected?


zeroaccess
Novice
Novice

Posts Posts : 15
Joined Joined : 2012-03-07
Gender Gender : Male
OS OS : XP
Points Points : 17543
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Urgent Help with Trojan.Zeroaccess!inf

Post by Superdave on Thu Mar 08, 2012 11:30 pm

Also my Symantec is reporting that comboFix is a trojan. Is it possible that it can get infected?
That's normal. No worries.

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

[You must be registered and logged in to see this link.]

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

  • At the bottom of the page

    • Hidden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Urgent Help with Trojan.Zeroaccess!inf

Post by zeroaccess on Fri Mar 09, 2012 1:29 pm

Logs from SysProt:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: B6F91000
Module End: B6FA9000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: BA668000
Module End: BA66A000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAlertResumeThread
Address: 83CBF938
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwAlertThread
Address: 83CBF9F8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwAllocateVirtualMemory
Address: 83CCD8C0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwConnectPort
Address: 87015828
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateMutant
Address: 83CD57F8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThread
Address: 83CD4448
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwFreeVirtualMemory
Address: 83CD46A0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwImpersonateAnonymousToken
Address: 83CD2970
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwImpersonateThread
Address: 83CBF900
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwMapViewOfSection
Address: 8B029A20
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenEvent
Address: 83CCE900
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcessToken
Address: 83CA6378
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThreadToken
Address: 83CBD258
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwResumeThread
Address: 83CA5610
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetContextThread
Address: 83CAA228
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetInformationProcess
Address: 83CC0920
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetInformationThread
Address: 83CAE260
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSuspendProcess
Address: 83CD56B0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSuspendThread
Address: 83CCF568
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: 83CC4B00
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateThread
Address: 83CAA1F0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwUnmapViewOfSection
Address: 83CA6EB8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwWriteVirtualMemory
Address: 8A774E98
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\6ee3ce9dfaee4caeb5d2c3db18519a\amd64\filterpipelineprintproc.dll
Status: Access denied

Object: C:\6ee3ce9dfaee4caeb5d2c3db18519a\amd64\msxpsdrv.cat
Status: Access denied

Object: C:\6ee3ce9dfaee4caeb5d2c3db18519a\amd64\msxpsdrv.inf
Status: Access denied

Object: C:\6ee3ce9dfaee4caeb5d2c3db18519a\amd64\msxpsinc.gpd
Status: Access denied

Object: C:\6ee3ce9dfaee4caeb5d2c3db18519a\amd64\msxpsinc.ppd
Status: Access denied

Object: C:\6ee3ce9dfaee4caeb5d2c3db18519a\amd64\mxdwdrv.dll
Status: Access denied

Object: C:\6ee3ce9dfaee4caeb5d2c3db18519a\amd64\xpssvcs.dll
Status: Access denied

Object: C:\6ee3ce9dfaee4caeb5d2c3db18519a\i386\filterpipelineprintproc.dll
Status: Access denied

Object: C:\6ee3ce9dfaee4caeb5d2c3db18519a\i386\msxpsdrv.cat
Status: Access denied

Object: C:\6ee3ce9dfaee4caeb5d2c3db18519a\i386\msxpsdrv.inf
Status: Access denied

Object: C:\6ee3ce9dfaee4caeb5d2c3db18519a\i386\msxpsinc.gpd
Status: Access denied

Object: C:\6ee3ce9dfaee4caeb5d2c3db18519a\i386\msxpsinc.ppd
Status: Access denied

Object: C:\6ee3ce9dfaee4caeb5d2c3db18519a\i386\mxdwdrv.dll
Status: Access denied

Object: C:\6ee3ce9dfaee4caeb5d2c3db18519a\i386\xpssvcs.dll
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\E7B1F351.TMP
Status: Access denied

Object: C:\Documents and Settings\ravis\Desktop\Motive\AdminC\.metadata\.plugins\org.eclipse.wst.server.core\tmp0\ConfigurationManager\WEB-INF\classes\com\motive\serviceview\configurationmanager\actions\zipexchange\ZipConfigUploadAction$PerItemMergeConflictResolv
Status: Hidden

Object: C:\Documents and Settings\ravis\Desktop\Motive\WorkSpace\.metadata\.plugins\org.eclipse.wst.server.core\tmp0\ConfigurationManager\WEB-INF\classes\com\motive\serviceview\configurationmanager\actions\testModuleThrottlingTabs\TestModuleThrottlingConfiguratio
Status: Hidden


zeroaccess
Novice
Novice

Posts Posts : 15
Joined Joined : 2012-03-07
Gender Gender : Male
OS OS : XP
Points Points : 17543
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Urgent Help with Trojan.Zeroaccess!inf

Post by Superdave on Fri Mar 09, 2012 6:55 pm

Please update me on how your computer is working.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Urgent Help with Trojan.Zeroaccess!inf

Post by zeroaccess on Sat Mar 10, 2012 8:31 pm

My computer looks fine and working very smooth right now.

Its only my Symantech is reporting threats from ComboFix quarantine folder.
I just finished 18 hour long ESET scan and nothing found in that scan.

Thank you so much for the help. Please let me know what steps needs to be done next. Also please provide your personal donation link in your next post.

Please suggest which is the most trusted Antivirus or Malware protection software/tool should I use to avoid this hassle in the future.

zeroaccess
Novice
Novice

Posts Posts : 15
Joined Joined : 2012-03-07
Gender Gender : Male
OS OS : XP
Points Points : 17543
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Urgent Help with Trojan.Zeroaccess!inf

Post by Superdave on Sat Mar 10, 2012 11:45 pm

Its only my Symantech is reporting threats from ComboFix quarantine folder.
I just finished 18 hour long ESET scan and nothing found in that scan.
That's normal. We'll get rid of those right now.
Also please provide your personal donation link in your next post.
I don't have one but there could be one on this site.
Please suggest which is the most trusted Antivirus or Malware protection software/tool should I use to avoid this hassle in the future.
Below you will find a list of free AV's. I prefer MSE but everyone has different opinions. I like MSE because it's lite-weight, not a resource hog like some, no hassles installation and updates every day.

Remember to only install one antivirus!

1) [You must be registered and logged in to see this link.]
2) [You must be registered and logged in to see this link.]
3) [You must be registered and logged in to see this link.]
4) [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]
4-a) [You must be registered and logged in to see this link.]
5) [You must be registered and logged in to see this link.] (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) [You must be registered and logged in to see this link.]
7) [You must be registered and logged in to see this link.]

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
********************************************************
To uninstall ComboFix


  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall




(Note: Make sure there's a space between the word ComboFix and the forward-slash.)


  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

*************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
*************************************************
Clean out your temporary internet files and temp files.

Download [You must be registered and logged in to see this link.] to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
**************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) [You must be registered and logged in to see this link.] (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) [You must be registered and logged in to see this link.]
3) [You must be registered and logged in to see this link.]
4) [You must be registered and logged in to see this link.]

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
***************************************************
Use the [You must be registered and logged in to see this link.] to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to [You must be registered and logged in to see this link.] and get all critical updates.

----------

I suggest using [You must be registered and logged in to see this link.]. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

[You must be registered and logged in to see this link.]- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* [You must be registered and logged in to see this link.] from Spyware and Malware
* If you don't know what ActiveX controls are, see [You must be registered and logged in to see this link.]

Protect yourself against spyware using the Immunize feature in [You must be registered and logged in to see this link.] Guide: [You must be registered and logged in to see this link.] to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. [You must be registered and logged in to see this link.]

Check out [You must be registered and logged in to see this link.] for tips and free tools to help keep you safe in the future.

Also see [You must be registered and logged in to see this link.] for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Urgent Help with Trojan.Zeroaccess!inf

Post by zeroaccess on Sun Mar 11, 2012 5:59 pm

Hi Dave,

I tried cleaning up using above steps but I can still see all the software: Mbam, sysprot, SuperAntiSpyware, SecurityCheck, TFC, aswMBR are still present at my desktop.

Also command "ComboFix /uninstall" didn't run for me. I tried all the combinations too.

There is also one more wired behavior at startup. I see 2 text files being open up every time my computer restarts.
Screen shot is attached:
[You must be registered and logged in to see this link.]

Let me know how can we fix it.

zeroaccess
Novice
Novice

Posts Posts : 15
Joined Joined : 2012-03-07
Gender Gender : Male
OS OS : XP
Points Points : 17543
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Urgent Help with Trojan.Zeroaccess!inf

Post by Superdave on Mon Mar 12, 2012 1:27 am

I tried cleaning up using above steps but I can still see all the software: Mbam, sysprot, SuperAntiSpyware, SecurityCheck, TFC, aswMBR are still present at my desktop.
You can uninstall/delete those programs.

Download this program and run it [You must be registered and logged in to see this link.] .It will remove ComboFix for you

*********************************************
To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.
*************************************************
There is also one more wired behavior at startup. I see 2 text files being open up every time my computer restarts.
I've never seen this before. Is this the first time this has happened?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Urgent Help with Trojan.Zeroaccess!inf

Post by zeroaccess on Thu Mar 15, 2012 1:28 am

That started happening after I ran ComboFix for the first time long back. If I remember correctly my laptop got hang and I had to force reboot my laptop while combofix was in process to clean my laptop. And after that I see those 2 files open everytime my laptop reboots.

zeroaccess
Novice
Novice

Posts Posts : 15
Joined Joined : 2012-03-07
Gender Gender : Male
OS OS : XP
Points Points : 17543
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Urgent Help with Trojan.Zeroaccess!inf

Post by Superdave on Thu Mar 15, 2012 7:06 pm

ComboFix is a very powerful program and should not be used without the guidance of a malware expert. I suspect that's what happened here and since it happened long ago, I wouldn't know how to fix it now. Those text files must have a name. Try running a search for them and delete them, if found.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum