Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix says infected with ZeroAccess!


  • This topic is locked This topic is locked
46 replies to this topic

#1 zohan

zohan

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 09 April 2012 - 11:13 AM

Problems started with google redirects. I have run Malwarebytes, SuperAntispyware. I have run Sophos Antirookit, aswMBR, ESET Surefe/ZeroAccess Remover, Symantec Fix Zero Access. Now I have not simptoms of a virus. Computer runs great. All the above tools find nothing. However, when I run combofix, it shows im infected with Rootkit ZeroAccess. So, I don't know if I got rid of it or not.

When I ran Defogger, It said finished but did NOT ask me to reboot.

Here are more details to what I have done.
http://www.bleepingcomputer.com/forums/topic449180.html/page__gopid__2659169#entry2659169

Attached Files


Edited by zohan, 09 April 2012 - 11:15 AM.


BC AdBot (Login to Remove)

 


#2 zohan

zohan
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 13 April 2012 - 08:01 AM

I noticed every one is copying and pasting the logs, and not attaching them. So, I will do the same.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by MistaHigh at 9:33:20 on 2012-04-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3293.2298 [GMT -4:00]
.
AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Outdated* {EABF038F-AF98-4D2A-9A8B-CC58C0370865}
FW: Trend Micro Personal Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Documents and Settings\MistaHigh\Application Data\Dropbox\bin\Dropbox.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
C:\Program Files\Trend Micro\Client Server Security Agent\Misc\xpupg.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntupd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1040\TmIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NBAgent] "c:\program files\nero\nero 11\nero backitup\NBAgent.exe" /WinStart
StartupFolder: c:\docume~1\mistah~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\mistahigh\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - hxxp://dsra1he.ds.adp.com/sdccommon/download/tgctlsi.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://dsra1he.ds.adp.com/sdccommon/download/tgctlcm.cab
DPF: {01118F00-3E00-11D2-8470-0060089874ED} - hxxp://dsra1he.ds.adp.com/sdccommon/download/ssrc.cab
DPF: {01119400-3E00-11D2-8470-0060089874ED} - hxxp://dsra1he.ds.adp.com/sdccommon/download/sprtctlln.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP31-13320/event/ieatgpc.cab
TCP: Interfaces\{B4E41797-AF70-44FD-B760-333F2806F0E9} : NameServer = 68.87.71.226,68.87.73.242
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\client server security agent\bho\1040\TmIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2012-4-3 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2012-4-3 12464]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\comodo\dragon\dragon_updater.exe [2012-3-28 407288]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-11-25 687400]
R2 spiceworks;Spiceworks;c:\program files\spiceworks\bin\spiceworks.exe [2012-2-28 47672]
R2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\trend micro\client server security agent\hostedagent\svcGenericHost.exe [2012-2-24 50704]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2011-7-12 36624]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2011-8-3 144480]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2010-11-8 341584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\TmXPFlt.sys [2011-7-12 262416]
S3 BLRQLV;BLRQLV;c:\docume~1\mistah~1\locals~1\temp\blrqlv.exe --> c:\docume~1\mistah~1\locals~1\temp\BLRQLV.exe [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011-9-29 24576]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1f.tmp --> c:\windows\system32\1F.tmp [?]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2012-3-30 54544]
S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\trend micro\client server security agent\TmPfw.exe [2010-7-21 497080]
S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2011-12-22 689680]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2011-12-19 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-04 19:36:21 -------- d-----w- C:\ComboFix
2012-04-04 16:32:26 98816 ----a-w- c:\windows\sed.exe
2012-04-04 16:32:26 518144 ----a-w- c:\windows\SWREG.exe
2012-04-04 16:32:26 256000 ----a-w- c:\windows\PEV.exe
2012-04-04 16:32:26 208896 ----a-w- c:\windows\MBR.exe
2012-04-03 20:57:05 -------- d-----w- c:\documents and settings\mistahigh\application data\FixZeroAccess
2012-04-03 18:56:09 -------- d-----w- c:\documents and settings\mistahigh\local settings\application data\Nero
2012-04-03 18:44:41 -------- d-----w- c:\documents and settings\all users\application data\Nero
2012-04-03 18:39:31 12464 ----a-w- c:\windows\system32\drivers\NBVolUp.sys
2012-04-03 18:39:29 56496 ----a-w- c:\windows\system32\drivers\NBVol.sys
2012-04-03 18:39:28 -------- d-----w- c:\program files\Nero
2012-04-03 18:35:46 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-04-03 18:35:46 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-04-03 18:35:46 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-04-03 18:35:45 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-04-03 18:35:45 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-04-03 18:35:41 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-04-03 18:35:37 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-04-03 18:35:32 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-04-03 18:35:27 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2012-04-03 18:35:23 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2012-04-03 18:35:13 -------- d-----w- c:\windows\Logs
2012-04-03 17:33:32 -------- d-----w- c:\program files\Sophos
2012-04-03 15:33:59 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-04-03 15:33:59 3140608 ----a-w- c:\windows\system32\GfxUI.exe
2012-04-03 15:33:59 121344 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-04-03 15:33:58 86528 ----a-w- c:\windows\system32\igfxresn.lrc
2012-04-03 15:33:58 81920 ----a-w- c:\windows\system32\igfxCoIn_v5402.dll
2012-04-03 14:43:12 -------- d-----w- c:\documents and settings\mistahigh\application data\QFX Software
2012-04-03 14:43:12 -------- d-----w- c:\documents and settings\all users\application data\QFX Software
2012-04-03 14:39:14 -------- d-----w- c:\program files\KeyScrambler
2012-04-02 20:22:49 -------- d-----w- c:\program files\ESET
2012-04-02 15:58:56 -------- d-----w- c:\documents and settings\mistahigh\application data\SUPERAntiSpyware.com
2012-04-02 15:58:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-02 15:58:24 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-03-30 20:59:10 62224 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-03-30 20:59:10 54544 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-03-30 20:59:10 165136 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-03-30 20:58:06 -------- d-----w- c:\program files\Trend Micro
2012-03-30 20:21:48 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-03-30 20:20:30 -------- dc-h--w- c:\windows\ie8
2012-03-30 16:17:52 -------- d-----w- c:\documents and settings\mistahigh\application data\Malwarebytes
2012-03-30 16:17:50 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 16:17:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-30 16:17:50 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-03-30 16:09:37 56624 ----a-w- c:\windows\cscmondump.bin
2012-03-30 14:47:21 -------- d-sha-r- C:\cmdcons
2012-03-30 14:32:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-28 15:07:18 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-03-28 15:07:18 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-28 15:07:09 -------- d-----w- C:\9b997376e132fa86e6aff614
2012-03-27 16:40:18 -------- d-----w- c:\documents and settings\mistahigh\local settings\application data\ArcSoft
2012-03-27 16:40:06 -------- d-----w- c:\documents and settings\all users\application data\ArcSoft
2012-03-27 16:35:57 -------- d-----w- c:\program files\Kodak
2012-03-27 16:32:17 -------- d-----w- c:\documents and settings\all users\application data\Kodak
2012-03-22 16:37:20 -------- d-----w- c:\documents and settings\mistahigh\application data\PDAppFlex
2012-03-22 16:37:12 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe
2012-03-21 19:31:28 -------- d-----w- c:\program files\Fiddler2
2012-03-12 16:49:45 -------- d-----w- c:\documents and settings\mistahigh\local settings\application data\BigHammer
.
==================== Find3M ====================
.
2012-03-30 14:34:05 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-03-09 18:55:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-28 06:10:26 947472 ----a-w- c:\windows\system32\msjava.dll
2012-02-23 16:56:26 4126720 ----a-w- c:\windows\system32\igxpdx32.dll
2012-02-23 16:56:24 3486048 ----a-w- c:\windows\system32\igxpdv32.dll
2012-02-23 16:56:20 2019232 ----a-w- c:\windows\system32\drivers\igxpmp32.sys
2012-02-23 16:56:18 58368 ----a-w- c:\windows\system32\igxprd32.dll
2012-02-23 16:56:18 183296 ----a-w- c:\windows\system32\igxpgd32.dll
2012-02-23 16:56:16 982240 ----a-w- c:\windows\system32\igkrng500.bin
2012-02-23 16:56:16 439308 ----a-w- c:\windows\system32\igcompkrng500.bin
2012-02-23 16:45:08 11346432 ----a-w- c:\windows\system32\ig4icd32.dll
2012-02-23 16:37:54 85504 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-02-23 16:37:54 828928 ----a-w- c:\windows\system32\igfxress.dll
2012-02-23 16:37:54 214528 ----a-w- c:\windows\system32\igfxdev.dll
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
.
============= FINISH: 9:33:35.14 ===============







GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-09 11:19:40
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10 WDC_WD5000AAKX-001CA0 rev.15.01H15
Running: 0uukx5sw.exe; Driver: C:\DOCUME~1\MISTAH~1\LOCALS~1\Temp\pwloipoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA7BE4640]

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\MISTAH~1\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !
? C:\DOCUME~1\MISTAH~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3396] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3396] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3396] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3396] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3396] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3396] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3396] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3396] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3396] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3396] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3396] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3396] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3396] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[5088] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605629 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5636] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5636] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5636] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5636] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5636] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5636] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5636] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5636] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5636] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 NBVolUp.sys (Nero Backup Volume Upper Filter Driver for the Disk Stack/Nero AG)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\MistaHigh\Local Settings\Temporary Internet Files\Content.IE5\F421RLFP\locationResultsView[1].jsp 97943 bytes
File C:\Documents and Settings\MistaHigh\Local Settings\Temporary Internet Files\Content.IE5\F421RLFP\index[1].htm 74650 bytes

---- EOF - GMER 1.0.15 ----

Edited by zohan, 13 April 2012 - 08:05 AM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:42 PM

Posted 14 April 2012 - 08:03 AM

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

p.s.
If you run ComboFix and are asked to update the version please do so.

#4 zohan

zohan
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 17 April 2012 - 12:04 PM

Here is the log.

ComboFix 12-04-16.03 - MistaHigh 04/17/2012 11:45:56.12.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3293.2769 [GMT -4:00]
Running from: c:\documents and settings\MistaHigh\Desktop\ComboFix.exe
AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Outdated* {EABF038F-AF98-4D2A-9A8B-CC58C0370865}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\merakpop3.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINPOWERRMI
-------\Service_winpowerrmi
.
.
((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
.
.
2012-04-03 20:57 . 2012-04-03 20:57 -------- d-----w- c:\documents and settings\MistaHigh\Application Data\FixZeroAccess
2012-04-03 18:56 . 2012-04-03 18:56 -------- d-----w- c:\documents and settings\MistaHigh\Local Settings\Application Data\Nero
2012-04-03 18:55 . 2012-04-03 18:55 -------- d-----w- c:\documents and settings\MistaHigh\Application Data\Nero
2012-04-03 18:45 . 2012-04-03 18:49 -------- d-----w- c:\program files\Common Files\Nero
2012-04-03 18:44 . 2012-04-03 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2012-04-03 18:39 . 2011-12-01 15:40 12464 ----a-w- c:\windows\system32\drivers\NBVolUp.sys
2012-04-03 18:39 . 2011-12-01 15:40 56496 ----a-w- c:\windows\system32\drivers\NBVol.sys
2012-04-03 18:39 . 2012-04-03 18:53 -------- d-----w- c:\program files\Nero
2012-04-03 17:33 . 2012-04-03 17:33 -------- d-----w- c:\program files\Sophos
2012-04-03 15:33 . 2012-02-23 16:38 3140608 ----a-w- c:\windows\system32\GfxUI.exe
2012-04-03 15:33 . 2012-02-23 16:37 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-04-03 15:33 . 2012-02-23 16:37 121344 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-04-03 15:33 . 2012-02-23 17:01 81920 ----a-w- c:\windows\system32\igfxCoIn_v5402.dll
2012-04-03 15:33 . 2012-02-23 16:38 86528 ----a-w- c:\windows\system32\igfxresn.lrc
2012-04-03 14:43 . 2012-04-03 14:43 -------- d-----w- c:\documents and settings\MistaHigh\Application Data\QFX Software
2012-04-03 14:43 . 2012-04-03 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\QFX Software
2012-04-03 14:39 . 2012-04-06 15:35 -------- d-----w- c:\program files\KeyScrambler
2012-04-02 20:22 . 2012-04-02 20:22 -------- d-----w- c:\program files\ESET
2012-04-02 15:58 . 2012-04-02 15:58 -------- d-----w- c:\documents and settings\MistaHigh\Application Data\SUPERAntiSpyware.com
2012-04-02 15:58 . 2012-04-02 15:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-02 15:58 . 2012-04-02 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-03-30 20:59 . 2011-10-03 21:05 62224 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-03-30 20:59 . 2011-10-03 21:05 54544 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-03-30 20:59 . 2011-10-03 21:05 165136 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-03-30 20:58 . 2012-03-30 20:59 -------- d-----w- c:\program files\Trend Micro
2012-03-30 20:21 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-03-30 20:20 . 2012-03-30 20:21 -------- dc-h--w- c:\windows\ie8
2012-03-30 16:17 . 2012-03-30 16:17 -------- d-----w- c:\documents and settings\MistaHigh\Application Data\Malwarebytes
2012-03-30 16:17 . 2012-03-30 16:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-30 16:17 . 2012-03-30 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-30 16:17 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 16:09 . 2012-03-30 16:09 56624 ----a-w- c:\windows\cscmondump.bin
2012-03-30 14:32 . 2012-03-30 14:32 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-28 15:07 . 2012-03-28 15:07 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-28 15:07 . 2012-03-28 15:07 -------- d-----w- C:\9b997376e132fa86e6aff614
2012-03-28 14:18 . 2012-03-28 14:18 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-03-27 16:40 . 2012-03-27 16:40 -------- d-----w- c:\documents and settings\MistaHigh\Local Settings\Application Data\ArcSoft
2012-03-27 16:40 . 2012-03-28 15:06 -------- d-----w- c:\documents and settings\MistaHigh\Application Data\ArcSoft
2012-03-27 16:40 . 2012-03-28 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2012-03-27 16:39 . 2012-03-28 15:06 -------- d-----w- c:\program files\Common Files\ArcSoft
2012-03-27 16:39 . 2012-03-27 16:39 -------- d-----w- c:\program files\ArcSoft
2012-03-27 16:35 . 2012-03-27 16:39 -------- d-----w- c:\program files\Kodak
2012-03-27 16:32 . 2012-03-27 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2012-03-26 12:43 . 2012-03-26 12:43 -------- d-----w- c:\program files\Google
2012-03-22 16:37 . 2012-03-22 16:37 -------- d-----w- c:\documents and settings\MistaHigh\Application Data\PDAppFlex
2012-03-22 16:37 . 2012-03-22 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2012-03-21 19:31 . 2012-03-21 19:31 -------- d-----w- c:\program files\Fiddler2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-30 14:34 . 2008-04-14 12:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-03-09 18:55 . 2011-08-05 14:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-02-28 06:10 . 2012-02-28 06:10 947472 ----a-w- c:\windows\system32\msjava.dll
2012-02-23 16:56 . 2011-08-03 07:36 4126720 ----a-w- c:\windows\system32\igxpdx32.dll
2012-02-23 16:56 . 2011-08-03 07:36 3486048 ----a-w- c:\windows\system32\igxpdv32.dll
2012-02-23 16:56 . 2011-08-03 07:36 2019232 ----a-w- c:\windows\system32\drivers\igxpmp32.sys
2012-02-23 16:56 . 2011-08-03 07:36 58368 ----a-w- c:\windows\system32\igxprd32.dll
2012-02-23 16:56 . 2011-08-03 07:36 183296 ----a-w- c:\windows\system32\igxpgd32.dll
2012-02-23 16:45 . 2011-08-03 07:36 11346432 ----a-w- c:\windows\system32\ig4icd32.dll
2012-02-23 16:38 . 2011-08-03 07:36 86016 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-02-23 16:38 . 2011-08-03 07:36 86016 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-02-23 16:38 . 2011-08-03 07:36 86016 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-02-23 16:38 . 2011-08-03 07:36 85504 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-02-23 16:38 . 2011-08-03 07:36 85504 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-02-23 16:38 . 2011-08-03 07:36 85504 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-02-23 16:38 . 2011-08-03 07:36 85504 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-02-23 16:38 . 2011-08-03 07:36 84992 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-02-23 16:38 . 2011-08-03 07:36 86528 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-02-23 16:38 . 2011-08-03 07:36 86528 ----a-w- c:\windows\system32\igfxrell.lrc
2012-02-23 16:38 . 2011-08-03 07:36 86016 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-02-23 16:38 . 2011-08-03 07:36 86016 ----a-w- c:\windows\system32\igfxrita.lrc
2012-02-23 16:38 . 2011-08-03 07:36 86016 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-02-23 16:38 . 2011-08-03 07:36 85504 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-02-23 16:38 . 2011-08-03 07:36 85504 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-02-23 16:38 . 2011-08-03 07:36 84480 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-02-23 16:38 . 2011-08-03 07:36 82944 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-02-23 16:38 . 2011-08-03 07:36 82944 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-02-23 16:38 . 2011-08-03 07:36 86016 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-02-23 16:38 . 2011-08-03 07:36 85504 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-02-23 16:38 . 2011-08-03 07:36 85504 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-02-23 16:38 . 2011-08-03 07:36 84992 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-02-23 16:38 . 2011-08-03 07:36 84480 ----a-w- c:\windows\system32\igfxrara.lrc
2012-02-23 16:38 . 2011-08-03 07:36 81920 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-02-23 16:38 . 2011-08-03 07:36 81920 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-02-23 16:38 . 2011-08-03 07:36 129536 ----a-w- c:\windows\system32\igfxtray.exe
2012-02-23 16:38 . 2011-08-03 07:36 194048 ----a-w- c:\windows\system32\igfxpph.dll
2012-02-23 16:38 . 2011-08-03 07:36 115200 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-02-23 16:38 . 2011-08-03 07:36 164352 ----a-w- c:\windows\system32\hkcmd.exe
2012-02-23 16:38 . 2011-08-03 07:36 23552 ----a-w- c:\windows\system32\igfxexps.dll
2012-02-23 16:38 . 2011-08-03 07:36 172032 ----a-w- c:\windows\system32\igfxext.exe
2012-02-23 16:38 . 2011-08-03 07:36 140800 ----a-w- c:\windows\system32\igfxpers.exe
2012-02-23 16:38 . 2011-08-03 07:36 130048 ----a-w- c:\windows\system32\igfxdo.dll
2012-02-23 16:38 . 2011-08-03 07:36 57344 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-02-23 16:38 . 2011-08-03 07:36 258048 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-02-23 16:38 . 2011-08-03 07:36 95232 ----a-w- c:\windows\system32\hccutils.dll
2012-02-23 16:37 . 2011-08-03 07:36 85504 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-02-23 16:37 . 2011-08-03 07:36 828928 ----a-w- c:\windows\system32\igfxress.dll
2012-02-23 16:37 . 2011-08-03 07:36 214528 ----a-w- c:\windows\system32\igfxdev.dll
2012-02-03 09:22 . 2008-04-14 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-04_17.02.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-17 16:24 . 2012-04-17 16:24 16384 c:\windows\Temp\Perflib_Perfdata_740.dat
+ 2008-04-14 12:00 . 2012-04-17 15:37 80962 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2012-04-04 14:37 80962 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2011-12-17 19:46 66560 c:\windows\system32\mshtmled.dll
+ 2008-04-14 12:00 . 2012-03-01 11:01 66560 c:\windows\system32\mshtmled.dll
- 2012-02-21 18:50 . 2011-12-17 19:46 55296 c:\windows\system32\msfeedsbs.dll
+ 2012-02-21 18:50 . 2012-03-01 11:01 55296 c:\windows\system32\msfeedsbs.dll
- 2008-04-14 12:00 . 2011-12-17 19:46 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-14 12:00 . 2012-03-01 11:01 25600 c:\windows\system32\jsproxy.dll
+ 2011-08-04 12:54 . 2012-03-01 11:01 12800 c:\windows\system32\dllcache\xpshims.dll
- 2011-08-04 12:54 . 2011-12-17 19:46 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2008-04-14 12:00 . 2012-03-01 11:01 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2008-04-14 12:00 . 2011-12-17 19:46 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2011-08-04 12:54 . 2011-12-17 19:46 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2011-08-04 12:54 . 2012-03-01 11:01 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-04-14 12:00 . 2012-03-01 11:01 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2008-04-14 12:00 . 2011-12-17 19:46 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2008-04-14 12:00 . 2011-12-17 19:46 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 12:00 . 2012-03-01 11:01 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2012-04-11 20:18 . 2012-04-11 20:18 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-04-11 20:18 . 2012-04-11 20:18 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-04-11 20:18 . 2012-04-11 20:18 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-04-11 20:18 . 2012-04-11 20:18 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-04-11 20:18 . 2012-04-11 20:18 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-04-04 14:38 . 2012-04-04 14:38 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-11 20:21 . 2011-12-17 19:46 12800 c:\windows\ie8updates\KB2675157-IE8\xpshims.dll
+ 2012-04-11 20:21 . 2011-12-17 19:46 66560 c:\windows\ie8updates\KB2675157-IE8\mshtmled.dll
+ 2012-04-11 20:21 . 2011-12-17 19:46 55296 c:\windows\ie8updates\KB2675157-IE8\msfeedsbs.dll
+ 2012-04-11 20:21 . 2011-12-17 19:46 43520 c:\windows\ie8updates\KB2675157-IE8\licmgr10.dll
+ 2012-04-11 20:21 . 2011-12-17 19:46 25600 c:\windows\ie8updates\KB2675157-IE8\jsproxy.dll
+ 2012-04-11 20:46 . 2012-04-11 20:46 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\36124bfc4baaa1c2063d699e77324080\System.Web.DynamicData.Design.ni.dll
+ 2012-04-11 20:20 . 2012-04-11 20:20 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-04-11 20:20 . 2012-04-11 20:20 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-03-02 13:57 . 2012-03-02 13:57 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-03-02 13:57 . 2012-03-02 13:57 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2008-04-14 12:00 . 2011-12-17 19:46 105984 c:\windows\system32\url.dll
+ 2008-04-14 12:00 . 2012-03-01 11:01 105984 c:\windows\system32\url.dll
+ 2008-04-14 12:00 . 2012-04-17 15:37 487884 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2012-04-04 14:37 487884 c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2012-03-01 11:01 206848 c:\windows\system32\occache.dll
- 2008-04-14 12:00 . 2011-12-17 19:46 206848 c:\windows\system32\occache.dll
+ 2008-04-14 12:00 . 2012-03-01 11:01 611840 c:\windows\system32\mstime.dll
- 2008-04-14 12:00 . 2011-12-17 19:46 611840 c:\windows\system32\mstime.dll
+ 2012-02-21 18:50 . 2012-03-01 11:01 602112 c:\windows\system32\msfeeds.dll
- 2012-02-21 18:50 . 2011-12-17 19:46 602112 c:\windows\system32\msfeeds.dll
- 2008-04-14 12:00 . 2011-12-17 19:46 184320 c:\windows\system32\iepeers.dll
+ 2008-04-14 12:00 . 2012-03-01 11:01 184320 c:\windows\system32\iepeers.dll
+ 2008-04-14 12:00 . 2012-03-01 11:01 387584 c:\windows\system32\iedkcs32.dll
- 2008-04-14 12:00 . 2011-12-17 19:46 387584 c:\windows\system32\iedkcs32.dll
- 2008-04-14 12:00 . 2011-12-16 12:23 174080 c:\windows\system32\ie4uinit.exe
+ 2008-04-14 12:00 . 2012-02-29 12:17 174080 c:\windows\system32\ie4uinit.exe
- 2008-04-14 12:00 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2008-04-14 12:00 . 2012-02-29 14:10 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2008-04-14 12:00 . 2012-03-01 11:01 916992 c:\windows\system32\dllcache\wininet.dll
- 2008-04-14 12:00 . 2011-12-17 19:46 916992 c:\windows\system32\dllcache\wininet.dll
+ 2008-04-14 12:00 . 2012-03-01 11:01 105984 c:\windows\system32\dllcache\url.dll
- 2008-04-14 12:00 . 2011-12-17 19:46 105984 c:\windows\system32\dllcache\url.dll
- 2008-04-14 12:00 . 2011-12-17 19:46 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 12:00 . 2012-03-01 11:01 206848 c:\windows\system32\dllcache\occache.dll
- 2008-04-14 12:00 . 2011-12-17 19:46 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-04-14 12:00 . 2012-03-01 11:01 611840 c:\windows\system32\dllcache\mstime.dll
+ 2011-08-04 12:54 . 2012-03-01 11:01 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2011-08-04 12:54 . 2011-12-17 19:46 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-04-14 12:00 . 2012-02-29 14:10 148480 c:\windows\system32\dllcache\imagehlp.dll
+ 2011-08-04 12:54 . 2012-03-01 11:01 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2011-08-04 12:54 . 2011-12-17 19:46 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2008-04-14 12:00 . 2011-12-17 19:46 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2008-04-14 12:00 . 2012-03-01 11:01 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2011-08-04 12:54 . 2012-03-01 11:01 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2011-08-04 12:54 . 2011-12-17 19:46 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2008-04-14 12:00 . 2012-03-01 11:01 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2008-04-14 12:00 . 2011-12-17 19:46 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-04-14 12:00 . 2012-02-29 12:17 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-04-14 12:00 . 2011-12-16 12:23 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2012-01-21 21:40 . 2012-01-21 21:40 616216 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
+ 2012-01-31 07:38 . 2012-01-31 07:38 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-04-11 20:18 . 2012-04-11 20:18 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-04-11 20:18 . 2012-04-11 20:18 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-04-11 20:18 . 2012-04-11 20:18 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-04-11 20:18 . 2012-04-11 20:18 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-04-11 20:18 . 2012-04-11 20:18 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-04-11 20:18 . 2012-04-11 20:18 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-04-11 20:18 . 2012-04-11 20:18 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-04-11 20:18 . 2012-04-11 20:18 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 616216 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-04-11 20:18 . 2012-04-11 20:18 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-04-11 20:18 . 2012-04-11 20:18 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-04-11 20:18 . 2012-04-11 20:18 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-04-11 20:18 . 2012-04-11 20:18 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-04-11 20:18 . 2012-04-11 20:18 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-04-11 20:18 . 2012-04-11 20:18 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-04-11 20:18 . 2012-04-11 20:18 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-04-11 20:18 . 2012-04-11 20:18 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-04-08 07:38 . 2012-04-08 07:38 341504 c:\windows\Installer\89770a8.msi
+ 2012-02-03 03:56 . 2012-02-03 03:56 963584 c:\windows\Installer\1ac0e638.msp
+ 2012-04-11 20:21 . 2011-12-17 19:46 916992 c:\windows\ie8updates\KB2675157-IE8\wininet.dll
+ 2012-04-11 20:21 . 2011-12-17 19:46 105984 c:\windows\ie8updates\KB2675157-IE8\url.dll
+ 2012-04-11 20:21 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2675157-IE8\spuninst\updspapi.dll
+ 2012-04-11 20:21 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2675157-IE8\spuninst\spuninst.exe
+ 2012-04-11 20:21 . 2011-12-17 19:46 206848 c:\windows\ie8updates\KB2675157-IE8\occache.dll
+ 2012-04-11 20:21 . 2011-12-17 19:46 611840 c:\windows\ie8updates\KB2675157-IE8\mstime.dll
+ 2012-04-11 20:21 . 2011-12-17 19:46 602112 c:\windows\ie8updates\KB2675157-IE8\msfeeds.dll
+ 2012-04-11 20:21 . 2011-12-17 19:46 247808 c:\windows\ie8updates\KB2675157-IE8\ieproxy.dll
+ 2012-04-11 20:21 . 2011-12-17 19:46 184320 c:\windows\ie8updates\KB2675157-IE8\iepeers.dll
+ 2012-04-11 20:21 . 2011-12-17 19:46 743424 c:\windows\ie8updates\KB2675157-IE8\iedvtool.dll
+ 2012-04-11 20:21 . 2011-12-17 19:46 387584 c:\windows\ie8updates\KB2675157-IE8\iedkcs32.dll
+ 2012-04-11 20:21 . 2011-12-16 12:23 174080 c:\windows\ie8updates\KB2675157-IE8\ie4uinit.exe
+ 2012-04-11 20:47 . 2012-04-11 20:47 252416 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\d3f175cefc439ba7d036a7f8f0ebe0c2\WindowsFormsIntegration.ni.dll
+ 2012-04-11 20:47 . 2012-04-11 20:47 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\873202699833a0c3d031c82b556a7296\System.ServiceProcess.ni.dll
+ 2012-04-11 20:47 . 2012-04-11 20:47 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\8bbad53639576996991c10977adab5ca\System.Messaging.ni.dll
+ 2012-04-11 20:47 . 2012-04-11 20:47 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\471bb0cccb42e476fe2aefec0ca91d86\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-04-11 20:22 . 2012-04-11 20:22 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\5be064066858620a8aa628fca459a888\WindowsFormsIntegration.ni.dll
+ 2012-04-11 20:46 . 2012-04-11 20:46 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\1107b3a711bab40c83e2561ba2431d62\System.Web.Routing.ni.dll
+ 2012-04-11 20:46 . 2012-04-11 20:46 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\d7c8c294920cfe79765215e242308d28\System.Web.Extensions.Design.ni.dll
+ 2012-04-11 20:46 . 2012-04-11 20:46 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\5176923a8264305118a299419e1c7bde\System.Web.Entity.ni.dll
+ 2012-04-11 20:46 . 2012-04-11 20:46 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d746c0f0ed36226efb2e0115de42cdd6\System.Web.Entity.Design.ni.dll
+ 2012-04-11 20:46 . 2012-04-11 20:46 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\df5542604898c9ea3fda32c8619ae0e5\System.Web.DynamicData.ni.dll
+ 2012-04-11 20:46 . 2012-04-11 20:46 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\b9c8715157536097b489132574ad5c17\System.Web.Abstractions.ni.dll
+ 2012-04-11 20:46 . 2012-04-11 20:46 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e433394df8d44e43690a855e403555\System.ServiceProcess.ni.dll
+ 2012-04-11 20:22 . 2012-04-11 20:22 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\cc2cd3bc46c9c2b30e47281e404a3230\System.Drawing.Design.ni.dll
+ 2012-04-11 20:46 . 2012-04-11 20:46 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\8d6cd6a93f679608d52b6c874088b963\AspNetMMCExt.ni.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-04-11 20:20 . 2012-04-11 20:20 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-04-11 20:20 . 2012-04-11 20:20 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-04-11 20:20 . 2012-04-11 20:20 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2008-04-14 12:00 . 2011-12-17 19:46 1212416 c:\windows\system32\urlmon.dll
+ 2008-04-14 12:00 . 2012-03-01 11:01 1212416 c:\windows\system32\urlmon.dll
+ 2008-04-14 12:00 . 2012-03-01 11:01 5978624 c:\windows\system32\mshtml.dll
- 2009-03-08 08:32 . 2011-12-17 19:46 2000384 c:\windows\system32\iertutil.dll
+ 2009-03-08 08:32 . 2012-03-01 11:01 2000384 c:\windows\system32\iertutil.dll
- 2008-04-14 12:00 . 2011-12-17 19:46 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 12:00 . 2012-03-01 11:01 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 12:00 . 2012-03-01 11:01 5978624 c:\windows\system32\dllcache\mshtml.dll
- 2011-08-04 12:54 . 2011-12-17 19:46 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2011-08-04 12:54 . 2012-03-01 11:01 2000384 c:\windows\system32\dllcache\iertutil.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-04-11 20:18 . 2012-04-11 20:18 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 3511880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 3511880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-04-11 20:18 . 2012-04-11 20:18 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-04-11 20:18 . 2012-04-11 20:18 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-04-11 20:17 . 2012-04-11 20:17 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-04-04 14:38 . 2012-04-04 14:38 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-01-22 14:09 . 2012-01-22 14:09 1700352 c:\windows\Installer\1ac0e632.msp
+ 2012-04-11 20:21 . 2011-12-17 19:46 1212416 c:\windows\ie8updates\KB2675157-IE8\urlmon.dll
+ 2012-04-11 20:21 . 2011-12-17 19:46 5979136 c:\windows\ie8updates\KB2675157-IE8\mshtml.dll
+ 2012-04-11 20:21 . 2011-12-17 19:46 2000384 c:\windows\ie8updates\KB2675157-IE8\iertutil.dll
+ 2012-04-11 20:18 . 2012-04-11 20:18 3798016 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\64bc66b117a976cc4972e4376290c95d\WindowsBase.ni.dll
+ 2012-04-11 20:47 . 2012-04-11 20:47 4586496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\e8781973fbd0c7a4703e37052f45b783\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-04-11 20:47 . 2012-04-11 20:47 1050112 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\241c6a208037e498657a9e85e398f5a4\System.Printing.ni.dll
+ 2012-04-11 20:18 . 2012-04-11 20:18 1665024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9ac7922025e72297069a82a403cb59fa\System.Drawing.ni.dll
+ 2012-04-11 20:47 . 2012-04-11 20:47 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\2a3e6c74bc3763eefe27c55d9cad3fda\System.Deployment.ni.dll
+ 2012-04-11 20:47 . 2012-04-11 20:47 3713024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\8881093f626f25e558129c833b525ff5\System.Activities.Presentation.ni.dll
+ 2012-04-11 20:47 . 2012-04-11 20:47 2859008 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\385f2b705df4c3fbc6654005f1a38943\ReachFramework.ni.dll
+ 2012-04-11 20:47 . 2012-04-11 20:47 1631744 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\b895a66fa91475e1958d5a2ad63281ca\PresentationUI.ni.dll
+ 2012-04-11 20:47 . 2012-04-11 20:47 1139712 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\f960d80ddf45a02d21a36fcb728b3008\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-04-11 20:47 . 2012-04-11 20:47 1836544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\03bc4ff490bc2c544c5f61842a394883\Microsoft.VisualBasic.ni.dll
+ 2012-04-11 20:47 . 2012-04-11 20:47 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\d31d2eb0a862d3c1d3561be5f1570c3e\System.WorkflowServices.ni.dll
+ 2012-04-11 20:46 . 2012-04-11 20:46 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\53c2336db392bfa5484850780048e37a\System.Workflow.ComponentModel.ni.dll
+ 2012-04-11 20:46 . 2012-04-11 20:46 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\f243723cda77dd647b250dd9c42c35e2\System.Workflow.Activities.ni.dll
+ 2012-04-11 20:46 . 2012-04-11 20:46 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d1dacd5cb445b242b70bf7d606464293\System.Web.Mobile.ni.dll
+ 2012-04-11 20:46 . 2012-04-11 20:46 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6acbb8bb1a43fab0fdcf55bedd1fbcc3\System.Web.Extensions.ni.dll
+ 2012-04-11 20:22 . 2012-04-11 20:22 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\44d507a702c1623810e094adf751f687\System.Printing.ni.dll
+ 2012-04-11 20:22 . 2012-04-11 20:22 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll
+ 2012-04-11 20:46 . 2012-04-11 20:46 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3d253a2235f7c03630003bc1fbaf34a3\System.Deployment.ni.dll
+ 2012-04-11 20:22 . 2012-04-11 20:22 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\c73e109dbac6b099786cc68fe36e3d0b\ReachFramework.ni.dll
+ 2012-04-11 20:22 . 2012-04-11 20:22 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\20d72aeac1109863b77532d37d3f4fa2\PresentationUI.ni.dll
+ 2012-04-11 20:46 . 2012-04-11 20:46 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ec4a3f74cb80c9b9581d778e8645b2c\Microsoft.VisualBasic.ni.dll
+ 2012-04-11 20:46 . 2012-04-11 20:46 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\876b7280cf4e81fd65b120f60d38a7d9\Microsoft.Build.Tasks.ni.dll
+ 2012-04-11 20:46 . 2012-04-11 20:46 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\64ba53308e90fa3837fe47977e2d37b6\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-04-11 20:20 . 2012-04-11 20:20 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-04-11 20:20 . 2012-04-11 20:20 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-04-11 20:20 . 2012-04-11 20:20 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-04-11 20:21 . 2012-04-11 20:21 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-03-02 13:57 . 2012-03-02 13:57 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-08-04 12:48 . 2012-04-11 20:15 55154568 c:\windows\system32\MRT.exe
+ 2009-03-08 08:39 . 2012-03-02 10:01 11082752 c:\windows\system32\ieframe.dll
+ 2011-08-04 12:54 . 2012-03-02 10:01 11082752 c:\windows\system32\dllcache\ieframe.dll
+ 2012-04-11 20:21 . 2011-12-18 18:46 11082240 c:\windows\ie8updates\KB2675157-IE8\ieframe.dll
+ 2012-04-11 20:18 . 2012-04-11 20:18 13196800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\67b05b57919dfc3a1521f33198495f5b\System.Windows.Forms.ni.dll
+ 2012-04-11 20:18 . 2012-04-11 20:19 17671168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d5be46bcb4eba96a282fb0129b00918d\PresentationFramework.ni.dll
+ 2012-04-11 20:18 . 2012-04-11 20:18 11106816 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\503f6775eb81ff6d97a3e93a70ff8d6e\PresentationCore.ni.dll
+ 2012-04-11 20:22 . 2012-04-11 20:22 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll
+ 2012-04-11 20:46 . 2012-04-11 20:46 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\db1d2470de43ffcb6f562277208d56e5\System.Web.ni.dll
+ 2012-04-11 20:22 . 2012-04-11 20:22 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\561138d8d199861578c197c4d24e3934\System.Design.ni.dll
+ 2012-04-11 20:22 . 2012-04-11 20:22 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\029d1d9e6495065aa4f38bcf2315ee8c\PresentationFramework.ni.dll
+ 2012-04-11 20:22 . 2012-04-11 20:22 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\0a059ecfca6e421629a8298b03a7814c\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\MistaHigh\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\MistaHigh\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\MistaHigh\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\MistaHigh\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-02-01 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-02-22 1073312]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2012-01-09 1107472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-23 129536]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-23 164352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-23 140800]
"NBAgent"="c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2012-01-13 1493288]
.
c:\documents and settings\MistaHigh\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\MistaHigh\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2011-12-12 49254]
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\MistaHigh\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Documents and Settings\\MistaHigh\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"61117:UDP"= 61117:UDP:Trend Micro Client/Server Security Agent Broadcast
"61116:TCP"= 61116:TCP:Trend Micro Client/Server Security Agent Update
.
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [4/3/2012 2:39 PM 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [4/3/2012 2:39 PM 12464]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [4/13/2012 8:59 AM 409232]
R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [11/25/2011 4:32 PM 687400]
R2 spiceworks;Spiceworks;c:\program files\Spiceworks\bin\spiceworks.exe [2/28/2012 11:29 AM 47672]
R2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2/24/2012 8:01 PM 50704]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\tmpreflt.sys [7/12/2011 10:43 AM 36624]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [8/3/2011 3:39 AM 144480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [7/12/2011 10:44 AM 262416]
S3 BLRQLV;BLRQLV;c:\docume~1\MISTAH~1\LOCALS~1\Temp\BLRQLV.exe --> c:\docume~1\MISTAH~1\LOCALS~1\Temp\BLRQLV.exe [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [9/29/2011 2:25 PM 24576]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1F.tmp --> c:\windows\system32\1F.tmp [?]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/30/2012 4:59 PM 54544]
S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [12/22/2011 12:34 PM 689680]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12/19/2011 3:12 PM 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
serialkeys
dtscsi
acrsch2svc
PolarUSB
stac97
snapman380
mediaviewer
s116unic
vds
apphostsvc
emAudio
portio
sprtsvc_ddoctorv2
usb_rndisx
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-17 c:\windows\Tasks\AdobeAAMUpdater-1.0-HELPDESK-MistaHigh.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-03-22 22:59]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1229272821-1417001333-1003Core.job
- c:\documents and settings\MistaHigh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-30 18:23]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1229272821-1417001333-1003UA.job
- c:\documents and settings\MistaHigh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-30 18:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
Trusted Zone: adpcrm.net\woodall
Trusted Zone: adpremotesupport.com
Trusted Zone: bzbuzztrak.com\www
Trusted Zone: hmaservice.com
Trusted Zone: hstarsandy.com\www
Trusted Zone: hyundaidealer.com\dcs
Trusted Zone: hyundaidealer.com\webdcs
Trusted Zone: hyundaidealer.com\www
Trusted Zone: hyundaistarpower.com\www
Trusted Zone: hyundaivoc.com\www
TCP: Interfaces\{B4E41797-AF70-44FD-B760-333F2806F0E9}: NameServer = 68.87.71.226,68.87.73.242
DPF: {01118F00-3E00-11D2-8470-0060089874ED} - hxxp://dsra1he.ds.adp.com/sdccommon/download/ssrc.cab
DPF: {01119400-3E00-11D2-8470-0060089874ED} - hxxp://dsra1he.ds.adp.com/sdccommon/download/sprtctlln.cab
DPF: {2ADE19BB-1E79-4EC4-976E-AC74339ADD76} - hxxp://206.92.183.49:3002/ActiveViewGUI.cab
DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} - hxxp://206.92.183.49:3002/ActiveView.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-17 12:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1F.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-1229272821-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,95,ec,b4,52,6c,ce,43,b1,e2,9a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,95,ec,b4,52,6c,ce,43,b1,e2,9a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(788)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\msv1_0.dll
.
- - - - - - - > 'explorer.exe'(636)
c:\windows\system32\WININET.dll
c:\documents and settings\MistaHigh\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Spiceworks\httpd\bin\spiceworks-httpd.exe
c:\program files\Spiceworks\httpd\bin\spiceworks-httpd.exe
c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\Trend Micro\Client Server Security Agent\Misc\xpupg.exe
c:\program files\Trend Micro\Client Server Security Agent\pccntupd.exe
.
**************************************************************************
.
Completion time: 2012-04-17 12:38:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-17 16:38
ComboFix2.txt 2012-04-04 19:50
ComboFix3.txt 2012-04-04 19:06
ComboFix4.txt 2012-04-04 18:00
ComboFix5.txt 2012-04-17 15:38
.
Pre-Run: 400,004,186,112 bytes free
Post-Run: 400,067,407,872 bytes free
.
- - End Of File - - 0000EBAF5437C770C80D035D54E351B9

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:42 PM

Posted 17 April 2012 - 01:38 PM

I need to check further.

How is the computer performing?

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

one more
http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/525767-avg-reports-continuous-viruses-content-ie5-when-internet-connected.html

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
===

#6 zohan

zohan
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 17 April 2012 - 03:23 PM

Ok, So the computer seems normal, as it did before. Still, when I ran that combofix, when u said, it did come up with the message "infected with RootKit ZeroAccess!". I think, if were to run it again, it would still say that. It must be detecting something? But No problems before or after.

So, Now I ran OTL. It does not come up with two Notepad windows when finished. Only the one OTL.Txt comes up. Here is what that says.

OTL logfile created on: 4/17/2012 4:06:49 PM - Run 4
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\MistaHigh\Desktop\12345
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.22 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 78.79% Memory free
5.06 Gb Paging File | 4.58 Gb Available in Paging File | 90.53% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 372.62 Gb Free Space | 80.00% Space Free | Partition Type: NTFS

Computer Name: HELPDESK | User Name: MistaHigh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Comodo\Dragon\dragon_updater.exe ()
PRC - C:\Documents and Settings\MistaHigh\Desktop\12345\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Spiceworks\httpd\bin\spiceworks-httpd.exe (Apache Software Foundation)
PRC - C:\Program Files\Spiceworks\bin\spiceworks.exe (Spiceworks, Inc.)
PRC - C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Client Server Security Agent\Misc\xpupg.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Client Server Security Agent\PccNTUpd.exe (Trend Micro Inc.)
PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Comodo\Dragon\dragon_updater.exe ()
MOD - C:\WINDOWS\system32\Primomonnt.dll ()
MOD - C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll ()


========== Win32 Services (SafeList) ==========

SRV - (vds) -- %systemroot%\system32\nwlnkfwd.dll File not found
SRV - (usb_rndisx) -- %systemroot%\system32\w200mgmt.dll File not found
SRV - (stac97) -- %systemroot%\system32\fsssvc.dll File not found
SRV - (sprtsvc_ddoctorv2) -- %systemroot%\system32\rt2500.dll File not found
SRV - (snapman380) -- %systemroot%\system32\dtscsi.dll File not found
SRV - (serialkeys) -- %systemroot%\system32\usrbridg.dll File not found
SRV - (portio) -- %systemroot%\system32\dm1service.dll File not found
SRV - (PolarUSB) -- %systemroot%\system32\slabser.dll File not found
SRV - (emAudio) -- %systemroot%\system32\maxbackserviceint.dll File not found
SRV - (dtscsi) -- %systemroot%\system32\vnxservice.dll File not found
SRV - (BLRQLV) -- C:\DOCUME~1\MISTAH~1\LOCALS~1\Temp\BLRQLV.exe File not found
SRV - (apphostsvc) -- %systemroot%\system32\hpci.dll File not found
SRV - (DragonUpdater) -- C:\Program Files\Comodo\Dragon\dragon_updater.exe ()
SRV - (spiceworks) -- C:\Program Files\Spiceworks\bin\spiceworks.exe (Spiceworks, Inc.)
SRV - (svcGenericHost) -- C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe (Trend Micro Inc.)
SRV - (ntrtscan) -- C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe (Trend Micro Inc.)
SRV - (tmlisten) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe (Trend Micro Inc.)
SRV - (TmProxy) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe (Trend Micro Inc.)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (SupportSoft RemoteAssist) -- C:\WINDOWS\Downloaded Program Files\ssrc.exe ()


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (VBoxNetFlt) -- system32\DRIVERS\VBoxNetFlt.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MEMSWEEP2) -- C:\WINDOWS\system32\1F.tmp File not found
DRV - (mbr) -- C:\DOCUME~1\MISTAH~1\LOCALS~1\Temp\mbr.sys File not found
DRV - (lmimirr) -- system32\DRIVERS\lmimirr.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (VBoxNetAdp) -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV - (NBVol) -- C:\WINDOWS\system32\drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- C:\WINDOWS\system32\drivers\NBVolUp.sys (Nero AG)
DRV - (tmactmon) -- C:\WINDOWS\system32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmevtmgr) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (TmFilter) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys (Trend Micro Inc.)
DRV - (TmPreFilter) -- C:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys (Trend Micro Inc.)
DRV - (VSApiNt) -- C:\Program Files\Trend Micro\Client Server Security Agent\vsapiNT.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (HTCAND32) -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (HECI) Intel® -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (e1kexpress) Intel® -- C:\WINDOWS\system32\drivers\e1k5132.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 83 08 F9 D5 E5 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=IMB&o=15781&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=HP&apn_dtid=YYYYYYCLUS&apn_uid=0536584C-81D1-4357-A242-B3FF841B2F26&apn_sauid=EED4280D-E059-4F2F-8B7C-57E2B020E527
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\MistaHigh\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\MistaHigh\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\MistaHigh\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\MistaHigh\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\Client Server Security Agent\bho\1040\FirefoxExtension [2012/03/30 16:58:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files\Fiddler2\FiddlerHook [2012/03/21 15:31:29 | 000,000,000 | ---D | M]


Hosts file not found
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1040\TmIEPlg.dll (Trend Micro Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
O4 - Startup: C:\Documents and Settings\MistaHigh\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\MistaHigh\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O15 - HKCU\..Trusted Domains: adpcrm.net ([woodall] * in Trusted sites)
O15 - HKCU\..Trusted Domains: adpremotesupport.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: bzbuzztrak.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Trusted sites)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} http://dsra1he.ds.adp.com/sdccommon/download/tgctlsi.cab (SupportSoft SmartIssue)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://dsra1he.ds.adp.com/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {01118F00-3E00-11D2-8470-0060089874ED} http://dsra1he.ds.adp.com/sdccommon/download/ssrc.cab (SupportSoft RemoteControl Class)
O16 - DPF: {01119400-3E00-11D2-8470-0060089874ED} http://dsra1he.ds.adp.com/sdccommon/download/sprtctlln.cab (SupportSoft Listener Control)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} http://woodall.adpcrm.net/Report/cr/activexviewer92.cab (Crystal Report Viewer Control 9)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP31-13320/event/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4E41797-AF70-44FD-B760-333F2806F0E9}: NameServer = 68.87.71.226,68.87.73.242
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1040\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\MistaHigh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\MistaHigh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/03 03:21:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/08 03:38:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MistaHigh\Application Data\Mozilla
[2012/04/04 12:32:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/04 12:32:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/04 12:32:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/04 12:32:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/03 17:05:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/03 17:05:19 | 004,465,211 | R--- | C] (Swearware) -- C:\Documents and Settings\MistaHigh\Desktop\ComboFix.exe
[2012/04/03 16:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MistaHigh\Application Data\FixZeroAccess
[2012/04/03 14:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MistaHigh\Local Settings\Application Data\Nero
[2012/04/03 14:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MistaHigh\My Documents\NeroVideo
[2012/04/03 14:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MistaHigh\Application Data\Nero
[2012/04/03 14:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2012/04/03 14:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero
[2012/04/03 14:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2012/04/03 14:39:31 | 000,012,464 | ---- | C] (Nero AG) -- C:\WINDOWS\System32\drivers\NBVolUp.sys
[2012/04/03 14:39:29 | 000,056,496 | ---- | C] (Nero AG) -- C:\WINDOWS\System32\drivers\NBVol.sys
[2012/04/03 14:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2012/04/03 14:35:46 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2012/04/03 14:35:46 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2012/04/03 14:35:46 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2012/04/03 14:35:45 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2012/04/03 14:35:45 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2012/04/03 14:35:41 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2012/04/03 14:35:37 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2012/04/03 14:35:32 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2012/04/03 14:35:27 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2012/04/03 14:35:23 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2012/04/03 14:35:18 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2012/04/03 14:35:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2012/04/03 13:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/04/03 13:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2012/04/03 11:33:59 | 003,140,608 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\GfxUI.exe
[2012/04/03 11:33:59 | 000,121,344 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\gfxSrvc.dll
[2012/04/03 11:33:58 | 000,086,528 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxresn.lrc
[2012/04/03 11:33:58 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxCoIn_v5402.dll
[2012/04/03 10:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MistaHigh\Application Data\QFX Software
[2012/04/03 10:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QFX Software
[2012/04/03 10:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2012/04/02 16:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/02 11:58:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MistaHigh\Application Data\SUPERAntiSpyware.com
[2012/04/02 11:58:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/04/02 11:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/30 16:59:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trend Micro Client-Server Security Agent
[2012/03/30 16:59:10 | 000,165,136 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012/03/30 16:59:10 | 000,062,224 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2012/03/30 16:59:10 | 000,054,544 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2012/03/30 16:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/03/30 16:20:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/03/30 12:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MistaHigh\Application Data\Malwarebytes
[2012/03/30 12:17:50 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/30 12:17:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/30 12:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/30 10:47:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/30 10:45:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/30 10:45:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MistaHigh\Start Menu\Programs\Administrative Tools
[2012/03/30 10:32:49 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/30 09:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MistaHigh\Desktop\12345
[2012/03/28 11:07:09 | 000,000,000 | ---D | C] -- C:\9b997376e132fa86e6aff614
[2012/03/28 10:17:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/03/28 10:17:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/03/27 12:40:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MistaHigh\My Documents\My Print Creations
[2012/03/27 12:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MistaHigh\Local Settings\Application Data\ArcSoft
[2012/03/27 12:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MistaHigh\Application Data\ArcSoft
[2012/03/27 12:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Print Creations
[2012/03/27 12:40:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2012/03/27 12:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2012/03/27 12:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2012/03/27 12:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2012/03/27 12:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2012/03/26 08:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Calendar Sync
[2012/03/26 08:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/03/22 12:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MistaHigh\Application Data\PDAppFlex
[2012/03/22 12:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/03/21 15:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MistaHigh\My Documents\Fiddler2
[2012/03/21 15:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\Fiddler2
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/17 15:38:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1229272821-1417001333-1003UA.job
[2012/04/17 12:49:11 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2012/04/17 12:26:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/17 12:24:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/17 11:41:02 | 000,142,285 | ---- | M] () -- C:\Documents and Settings\MistaHigh\Desktop\screen.JPG
[2012/04/17 11:37:53 | 004,465,211 | R--- | M] (Swearware) -- C:\Documents and Settings\MistaHigh\Desktop\ComboFix.exe
[2012/04/17 11:37:41 | 000,487,884 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/17 11:37:41 | 000,080,962 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/17 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-HELPDESK-MistaHigh.job
[2012/04/17 01:38:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1229272821-1417001333-1003Core.job
[2012/04/13 13:50:12 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
[2012/04/11 16:15:12 | 000,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/10 11:56:02 | 000,008,510 | ---- | M] () -- C:\Documents and Settings\MistaHigh\.recently-used.xbel
[2012/04/05 10:53:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\MistaHigh\defogger_reenable
[2012/04/03 14:47:42 | 000,001,998 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero 11.lnk
[2012/04/03 09:53:03 | 003,612,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/30 16:42:10 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\MistaHigh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/30 12:09:37 | 000,056,624 | ---- | M] () -- C:\WINDOWS\cscmondump.bin
[2012/03/30 10:47:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/03/29 14:10:18 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/27 12:58:10 | 000,027,648 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2012/03/27 12:58:04 | 000,003,072 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2012/03/26 08:43:08 | 000,001,845 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
[2012/03/26 08:43:08 | 000,001,184 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Calendar.lnk
[2012/03/21 16:25:36 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/17 11:41:02 | 000,142,285 | ---- | C] () -- C:\Documents and Settings\MistaHigh\Desktop\screen.JPG
[2012/04/10 11:56:02 | 000,008,510 | ---- | C] () -- C:\Documents and Settings\MistaHigh\.recently-used.xbel
[2012/04/05 10:53:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\MistaHigh\defogger_reenable
[2012/04/04 12:32:26 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/04 12:32:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/04 12:32:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/04 12:32:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/04 12:32:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/03 14:47:42 | 000,001,998 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero 11.lnk
[2012/04/03 11:33:59 | 001,674,683 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2012/04/03 11:33:59 | 000,178,400 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.el-GR.resources
[2012/04/03 11:33:59 | 000,165,374 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.ru-RU.resources
[2012/04/03 11:33:59 | 000,139,901 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.ar-SA.resources
[2012/04/03 11:33:59 | 000,133,738 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.he-IL.resources
[2012/04/03 11:33:59 | 000,118,677 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.fi-FI.resources
[2012/04/03 11:33:59 | 000,118,049 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.sk-SK.resources
[2012/04/03 11:33:59 | 000,114,354 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.sl-SI.resources
[2012/04/03 11:33:59 | 000,102,872 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.zh-CN.resources
[2012/04/03 11:33:59 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2012/04/03 11:33:59 | 000,001,023 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
[2012/04/03 11:33:58 | 000,189,534 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.th-TH.resources
[2012/04/03 11:33:58 | 000,136,402 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.ja-JP.resources
[2012/04/03 11:33:58 | 000,125,547 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.it-IT.resources
[2012/04/03 11:33:58 | 000,123,228 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.ko-KR.resources
[2012/04/03 11:33:58 | 000,121,165 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.tr-TR.resources
[2012/04/03 11:33:58 | 000,120,781 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.fr-FR.resources
[2012/04/03 11:33:58 | 000,120,360 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.pt-BR.resources
[2012/04/03 11:33:58 | 000,119,581 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.nl-NL.resources
[2012/04/03 11:33:58 | 000,119,341 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.sv-SE.resources
[2012/04/03 11:33:58 | 000,119,058 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.pt-PT.resources
[2012/04/03 11:33:58 | 000,118,409 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.pl-PL.resources
[2012/04/03 11:33:58 | 000,110,205 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.en-US.resources
[2012/04/03 11:33:57 | 000,122,923 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.es-ES.resources
[2012/04/03 11:33:57 | 000,122,700 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.de-DE.resources
[2012/04/03 11:33:57 | 000,119,598 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.hu-HU.resources
[2012/04/03 11:33:57 | 000,118,754 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.cs-CZ.resources
[2012/04/03 11:33:57 | 000,114,833 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.nb-NO.resources
[2012/04/03 11:33:57 | 000,114,242 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.da-DK.resources
[2012/04/03 11:33:57 | 000,104,033 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.zh-TW.resources
[2012/04/03 11:33:57 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2012/03/30 16:59:27 | 000,000,031 | ---- | C] () -- C:\tmuninst.ini
[2012/03/30 12:09:37 | 000,056,624 | ---- | C] () -- C:\WINDOWS\cscmondump.bin
[2012/03/30 10:47:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/03/30 10:47:22 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/29 09:06:43 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
[2012/03/28 10:18:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/27 12:58:10 | 000,027,648 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2012/03/27 12:58:10 | 000,003,072 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2012/03/26 08:43:08 | 000,001,845 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
[2012/03/26 08:43:08 | 000,001,184 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Calendar.lnk
[2012/03/22 12:37:57 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-HELPDESK-MistaHigh.job
[2012/03/22 12:27:16 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2012/03/22 12:26:08 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS6.lnk
[2012/03/22 12:24:39 | 000,001,000 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2012/03/22 12:24:30 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012/03/21 16:25:36 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\-1
[2012/03/21 15:31:29 | 000,001,545 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Fiddler2.lnk
[2012/02/29 13:03:26 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2012/02/15 19:42:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/06 12:33:08 | 000,001,901 | ---- | C] () -- C:\WINDOWS\panose.bin
[2011/12/12 14:10:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2011/12/12 14:08:22 | 000,042,483 | ---- | C] () -- C:\WINDOWS\Icccodes.dat
[2011/12/12 14:08:22 | 000,039,095 | ---- | C] () -- C:\WINDOWS\Iccsigs.dat
[2011/12/12 14:08:22 | 000,000,156 | ---- | C] () -- C:\WINDOWS\Kpcms.ini
[2011/12/12 14:07:52 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2011/10/18 15:51:04 | 000,160,208 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/08/03 16:02:36 | 000,093,184 | ---- | C] () -- C:\Documents and Settings\MistaHigh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/03 03:36:41 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4969.dll
[2011/08/03 03:36:40 | 000,982,240 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2011/08/03 03:36:40 | 000,439,308 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2011/08/03 03:36:06 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/08/03 03:32:46 | 000,034,024 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2011/08/03 03:31:52 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2011/08/03 03:31:44 | 000,013,270 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011/08/03 03:31:43 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011/08/03 03:23:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/08/03 03:19:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/08/02 22:42:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/08/02 22:40:46 | 003,612,040 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/10 00:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini

========== LOP Check ==========

[2012/04/04 14:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/04/03 10:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QFX Software
[2012/03/22 12:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/09/29 14:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2012/04/17 12:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MistaHigh\Application Data\Dropbox
[2012/04/03 16:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MistaHigh\Application Data\FixZeroAccess
[2012/02/29 13:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MistaHigh\Application Data\Foxit Software
[2012/04/10 11:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MistaHigh\Application Data\gtk-2.0
[2012/02/21 18:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MistaHigh\Application Data\ImgBurn
[2011/12/12 14:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MistaHigh\Application Data\InterTrust
[2012/03/22 12:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MistaHigh\Application Data\PDAppFlex
[2012/02/29 13:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MistaHigh\Application Data\PrimoPDF
[2012/04/03 10:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MistaHigh\Application Data\QFX Software
[2011/09/29 14:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MistaHigh\Application Data\Research In Motion
[2011/10/25 17:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MistaHigh\Application Data\SupportSoft
[2011/09/29 14:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MistaHigh\Application Data\Teleca
[2012/02/24 12:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MistaHigh\Application Data\webex

========== Purity Check ==========



< End of report >

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:42 PM

Posted 18 April 2012 - 08:54 AM

Hosts file not found


Run OTL - Double-click OTL.exe Posted Image to start it.

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - (vds) -- %systemroot%\system32\nwlnkfwd.dll File not found
    SRV - (usb_rndisx) -- %systemroot%\system32\w200mgmt.dll File not found
    SRV - (stac97) -- %systemroot%\system32\fsssvc.dll File not found
    SRV - (sprtsvc_ddoctorv2) -- %systemroot%\system32\rt2500.dll File not found
    SRV - (snapman380) -- %systemroot%\system32\dtscsi.dll File not found
    SRV - (serialkeys) -- %systemroot%\system32\usrbridg.dll File not found
    SRV - (portio) -- %systemroot%\system32\dm1service.dll File not found
    SRV - (PolarUSB) -- %systemroot%\system32\slabser.dll File not found
    SRV - (emAudio) -- %systemroot%\system32\maxbackserviceint.dll File not found
    SRV - (dtscsi) -- %systemroot%\system32\vnxservice.dll File not found
    SRV - (BLRQLV) -- C:\DOCUME~1\MISTAH~1\LOCALS~1\Temp\BLRQLV.exe File not found
    SRV - (apphostsvc) -- %systemroot%\system32\hpci.dll File not found
    DRV - (WDICA) -- File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (MEMSWEEP2) -- C:\WINDOWS\system32\1F.tmp File not found
    DRV - (mbr) -- C:\DOCUME~1\MISTAH~1\LOCALS~1\Temp\mbr.sys File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (i2omgmt) -- File not found
    DRV - (Changer) -- File not found
    
    :commands
    [RESETHOSTS] 
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Any sites can be compromised.
Make sure that you really need these sites in your Trusted List.

O15 - HKCU\..Trusted Domains: adpcrm.net ([woodall] * in Trusted sites)
O15 - HKCU\..Trusted Domains: adpremotesupport.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: bzbuzztrak.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Trusted sites)

If any of these sites get compromised everything you download from them will be accepted. Be good or infected.

Please post the OTL log and let me know if the problem persists.

#8 zohan

zohan
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 19 April 2012 - 09:00 AM

Ok, Here it is. Thanks for helping me with this!

OTL logfile created on: 4/19/2012 8:45:05 AM - Run 5
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\MistaHigh\Desktop\12345
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.22 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 77.54% Memory free
5.06 Gb Paging File | 4.47 Gb Available in Paging File | 88.44% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 372.56 Gb Free Space | 79.99% Space Free | Partition Type: NTFS

Computer Name: HELPDESK | User Name: MistaHigh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Comodo\Dragon\dragon_updater.exe ()
PRC - C:\Documents and Settings\MistaHigh\Desktop\12345\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Spiceworks\httpd\bin\spiceworks-httpd.exe (Apache Software Foundation)
PRC - C:\Program Files\Spiceworks\bin\spiceworks.exe (Spiceworks, Inc.)
PRC - C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Client Server Security Agent\Misc\xpupg.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Client Server Security Agent\PccNTUpd.exe (Trend Micro Inc.)
PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Comodo\Dragon\dragon_updater.exe ()
MOD - C:\WINDOWS\system32\Primomonnt.dll ()
MOD - C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll ()
MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll ()


========== Win32 Services (SafeList) ==========

SRV - (DragonUpdater) -- C:\Program Files\Comodo\Dragon\dragon_updater.exe ()
SRV - (spiceworks) -- C:\Program Files\Spiceworks\bin\spiceworks.exe (Spiceworks, Inc.)
SRV - (svcGenericHost) -- C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe (Trend Micro Inc.)
SRV - (ntrtscan) -- C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe (Trend Micro Inc.)
SRV - (tmlisten) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe (Trend Micro Inc.)
SRV - (TmProxy) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe (Trend Micro Inc.)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (SupportSoft RemoteAssist) -- C:\WINDOWS\Downloaded Program Files\ssrc.exe ()


========== Driver Services (SafeList) ==========

DRV - (VBoxNetFlt) -- system32\DRIVERS\VBoxNetFlt.sys File not found
DRV - (lmimirr) -- system32\DRIVERS\lmimirr.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (VBoxNetAdp) -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV - (NBVol) -- C:\WINDOWS\system32\drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- C:\WINDOWS\system32\drivers\NBVolUp.sys (Nero AG)
DRV - (tmactmon) -- C:\WINDOWS\system32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmevtmgr) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (TmFilter) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys (Trend Micro Inc.)
DRV - (TmPreFilter) -- C:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys (Trend Micro Inc.)
DRV - (VSApiNt) -- C:\Program Files\Trend Micro\Client Server Security Agent\vsapiNT.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (HTCAND32) -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (HECI) Intel® -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (e1kexpress) Intel® -- C:\WINDOWS\system32\drivers\e1k5132.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 83 08 F9 D5 E5 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=IMB&o=15781&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=HP&apn_dtid=YYYYYYCLUS&apn_uid=0536584C-81D1-4357-A242-B3FF841B2F26&apn_sauid=EED4280D-E059-4F2F-8B7C-57E2B020E527
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\MistaHigh\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\MistaHigh\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\MistaHigh\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\MistaHigh\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\Client Server Security Agent\bho\1040\FirefoxExtension [2012/03/30 16:58:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files\Fiddler2\FiddlerHook [2012/03/21 15:31:29 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/04/19 08:44:48 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1040\TmIEPlg.dll (Trend Micro Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
O4 - Startup: C:\Documents and Settings\MistaHigh\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\MistaHigh\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O15 - HKCU\..Trusted Domains: adpcrm.net ([woodall] * in Trusted sites)
O15 - HKCU\..Trusted Domains: adpremotesupport.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: bzbuzztrak.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Trusted sites)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} http://dsra1he.ds.adp.com/sdccommon/download/tgctlsi.cab (SupportSoft SmartIssue)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://dsra1he.ds.adp.com/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {01118F00-3E00-11D2-8470-0060089874ED} http://dsra1he.ds.adp.com/sdccommon/download/ssrc.cab (SupportSoft RemoteControl Class)
O16 - DPF: {01119400-3E00-11D2-8470-0060089874ED} http://dsra1he.ds.adp.com/sdccommon/download/sprtctlln.cab (SupportSoft Listener Control)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} http://woodall.adpcrm.net/Report/cr/activexviewer92.cab (Crystal Report Viewer Control 9)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP31-13320/event/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4E41797-AF70-44FD-B760-333F2806F0E9}: NameServer = 68.87.71.226,68.87.73.242
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1040\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\MistaHigh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\MistaHigh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/03 03:21:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/19 08:44:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/18 10:49:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/08 03:38:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MistaHigh\Application Data\Mozilla
[2012/04/04 12:32:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/04 12:32:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/04 12:32:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/04 12:32:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/03 17:05:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/03 17:05:19 | 004,465,211 | R--- | C] (Swearware) -- C:\Documents and Settings\MistaHigh\Desktop\ComboFix.exe
[2012/04/03 16:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MistaHigh\Application Data\FixZeroAccess
[2012/04/03 14:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MistaHigh\Local Settings\Application Data\Nero
[2012/04/03 14:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MistaHigh\My Documents\NeroVideo
[2012/04/03 14:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MistaHigh\Application Data\Nero
[2012/04/03 14:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2012/04/03 14:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero
[2012/04/03 14:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2012/04/03 14:39:31 | 000,012,464 | ---- | C] (Nero AG) -- C:\WINDOWS\System32\drivers\NBVolUp.sys
[2012/04/03 14:39:29 | 000,056,496 | ---- | C] (Nero AG) -- C:\WINDOWS\System32\drivers\NBVol.sys
[2012/04/03 14:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2012/04/03 14:35:46 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2012/04/03 14:35:46 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2012/04/03 14:35:46 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2012/04/03 14:35:45 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2012/04/03 14:35:45 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2012/04/03 14:35:41 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2012/04/03 14:35:37 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2012/04/03 14:35:32 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2012/04/03 14:35:27 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2012/04/03 14:35:23 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2012/04/03 14:35:18 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2012/04/03 14:35:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2012/04/03 13:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/04/03 13:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2012/04/03 11:33:59 | 003,140,608 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\GfxUI.exe
[2012/04/03 11:33:59 | 000,121,344 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\gfxSrvc.dll
[2012/04/03 11:33:58 | 000,086,528 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxresn.lrc
[2012/04/03 11:33:58 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxCoIn_v5402.dll
[2012/04/03 10:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MistaHigh\Application Data\QFX Software
[2012/04/03 10:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QFX Software
[2012/04/03 10:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2012/04/02 16:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/02 11:58:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MistaHigh\Application Data\SUPERAntiSpyware.com
[2012/04/02 11:58:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/04/02 11:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/30 16:59:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trend Micro Client-Server Security Agent
[2012/03/30 16:59:10 | 000,165,136 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012/03/30 16:59:10 | 000,062,224 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2012/03/30 16:59:10 | 000,054,544 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2012/03/30 16:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/03/30 16:20:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/03/30 12:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MistaHigh\Application Data\Malwarebytes
[2012/03/30 12:17:50 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/30 12:17:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/30 12:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/30 10:47:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/30 10:45:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/30 10:45:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MistaHigh\Start Menu\Programs\Administrative Tools
[2012/03/30 10:32:49 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/30 09:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MistaHigh\Desktop\12345
[2012/03/28 11:07:09 | 000,000,000 | ---D | C] -- C:\9b997376e132fa86e6aff614
[2012/03/28 10:17:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/03/28 10:17:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/03/27 12:40:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MistaHigh\My Documents\My Print Creations
[2012/03/27 12:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MistaHigh\Local Settings\Application Data\ArcSoft
[2012/03/27 12:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MistaHigh\Application Data\ArcSoft
[2012/03/27 12:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Print Creations
[2012/03/27 12:40:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2012/03/27 12:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2012/03/27 12:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2012/03/27 12:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2012/03/27 12:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2012/03/26 08:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Calendar Sync
[2012/03/26 08:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/03/22 12:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MistaHigh\Application Data\PDAppFlex
[2012/03/22 12:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/03/21 15:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MistaHigh\My Documents\Fiddler2
[2012/03/21 15:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\Fiddler2
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/19 08:44:48 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/04/19 08:38:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1229272821-1417001333-1003UA.job
[2012/04/19 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-HELPDESK-MistaHigh.job
[2012/04/19 01:38:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1229272821-1417001333-1003Core.job
[2012/04/18 10:59:15 | 000,009,243 | ---- | M] () -- C:\Documents and Settings\MistaHigh\.recently-used.xbel
[2012/04/17 12:49:11 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2012/04/17 12:26:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/17 12:24:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/17 11:41:02 | 000,142,285 | ---- | M] () -- C:\Documents and Settings\MistaHigh\Desktop\screen.JPG
[2012/04/17 11:37:53 | 004,465,211 | R--- | M] (Swearware) -- C:\Documents and Settings\MistaHigh\Desktop\ComboFix.exe
[2012/04/17 11:37:41 | 000,487,884 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/17 11:37:41 | 000,080,962 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/13 13:50:12 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
[2012/04/11 16:15:12 | 000,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/05 10:53:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\MistaHigh\defogger_reenable
[2012/04/03 14:47:42 | 000,001,998 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero 11.lnk
[2012/04/03 09:53:03 | 003,612,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/30 16:42:10 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\MistaHigh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/30 12:09:37 | 000,056,624 | ---- | M] () -- C:\WINDOWS\cscmondump.bin
[2012/03/30 10:47:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/03/29 14:10:18 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/27 12:58:10 | 000,027,648 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2012/03/27 12:58:04 | 000,003,072 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2012/03/26 08:43:08 | 000,001,845 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
[2012/03/26 08:43:08 | 000,001,184 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Calendar.lnk
[2012/03/21 16:25:36 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/18 10:59:15 | 000,009,243 | ---- | C] () -- C:\Documents and Settings\MistaHigh\.recently-used.xbel
[2012/04/17 11:41:02 | 000,142,285 | ---- | C] () -- C:\Documents and Settings\MistaHigh\Desktop\screen.JPG
[2012/04/05 10:53:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\MistaHigh\defogger_reenable
[2012/04/04 12:32:26 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/04 12:32:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/04 12:32:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/04 12:32:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/04 12:32:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/03 14:47:42 | 000,001,998 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero 11.lnk
[2012/04/03 11:33:59 | 001,674,683 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2012/04/03 11:33:59 | 000,178,400 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.el-GR.resources
[2012/04/03 11:33:59 | 000,165,374 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.ru-RU.resources
[2012/04/03 11:33:59 | 000,139,901 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.ar-SA.resources
[2012/04/03 11:33:59 | 000,133,738 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.he-IL.resources
[2012/04/03 11:33:59 | 000,118,677 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.fi-FI.resources
[2012/04/03 11:33:59 | 000,118,049 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.sk-SK.resources
[2012/04/03 11:33:59 | 000,114,354 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.sl-SI.resources
[2012/04/03 11:33:59 | 000,102,872 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.zh-CN.resources
[2012/04/03 11:33:59 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2012/04/03 11:33:59 | 000,001,023 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
[2012/04/03 11:33:58 | 000,189,534 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.th-TH.resources
[2012/04/03 11:33:58 | 000,136,402 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.ja-JP.resources
[2012/04/03 11:33:58 | 000,125,547 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.it-IT.resources
[2012/04/03 11:33:58 | 000,123,228 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.ko-KR.resources
[2012/04/03 11:33:58 | 000,121,165 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.tr-TR.resources
[2012/04/03 11:33:58 | 000,120,781 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.fr-FR.resources
[2012/04/03 11:33:58 | 000,120,360 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.pt-BR.resources
[2012/04/03 11:33:58 | 000,119,581 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.nl-NL.resources
[2012/04/03 11:33:58 | 000,119,341 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.sv-SE.resources
[2012/04/03 11:33:58 | 000,119,058 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.pt-PT.resources
[2012/04/03 11:33:58 | 000,118,409 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.pl-PL.resources
[2012/04/03 11:33:58 | 000,110,205 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.en-US.resources
[2012/04/03 11:33:57 | 000,122,923 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.es-ES.resources
[2012/04/03 11:33:57 | 000,122,700 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.de-DE.resources
[2012/04/03 11:33:57 | 000,119,598 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.hu-HU.resources
[2012/04/03 11:33:57 | 000,118,754 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.cs-CZ.resources
[2012/04/03 11:33:57 | 000,114,833 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.nb-NO.resources
[2012/04/03 11:33:57 | 000,114,242 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.da-DK.resources
[2012/04/03 11:33:57 | 000,104,033 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.zh-TW.resources
[2012/04/03 11:33:57 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2012/03/30 16:59:27 | 000,000,031 | ---- | C] () -- C:\tmuninst.ini
[2012/03/30 12:09:37 | 000,056,624 | ---- | C] () -- C:\WINDOWS\cscmondump.bin
[2012/03/30 10:47:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/03/30 10:47:22 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/29 09:06:43 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
[2012/03/28 10:18:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/27 12:58:10 | 000,027,648 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2012/03/27 12:58:10 | 000,003,072 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2012/03/26 08:43:08 | 000,001,845 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
[2012/03/26 08:43:08 | 000,001,184 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Calendar.lnk
[2012/03/22 12:37:57 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-HELPDESK-MistaHigh.job
[2012/03/22 12:27:16 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2012/03/22 12:26:08 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS6.lnk
[2012/03/22 12:24:39 | 000,001,000 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2012/03/22 12:24:30 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012/03/21 16:25:36 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\-1
[2012/03/21 15:31:29 | 000,001,545 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Fiddler2.lnk
[2012/02/29 13:03:26 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2012/02/15 19:42:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/06 12:33:08 | 000,001,901 | ---- | C] () -- C:\WINDOWS\panose.bin
[2011/12/12 14:10:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2011/12/12 14:08:22 | 000,042,483 | ---- | C] () -- C:\WINDOWS\Icccodes.dat
[2011/12/12 14:08:22 | 000,039,095 | ---- | C] () -- C:\WINDOWS\Iccsigs.dat
[2011/12/12 14:08:22 | 000,000,156 | ---- | C] () -- C:\WINDOWS\Kpcms.ini
[2011/12/12 14:07:52 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2011/10/18 15:51:04 | 000,160,208 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/08/03 16:02:36 | 000,093,184 | ---- | C] () -- C:\Documents and Settings\MistaHigh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/03 03:36:41 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4969.dll
[2011/08/03 03:36:40 | 000,982,240 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2011/08/03 03:36:40 | 000,439,308 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2011/08/03 03:36:06 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/08/03 03:32:46 | 000,034,024 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2011/08/03 03:31:52 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2011/08/03 03:31:44 | 000,013,270 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011/08/03 03:31:43 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011/08/03 03:23:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/08/03 03:19:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/08/02 22:42:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/08/02 22:40:46 | 003,612,040 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/10 00:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini

< End of report >

Oh, and those trusted sites are needed for work. They do not work correctly if not in my trusted sites.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:42 PM

Posted 19 April 2012 - 01:09 PM

Looking good.

Are you still being prompted about the zeroAccess message?

#10 zohan

zohan
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 23 April 2012 - 02:07 PM

I only get that when I run Combofix. Should I run combofix again and see?

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:42 PM

Posted 24 April 2012 - 09:55 AM

Yes please run ComboFix again. You may be asked to update the program please do so.

Post the log and the complete error message. That may help.

#12 zohan

zohan
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 25 April 2012 - 09:16 AM

Ok, So I ran it again and here is what happens.

A Blue screen comes up and says
__________

Scanning for infected files...
This typically doesn't take more than 10 minutes
However, scan times for badly infected machines can easily double

Then on top of that, another message box pops up after about a minute that says.

You are infected with RootkitZeroAccess!It has inserted itself into the tcp/ip stack. This is particularly difficult infection.

If for any reason that you are unable to connect to the internet after running combofix, reboot once and see if that fixes it.

If it's not fixed, run combofix one more time.

__________

So, then it reboots, and comes back up to the combofix screen as it continues. It reboots again when done and gives me the log. Here is the log.

ComboFix 12-04-24.02 - MistaHigh 04/24/2012 15:26:50.13.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3293.2750 [GMT -4:00]
Running from: c:\documents and settings\MistaHigh\Desktop\ComboFix.exe
AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Outdated* {EABF038F-AF98-4D2A-9A8B-CC58C0370865}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET1BD.tmp
c:\windows\system32\SET1BE.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-24 to 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-24 19:23 . 2012-04-24 19:23 -------- d-----w- c:\documents and settings\MistaHigh\Application Data\Apple Computer
2012-04-21 21:59 . 2012-04-21 21:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2012-04-20 21:08 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2012-04-20 20:59 . 2012-04-20 20:59 -------- d-----w- c:\program files\Windows Media Connect 2
2012-04-20 20:58 . 2012-04-20 20:59 -------- d-----w- c:\windows\system32\drivers\UMDF
2012-04-20 20:58 . 2012-04-20 20:58 -------- d-----w- c:\windows\system32\LogFiles
2012-04-20 20:21 . 2012-04-20 20:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-04-20 20:21 . 2012-04-20 20:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-04-20 20:21 . 2012-04-20 20:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-04-20 20:21 . 2012-04-20 20:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-04-20 20:21 . 2012-04-20 20:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-04-20 20:21 . 2012-04-20 20:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-04-20 20:21 . 2012-04-20 20:21 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-04-20 20:21 . 2012-04-20 20:21 -------- d-----w- c:\program files\QuickTime
2012-04-20 20:21 . 2012-04-20 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2012-04-20 20:20 . 2012-04-20 20:20 -------- d-----w- c:\program files\Common Files\Apple
2012-04-20 20:20 . 2012-04-20 20:20 -------- d-----w- c:\documents and settings\MistaHigh\Local Settings\Application Data\Apple
2012-04-20 20:20 . 2012-04-20 20:20 -------- d-----w- c:\program files\Apple Software Update
2012-04-20 20:20 . 2012-04-20 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2012-04-20 20:20 . 2012-04-20 20:20 -------- d-----w- c:\documents and settings\MistaHigh\Local Settings\Application Data\Apple Computer
2012-04-20 20:16 . 2012-04-20 20:17 -------- d-----w- c:\documents and settings\MistaHigh\Application Data\vlc
2012-04-20 20:15 . 2012-04-20 20:15 -------- d-----w- c:\program files\VideoLAN
2012-04-20 20:02 . 2012-04-20 20:02 -------- d-----w- c:\documents and settings\MistaHigh\Application Data\DDMSettings
2012-04-20 20:01 . 2012-04-20 20:01 -------- d-----w- c:\documents and settings\MistaHigh\Application Data\DivX
2012-04-20 19:59 . 2012-04-20 20:01 -------- d-----w- c:\program files\DivX
2012-04-20 19:53 . 2012-04-20 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2012-04-19 12:44 . 2012-04-19 12:44 -------- d-----w- C:\_OTL
2012-04-03 20:57 . 2012-04-03 20:57 -------- d-----w- c:\documents and settings\MistaHigh\Application Data\FixZeroAccess
2012-04-03 18:56 . 2012-04-03 18:56 -------- d-----w- c:\documents and settings\MistaHigh\Local Settings\Application Data\Nero
2012-04-03 18:55 . 2012-04-03 18:55 -------- d-----w- c:\documents and settings\MistaHigh\Application Data\Nero
2012-04-03 18:45 . 2012-04-03 18:49 -------- d-----w- c:\program files\Common Files\Nero
2012-04-03 18:44 . 2012-04-03 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2012-04-03 18:39 . 2011-12-01 15:40 12464 ----a-w- c:\windows\system32\drivers\NBVolUp.sys
2012-04-03 18:39 . 2011-12-01 15:40 56496 ----a-w- c:\windows\system32\drivers\NBVol.sys
2012-04-03 18:39 . 2012-04-03 18:53 -------- d-----w- c:\program files\Nero
2012-04-03 17:33 . 2012-04-03 17:33 -------- d-----w- c:\program files\Sophos
2012-04-03 15:33 . 2012-02-23 16:38 3140608 ----a-w- c:\windows\system32\GfxUI.exe
2012-04-03 15:33 . 2012-02-23 16:37 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-04-03 15:33 . 2012-02-23 16:37 121344 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-04-03 15:33 . 2012-02-23 17:01 81920 ----a-w- c:\windows\system32\igfxCoIn_v5402.dll
2012-04-03 15:33 . 2012-02-23 16:38 86528 ----a-w- c:\windows\system32\igfxresn.lrc
2012-04-03 14:43 . 2012-04-03 14:43 -------- d-----w- c:\documents and settings\MistaHigh\Application Data\QFX Software
2012-04-03 14:43 . 2012-04-03 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\QFX Software
2012-04-03 14:39 . 2012-04-06 15:35 -------- d-----w- c:\program files\KeyScrambler
2012-04-02 20:22 . 2012-04-02 20:22 -------- d-----w- c:\program files\ESET
2012-04-02 15:58 . 2012-04-02 15:58 -------- d-----w- c:\documents and settings\MistaHigh\Application Data\SUPERAntiSpyware.com
2012-04-02 15:58 . 2012-04-02 15:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-02 15:58 . 2012-04-02 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-03-30 20:59 . 2011-10-03 21:05 62224 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-03-30 20:59 . 2011-10-03 21:05 54544 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-03-30 20:59 . 2011-10-03 21:05 165136 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-03-30 20:58 . 2012-03-30 20:59 -------- d-----w- c:\program files\Trend Micro
2012-03-30 20:21 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-03-30 20:20 . 2012-03-30 20:21 -------- dc-h--w- c:\windows\ie8
2012-03-30 16:17 . 2012-03-30 16:17 -------- d-----w- c:\documents and settings\MistaHigh\Application Data\Malwarebytes
2012-03-30 16:17 . 2012-03-30 16:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-30 16:17 . 2012-03-30 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-30 16:17 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 16:09 . 2012-03-30 16:09 56624 ----a-w- c:\windows\cscmondump.bin
2012-03-30 14:32 . 2012-03-30 14:32 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-28 15:07 . 2012-03-28 15:07 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-28 15:07 . 2012-03-28 15:07 -------- d-----w- C:\9b997376e132fa86e6aff614
2012-03-28 14:18 . 2012-03-28 14:18 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-03-27 16:40 . 2012-03-27 16:40 -------- d-----w- c:\documents and settings\MistaHigh\Local Settings\Application Data\ArcSoft
2012-03-27 16:40 . 2012-03-28 15:06 -------- d-----w- c:\documents and settings\MistaHigh\Application Data\ArcSoft
2012-03-27 16:40 . 2012-03-28 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2012-03-27 16:39 . 2012-03-28 15:06 -------- d-----w- c:\program files\Common Files\ArcSoft
2012-03-27 16:39 . 2012-03-27 16:39 -------- d-----w- c:\program files\ArcSoft
2012-03-27 16:35 . 2012-03-27 16:39 -------- d-----w- c:\program files\Kodak
2012-03-27 16:32 . 2012-03-27 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2012-03-26 12:43 . 2012-03-26 12:43 -------- d-----w- c:\program files\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-30 14:34 . 2008-04-14 12:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-03-09 18:55 . 2011-08-05 14:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-02-28 06:10 . 2012-02-28 06:10 947472 ----a-w- c:\windows\system32\msjava.dll
2012-02-23 16:56 . 2011-08-03 07:36 4126720 ----a-w- c:\windows\system32\igxpdx32.dll
2012-02-23 16:56 . 2011-08-03 07:36 3486048 ----a-w- c:\windows\system32\igxpdv32.dll
2012-02-23 16:56 . 2011-08-03 07:36 2019232 ----a-w- c:\windows\system32\drivers\igxpmp32.sys
2012-02-23 16:56 . 2011-08-03 07:36 58368 ----a-w- c:\windows\system32\igxprd32.dll
2012-02-23 16:56 . 2011-08-03 07:36 183296 ----a-w- c:\windows\system32\igxpgd32.dll
2012-02-23 16:45 . 2011-08-03 07:36 11346432 ----a-w- c:\windows\system32\ig4icd32.dll
2012-02-23 16:38 . 2011-08-03 07:36 86016 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-02-23 16:38 . 2011-08-03 07:36 86016 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-02-23 16:38 . 2011-08-03 07:36 86016 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-02-23 16:38 . 2011-08-03 07:36 85504 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-02-23 16:38 . 2011-08-03 07:36 85504 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-02-23 16:38 . 2011-08-03 07:36 85504 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-02-23 16:38 . 2011-08-03 07:36 85504 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-02-23 16:38 . 2011-08-03 07:36 84992 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-02-23 16:38 . 2011-08-03 07:36 86528 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-02-23 16:38 . 2011-08-03 07:36 86528 ----a-w- c:\windows\system32\igfxrell.lrc
2012-02-23 16:38 . 2011-08-03 07:36 86016 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-02-23 16:38 . 2011-08-03 07:36 86016 ----a-w- c:\windows\system32\igfxrita.lrc
2012-02-23 16:38 . 2011-08-03 07:36 86016 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-02-23 16:38 . 2011-08-03 07:36 85504 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-02-23 16:38 . 2011-08-03 07:36 85504 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-02-23 16:38 . 2011-08-03 07:36 84480 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-02-23 16:38 . 2011-08-03 07:36 82944 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-02-23 16:38 . 2011-08-03 07:36 82944 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-02-23 16:38 . 2011-08-03 07:36 86016 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-02-23 16:38 . 2011-08-03 07:36 85504 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-02-23 16:38 . 2011-08-03 07:36 85504 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-02-23 16:38 . 2011-08-03 07:36 84992 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-02-23 16:38 . 2011-08-03 07:36 84480 ----a-w- c:\windows\system32\igfxrara.lrc
2012-02-23 16:38 . 2011-08-03 07:36 81920 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-02-23 16:38 . 2011-08-03 07:36 81920 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-02-23 16:38 . 2011-08-03 07:36 129536 ----a-w- c:\windows\system32\igfxtray.exe
2012-02-23 16:38 . 2011-08-03 07:36 194048 ----a-w- c:\windows\system32\igfxpph.dll
2012-02-23 16:38 . 2011-08-03 07:36 115200 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-02-23 16:38 . 2011-08-03 07:36 164352 ----a-w- c:\windows\system32\hkcmd.exe
2012-02-23 16:38 . 2011-08-03 07:36 23552 ----a-w- c:\windows\system32\igfxexps.dll
2012-02-23 16:38 . 2011-08-03 07:36 172032 ----a-w- c:\windows\system32\igfxext.exe
2012-02-23 16:38 . 2011-08-03 07:36 140800 ----a-w- c:\windows\system32\igfxpers.exe
2012-02-23 16:38 . 2011-08-03 07:36 130048 ----a-w- c:\windows\system32\igfxdo.dll
2012-02-23 16:38 . 2011-08-03 07:36 57344 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-02-23 16:38 . 2011-08-03 07:36 258048 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-02-23 16:38 . 2011-08-03 07:36 95232 ----a-w- c:\windows\system32\hccutils.dll
2012-02-23 16:37 . 2011-08-03 07:36 85504 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-02-23 16:37 . 2011-08-03 07:36 828928 ----a-w- c:\windows\system32\igfxress.dll
2012-02-23 16:37 . 2011-08-03 07:36 214528 ----a-w- c:\windows\system32\igfxdev.dll
2012-02-03 09:22 . 2008-04-14 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-17_16.36.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-24 19:24 . 2012-04-24 19:24 16384 c:\windows\Temp\Perflib_Perfdata_79c.dat
+ 2012-04-24 19:24 . 2012-04-24 19:24 16384 c:\windows\Temp\Perflib_Perfdata_740.dat
- 2012-04-17 16:24 . 2012-04-17 16:24 16384 c:\windows\Temp\Perflib_Perfdata_740.dat
+ 2006-09-28 22:56 . 2006-09-28 22:56 55808 c:\windows\system32\WudfSvc.dll
+ 2006-09-29 00:13 . 2006-09-29 00:13 95344 c:\windows\system32\WUDFCoinstaller.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 38400 c:\windows\system32\wpdshextres.dll
+ 2006-10-19 00:00 . 2006-10-19 00:00 17408 c:\windows\system32\wpdshextautoplay.exe
+ 2006-10-19 01:47 . 2006-10-19 01:47 63488 c:\windows\system32\wpdmtpus.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 35840 c:\windows\system32\wpdconns.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 99840 c:\windows\system32\wmpshell.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 37376 c:\windows\system32\wmdmps.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 33792 c:\windows\system32\wmdmlog.dll
+ 2012-04-20 21:00 . 2007-07-28 03:11 16760 c:\windows\system32\spmsg.dll
+ 2012-04-20 20:00 . 2011-11-29 02:28 68592 c:\windows\system32\pxinsa64.exe
+ 2012-04-20 20:00 . 2011-11-29 02:28 72176 c:\windows\system32\pxhpinst.exe
+ 2012-04-20 20:00 . 2011-11-29 02:28 68080 c:\windows\system32\pxcpya64.exe
+ 2008-04-14 12:00 . 2006-10-19 01:47 27136 c:\windows\system32\mspmsnsv.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 11264 c:\windows\system32\LAPRXY.dll
+ 2006-09-28 23:00 . 2006-09-28 23:00 82944 c:\windows\system32\drivers\WudfRd.sys
+ 2006-09-28 22:55 . 2006-09-28 22:55 77568 c:\windows\system32\drivers\WudfPf.sys
+ 2006-10-19 00:00 . 2006-10-19 00:00 38528 c:\windows\system32\drivers\wpdusb.sys
+ 2012-04-20 20:00 . 2011-11-29 02:28 45648 c:\windows\system32\drivers\PxHelp20.sys
+ 2011-10-20 23:26 . 2011-10-20 23:26 94208 c:\windows\system32\dpl100.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 99840 c:\windows\system32\dllcache\wmpshell.dll
+ 2011-08-03 07:20 . 2006-10-19 01:46 64000 c:\windows\system32\dllcache\wmplayer.exe
+ 2011-08-03 07:20 . 2006-10-19 01:47 96256 c:\windows\system32\dllcache\wmpband.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 37376 c:\windows\system32\dllcache\wmdmps.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 33792 c:\windows\system32\dllcache\wmdmlog.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 27136 c:\windows\system32\dllcache\mspmsnsv.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 11264 c:\windows\system32\dllcache\LAPRXY.dll
+ 2012-04-20 20:20 . 2012-04-20 20:20 27136 c:\windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
+ 2008-04-14 12:00 . 2006-10-19 01:47 4096 c:\windows\system32\wmvdmoe2.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 4096 c:\windows\system32\wmvdmod.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 4096 c:\windows\system32\WMVADVE.DLL
+ 2004-08-11 05:45 . 2006-10-19 01:47 4096 c:\windows\system32\WMVADVD.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 4096 c:\windows\system32\wmsdmoe2.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 4096 c:\windows\system32\wmsdmod.dll
+ 2006-10-19 01:58 . 2006-10-19 01:58 8704 c:\windows\system32\wdfmgr.exe
+ 2006-10-19 01:47 . 2006-10-19 01:47 4096 c:\windows\system32\wdfapi.dll
+ 2006-10-19 01:58 . 2006-10-19 01:58 8704 c:\windows\system32\uwdf.exe
+ 2008-04-14 12:00 . 2006-10-19 01:47 4096 c:\windows\system32\MPG4DMOD.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 4096 c:\windows\system32\MP4SDMOD.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 4096 c:\windows\system32\MP43DMOD.dll
+ 2012-04-20 20:00 . 2011-11-29 02:28 9200 c:\windows\system32\drivers\cdralw2k.sys
+ 2012-04-20 20:00 . 2011-11-29 02:28 9072 c:\windows\system32\drivers\cdr4_xp.sys
+ 2008-04-14 12:00 . 2006-10-19 01:47 4096 c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 4096 c:\windows\system32\dllcache\wmvdmod.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 4096 c:\windows\system32\dllcache\wmsdmoe2.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 4096 c:\windows\system32\dllcache\wmsdmod.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 4096 c:\windows\system32\dllcache\MPG4DMOD.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 4096 c:\windows\system32\dllcache\MP4SDMOD.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 4096 c:\windows\system32\dllcache\MP43DMOD.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 7168 c:\windows\system32\dllcache\asferror.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 7168 c:\windows\system32\asferror.dll
+ 2006-09-28 22:56 . 2006-09-28 22:56 316416 c:\windows\system32\WUDFx.dll
+ 2006-09-28 22:56 . 2006-09-28 22:56 165376 c:\windows\system32\WudfPlatform.dll
+ 2006-09-28 22:56 . 2006-09-28 22:56 146432 c:\windows\system32\WudfHost.exe
+ 2006-10-19 01:47 . 2006-10-19 01:47 356352 c:\windows\system32\wpdsp.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 133632 c:\windows\system32\WPDShServiceObj.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 154624 c:\windows\system32\wpdmtp.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 629760 c:\windows\system32\wpd_ci.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 656896 c:\windows\system32\WMVXENCD.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 767488 c:\windows\system32\WMVSENCD.dll
+ 2008-04-14 12:00 . 2009-04-02 03:02 604160 c:\windows\system32\wmspdmod.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 204288 c:\windows\system32\wmpsrcwp.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 130048 c:\windows\system32\wmpps.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 613376 c:\windows\system32\wmpmde.dll
+ 2006-10-19 01:47 . 2008-06-24 22:12 295936 c:\windows\system32\wmpeffects.dll
+ 2008-04-14 12:00 . 2009-07-14 03:43 286208 c:\windows\system32\wmpdxm.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 242688 c:\windows\system32\wmpasf.dll
+ 2008-04-14 12:00 . 2008-06-18 09:03 938496 c:\windows\system32\WMNetmgr.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 157184 c:\windows\system32\wmidx.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 227328 c:\windows\system32\wmerror.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 535040 c:\windows\system32\wmdrmsdk.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 348672 c:\windows\system32\wmdrmnet.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 429056 c:\windows\system32\wmdrmdev.dll
+ 2008-04-14 12:00 . 2007-10-27 21:40 222720 c:\windows\system32\wmasf.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 757248 c:\windows\system32\WMADMOD.dll
+ 2012-04-20 20:00 . 2011-11-29 02:28 100848 c:\windows\system32\vxblock.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 211456 c:\windows\system32\qasf.dll
+ 2012-04-20 20:00 . 2011-11-29 02:28 440816 c:\windows\system32\pxwave.dll
+ 2012-04-20 20:00 . 2011-11-29 02:28 219632 c:\windows\system32\pxmas.dll
+ 2012-04-20 20:00 . 2011-11-29 02:28 126448 c:\windows\system32\pxinsi64.exe
+ 2012-04-20 20:00 . 2011-11-29 02:28 567792 c:\windows\system32\pxdrv.dll
+ 2012-04-20 20:00 . 2011-11-29 02:28 123888 c:\windows\system32\pxcpyi64.exe
+ 2012-04-20 20:00 . 2011-11-29 02:28 133616 c:\windows\system32\pxafs.dll
+ 2012-04-20 20:00 . 2011-11-29 02:28 698864 c:\windows\system32\px.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 199168 c:\windows\system32\PortableDeviceWMDRM.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 132096 c:\windows\system32\PortableDeviceWiaCompat.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 166912 c:\windows\system32\PortableDeviceTypes.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 101888 c:\windows\system32\PortableDeviceClassExtension.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 284160 c:\windows\system32\PortableDeviceApi.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 321536 c:\windows\system32\mswmdm.dll
+ 2008-04-14 12:00 . 2006-12-04 20:21 414720 c:\windows\system32\msscp.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 175616 c:\windows\system32\mspmsp.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 179712 c:\windows\system32\msnetobj.dll
+ 2006-10-02 19:28 . 2006-10-02 19:28 312128 c:\windows\system32\msdelta.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 259072 c:\windows\system32\MPG4DECD.dll
+ 2006-10-19 01:47 . 2010-03-30 16:24 317440 c:\windows\system32\mp4sdecd.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 259072 c:\windows\system32\MP43DECD.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 212992 c:\windows\system32\MFPLAT.dll
+ 2008-04-14 12:00 . 2008-06-18 05:09 100864 c:\windows\system32\logagent.exe
+ 2008-04-14 12:00 . 2006-10-19 01:47 991744 c:\windows\system32\drmv2clt.dll
+ 2006-10-19 00:00 . 2006-10-19 00:00 249856 c:\windows\system32\drmupgds.exe
+ 2006-10-19 01:47 . 2006-10-19 01:47 671232 c:\windows\system32\drivers\UMDF\wpdmtpdr.dll
+ 2008-04-14 12:00 . 2009-04-02 03:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2008-04-14 12:00 . 2009-07-14 03:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 242688 c:\windows\system32\dllcache\wmpasf.dll
+ 2008-04-14 12:00 . 2008-06-18 09:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 157184 c:\windows\system32\dllcache\wmidx.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 227328 c:\windows\system32\dllcache\wmerror.dll
+ 2008-04-14 12:00 . 2007-10-27 21:40 222720 c:\windows\system32\dllcache\wmasf.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 757248 c:\windows\system32\dllcache\WMADMOD.dll
+ 2008-04-14 12:00 . 2007-06-27 02:10 317440 c:\windows\system32\dllcache\unregmp2.exe
+ 2008-04-14 12:00 . 2006-10-19 01:47 211456 c:\windows\system32\dllcache\qasf.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 321536 c:\windows\system32\dllcache\mswmdm.dll
+ 2008-04-14 12:00 . 2006-12-04 20:21 414720 c:\windows\system32\dllcache\msscp.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 175616 c:\windows\system32\dllcache\mspmsp.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 179712 c:\windows\system32\dllcache\msnetobj.dll
+ 2011-08-03 07:20 . 2006-10-19 01:47 243712 c:\windows\system32\dllcache\mpvis.dll
+ 2010-03-30 16:24 . 2010-03-30 16:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll
+ 2008-04-14 12:00 . 2008-06-18 05:09 100864 c:\windows\system32\dllcache\logagent.exe
+ 2008-04-14 12:00 . 2006-10-19 01:47 991744 c:\windows\system32\dllcache\drmv2clt.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 229376 c:\windows\system32\dllcache\cewmdm.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 542720 c:\windows\system32\dllcache\blackbox.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 843776 c:\windows\system32\divx_xx16.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 839680 c:\windows\system32\divx_xx11.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 856064 c:\windows\system32\divx_xx0c.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 847872 c:\windows\system32\divx_xx0a.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 856064 c:\windows\system32\divx_xx07.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 720384 c:\windows\system32\DivX.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 229376 c:\windows\system32\cewmdm.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 542720 c:\windows\system32\blackbox.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 276992 c:\windows\system32\audiodev.dll
+ 2012-04-20 20:29 . 2004-08-11 05:45 871160 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
+ 2012-04-20 20:29 . 2004-08-11 05:45 531192 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
+ 2012-04-20 20:29 . 2004-08-11 05:45 773368 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
+ 2012-04-20 20:29 . 2004-08-11 05:45 380144 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
+ 2012-04-20 20:29 . 2008-04-14 12:00 809984 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmvdmod.dll
+ 2012-04-20 20:29 . 2009-04-03 16:15 485376 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmspdmod.dll
+ 2012-04-20 20:29 . 2008-04-14 12:00 759296 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmsdmod.dll
+ 2012-04-20 20:29 . 2008-04-14 12:00 408064 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmadmod.dll
+ 2012-04-20 20:00 . 2012-04-20 20:00 178688 c:\windows\Installer\1039c02f.msi
+ 2008-04-14 12:00 . 2007-06-27 02:10 317440 c:\windows\inf\unregmp2.exe
+ 2006-10-19 01:47 . 2006-10-19 01:47 2603008 c:\windows\system32\WpdShext.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 1382912 c:\windows\system32\WMVSDECD.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 1574912 c:\windows\system32\WMVENCOD.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 1543680 c:\windows\system32\WMVDECOD.dll
+ 2008-04-14 12:00 . 2010-04-06 08:52 2462720 c:\windows\system32\WMVCore.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 1329152 c:\windows\system32\WMSPDMOE.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 8231936 c:\windows\system32\wmploc.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 1661440 c:\windows\system32\wmpencen.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 1117696 c:\windows\system32\WMADMOE.dll
+ 2012-04-20 20:00 . 2011-11-29 02:28 2120176 c:\windows\system32\pxsfs.dll
+ 2009-03-11 02:18 . 2009-06-25 17:20 1485176 c:\windows\system32\LegitCheckControl.DLL
+ 2008-04-14 12:00 . 2010-04-06 08:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 1329152 c:\windows\system32\dllcache\WMSPDMOE.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 8231936 c:\windows\system32\dllcache\wmploc.dll
+ 2008-04-14 12:00 . 2006-10-19 01:47 1117696 c:\windows\system32\dllcache\WMADMOE.dll
+ 2011-08-03 07:20 . 2006-11-01 22:31 1669120 c:\windows\system32\dllcache\setup_wm.exe
+ 2012-04-20 20:29 . 2004-08-11 05:45 1181944 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
+ 2012-04-20 20:21 . 2012-04-20 20:21 9474048 c:\windows\Installer\104c09bc.msi
+ 2012-04-20 20:21 . 2012-04-20 20:21 1532928 c:\windows\Installer\104c09b8.msi
+ 2012-04-20 20:20 . 2012-04-20 20:20 1769984 c:\windows\Installer\104c09b3.msi
+ 2008-04-14 12:00 . 2010-08-26 03:36 10841088 c:\windows\system32\wmp.dll
+ 2008-04-14 12:00 . 2010-08-26 03:36 10841088 c:\windows\system32\dllcache\wmp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\MistaHigh\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\MistaHigh\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\MistaHigh\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\MistaHigh\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-02-01 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-02-22 1073312]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2012-01-09 1107472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-23 129536]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-23 164352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-23 140800]
"NBAgent"="c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2012-01-13 1493288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\documents and settings\MistaHigh\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\MistaHigh\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2011-12-12 49254]
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\MistaHigh\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Documents and Settings\\MistaHigh\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"61117:UDP"= 61117:UDP:Trend Micro Client/Server Security Agent Broadcast
"61116:TCP"= 61116:TCP:Trend Micro Client/Server Security Agent Update
"21112:TCP"= 21112:TCP:Trend Micro Client/Server Security Agent Listener
.
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [4/3/2012 2:39 PM 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [4/3/2012 2:39 PM 12464]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [4/13/2012 8:59 AM 409232]
R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [11/25/2011 4:32 PM 687400]
R2 spiceworks;Spiceworks;c:\program files\Spiceworks\bin\spiceworks.exe [2/28/2012 11:29 AM 47672]
R2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2/24/2012 8:01 PM 50704]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [7/12/2011 10:44 AM 262416]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\tmpreflt.sys [7/12/2011 10:43 AM 36624]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [8/3/2011 3:39 AM 144480]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/30/2012 4:59 PM 54544]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [12/22/2011 12:34 PM 689680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [9/29/2011 2:25 PM 24576]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12/19/2011 3:12 PM 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
serialkeys
dtscsi
acrsch2svc
PolarUSB
stac97
snapman380
mediaviewer
s116unic
vds
apphostsvc
emAudio
portio
sprtsvc_ddoctorv2
usb_rndisx
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-24 c:\windows\Tasks\AdobeAAMUpdater-1.0-HELPDESK-MistaHigh.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-03-22 22:59]
.
2012-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1229272821-1417001333-1003Core.job
- c:\documents and settings\MistaHigh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-30 18:23]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1229272821-1417001333-1003UA.job
- c:\documents and settings\MistaHigh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-30 18:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
Trusted Zone: adpcrm.net\woodall
Trusted Zone: adpremotesupport.com
Trusted Zone: bzbuzztrak.com\www
TCP: Interfaces\{B4E41797-AF70-44FD-B760-333F2806F0E9}: NameServer = 68.87.71.226,68.87.73.242
DPF: {01118F00-3E00-11D2-8470-0060089874ED} - hxxp://dsra1he.ds.adp.com/sdccommon/download/ssrc.cab
DPF: {01119400-3E00-11D2-8470-0060089874ED} - hxxp://dsra1he.ds.adp.com/sdccommon/download/sprtctlln.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-24 15:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-1229272821-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,95,ec,b4,52,6c,ce,43,b1,e2,9a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,95,ec,b4,52,6c,ce,43,b1,e2,9a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-04-24 15:51:07
ComboFix-quarantined-files.txt 2012-04-24 19:51
ComboFix2.txt 2012-04-17 16:41
ComboFix3.txt 2012-04-04 19:50
ComboFix4.txt 2012-04-04 19:06
ComboFix5.txt 2012-04-24 19:19
.
Pre-Run: 394,606,817,280 bytes free
Post-Run: 394,662,100,992 bytes free
.
- - End Of File - - 70AFDEF84F61D110A176319176956D3C

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:42 PM

Posted 25 April 2012 - 10:45 AM

Please run Notepad and copy the following text into a new file:

sc config serialkeys start= disabled
sc stop serialkeys
sc delete serialkeys
sc config snapman380 start= disabled
sc stop snapman380
sc delete snapman380
sc config vds start= disabled
sc stop vds
sc delete vds


Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files". Locate remove.bat on the Desktop and double-click on it to run it. A DOS box will open and close, that is normal.
If any errors errors encountered please post.
When done you can delete the remove.bat file.

p.s. On a Vista/Windows7 Operating System run the remove.bat file as Administrator.

How is it now?

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:42 PM

Posted 01 May 2012 - 09:30 AM

If all is well.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#15 zohan

zohan
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 07 May 2012 - 08:47 AM

Sorry for the delay. I had to go out of town. It was very short notice, so I didn't have time to respond on here.

Well, Just now, I ran the remove.bat. It completed with No errors.

So I rebooted and ran combofix again. Combofix gave me an error saying "Trend Micro Realtime scanner is running, Run at you're own risk". This is the first time I have gotten a message like this, and I disabled Trend Micro before starting combofix. There should really be a cancel button on that screen, warning me to run at my own risk, but I can't cancel it. The only option is "OK". So I clicked on the "X" hoping to cancel it but combofix continued. Then Combofix said it needed to be updated. I clicked "Yes" to let it download the update. While that was downloading, I looked in task manager to see if I could find anything Trend Micro, then I looked in Services and found one thing running. I stopped that service.

Combofix restarted after updating and gave me that message again that Realtime scanner is running. Then the same message pops up saying "you are infected with RootKit ZeroAccess!.

Combofix is still running as I'm typing this so I don't have a log yet.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users