Jump to content

Unable to remove Trojan Zeroaccess!inf4 from services.exe


Recommended Posts

Hi,

I have a Windows 7 Professional OS with Norton antivirus 2012.

Recently I got a notification on Norton for Trojan Zeroaccess!inf4.

Here is what I did so far and am unable to remove it fully from my system.

1) Ran Norton to check if there are more infections and got a message All Threats Removed.

2) But the Unsolved Security Risks showed services.exe(Trojan Zeroaccess!inf4) detedted by Auto-Protect. Assuming this is being picked form quarantine, I ran MBAM for a Quick Scan.

3) MBAM log showed two infections. Below is the Log.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.12.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Admin :: ADMIN-PC [administrator]

Protection: Enabled

8/12/2012 9:32:22 AM

mbam-log-2012-08-12 (09-32-22).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 198547

Time elapsed: 4 minute(s), 36 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Users\Admin\Downloads\SoftonicDownloader_for_mozilla-firefox.exe (PUP.ToolbarDownloader) -> No action taken.

C:\Windows\Installer\{ae963f8e-ac3e-59ff-8e3e-cf2ef11cd12e}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

4) Clicked "Remove Selected" and rebooted the machine.

5) Re-ran to verify if the infections were removed and MBAM log generated is attached here.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.12.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Admin :: ADMIN-PC [administrator]

Protection: Enabled

8/12/2012 11:18:07 AM

mbam-log-2012-08-12 (11-18-07).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 198084

Time elapsed: 3 minute(s), 1 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

6) Ran RogueKiller as Administrator. Its log is below showing ZeroAccess infection:

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Admin [Admin rights]

Mode: Scan -- Date: 08/12/2012 09:52:05

¤¤¤ Bad processes: 1 ¤¤¤

[sUSP PATH] c2c_service.exe -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 9 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{38F75B14-47DE-47B4-AEBE-9D57EE0B3643} : NameServer (155.132.2.31,155.132.9.10) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{38F75B14-47DE-47B4-AEBE-9D57EE0B3643} : NameServer (155.132.2.31,155.132.9.10) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Admin\AppData\Local\{ae963f8e-ac3e-59ff-8e3e-cf2ef11cd12e}\n.) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{ae963f8e-ac3e-59ff-8e3e-cf2ef11cd12e}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{ae963f8e-ac3e-59ff-8e3e-cf2ef11cd12e}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{ae963f8e-ac3e-59ff-8e3e-cf2ef11cd12e}\L --> FOUND

[ZeroAccess][FILE] @ : c:\users\admin\appdata\local\{ae963f8e-ac3e-59ff-8e3e-cf2ef11cd12e}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\admin\appdata\local\{ae963f8e-ac3e-59ff-8e3e-cf2ef11cd12e}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\admin\appdata\local\{ae963f8e-ac3e-59ff-8e3e-cf2ef11cd12e}\L --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

107.21.203.123 insplnx03.inspirage.com insplnx03

23.21.196.134 insplnx04.inspirage.com insplnx04

107.20.241.12 testec2.inspirage.com testec2

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HITACHI HTS545050B9A300 +++++

--- User ---

[MBR] aa0b2ff107add63d95adeafa737941cc

[bSP] 15fc16227e8fccae680f59a76c9e4889 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 99900 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204802048 | Size: 150000 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 512002048 | Size: 226938 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Kindly guide me in removing this infection completely from my system and suggest how to keep it away from re-entering my system.

Thanks in advance.

Regards,

shekhar

Link to post
Share on other sites

Here you go......

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.<-------

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

    services.exe

    [*]Now press the Search button

    [*]When the search is complete, search.txt will also be written to your USB

    [*]Type exit and reboot the computer normally

    [*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Link to post
Share on other sites

FRST.txt

Scan result of Farbar Recovery Scan Tool Version: 09-08-2012

Ran by SYSTEM at 12-08-2012 18:37:26

Running from H:\

Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [167960 2011-03-29] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2011-03-29] (Intel Corporation)

HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [418840 2011-03-29] (Intel Corporation)

HKLM\...\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 2010-04-27] ()

HKLM\...\Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2011-01-05] (Intel® Corporation)

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-07] (Synaptics Incorporated)

HKLM\...\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-05-02] (Lenovo (Beijing) Limited)

HKLM\...\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-05-02] (Lenovo(beijing) Limited)

HKLM\...\Run: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" [222504 2009-05-13] (CyberLink Corp.)

HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-17] (Intel Corporation)

HKLM-x32\...\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-18] (Vimicro)

HKLM-x32\...\Run: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" [222504 2009-05-13] (CyberLink Corp.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [PDFVPrinter] C:\Program Files (x86)\Classic PDF Editor\PDFVPrinter.exe [x]

HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [371896 2012-05-22] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)

HKU\Admin\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)

HKU\Admin\...\Run: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart [3289088 2007-11-20] (Google)

HKU\Admin\...\Run: [Google Update] "C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-05-10] (Google Inc.)

HKU\Admin\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [6591800 2012-02-22] (Yahoo! Inc.)

HKU\Admin\...\Run: [NetSP - restore settings on power failure] "C:\Program Files (x86)\AT&T Global Network Client\NetSP.exe" -show [55136 2012-03-27] (AT&T)

Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)

Tcpip\Parameters: [DhcpNameServer] 172.16.0.1

Tcpip\..\Interfaces\{38F75B14-47DE-47B4-AEBE-9D57EE0B3643}: [NameServer]155.132.2.31,155.132.9.10

Startup: C:\Users\Admin\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\AT&T Global Network Client Monitor.lnk

ShortcutTarget: AT&T Global Network Client Monitor.lnk -> C:\Windows\Installer\{37880B62-627C-4F6B-BB85-984BB7E26125}\NetGM1_89563E53ECF44E868145468A128BDC83.exe (Flexera Software, Inc.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk

ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)

==================== Services (Whitelisted) ======

2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)

3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-04] ()

2 NAV; "C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe" /s "NAV" /m "C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)

2 netcfgsvr; "C:\Program Files (x86)\AT&T Global Network Client\netcfgsvr.exe" [1124192 2012-03-27] (AT&T)

2 NetClientSvc; "C:\Program Files (x86)\AT&T Global Network Client\NetClientSvc.exe" [370528 2012-03-27] (AT&T)

3 NetLogSvc; C:\Program Files (x86)\AT&T Global Network Client\NetLogSvc.exe [82272 2012-03-27] (AT&T)

2 SwiCardDetectSvc; "C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe" [317296 2011-06-23] (Sierra Wireless, Inc.)

2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)

2 OracleDBConsoleorcl; C:\app\Admin\product\11.2.0\dbhome_1\bin\nmesrvc.exe [x]

4 OracleJobSchedulerORCL; C:\app\admin\product\11.2.0\dbhome_1\Bin\extjob.exe ORCL [x]

2 OracleMTSRecoveryService; C:\app\Admin\product\11.2.0\dbhome_1\bin\omtsreco.exe "OracleMTSRecoveryService" [x]

3 OracleOraDb11g_home1ClrAgent; C:\app\Admin\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS="EXTPROC_DLLS=ONLY:C:\app\Admin\product\11.2.0\dbhome_1\bin\oraclr11.dll" [x]

3 OracleServiceORCL; C:\app\admin\product\11.2.0\dbhome_1\bin\ORACLE.EXE ORCL [x]

3 OracleVssWriterORCL; C:\app\admin\product\11.2.0\dbhome_1\bin\OraVSSW.exe ORCL [x]

========================== Drivers (Whitelisted) =============

1 agnfilt; C:\Windows\System32\Drivers\agnfilt.sys [201728 2012-03-27] (AT&T)

3 avpnnic; C:\Windows\System32\Drivers\avpnnic.sys [14848 2012-03-27] (AT&T)

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120804.001\BHDrvx64.sys [1161376 2012-06-18] (Symantec Corporation)

1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys [167048 2011-11-29] (Symantec Corporation)

1 ctxusbm; C:\Windows\System32\Drivers\ctxusbm.sys [93272 2012-05-16] (Citrix Systems, Inc.)

1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)

3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)

1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120810.001\IDSvia64.sys [509088 2012-06-14] (Symantec Corporation)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)

3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120811.008\ENG64.SYS [120440 2012-08-12] (Symantec Corporation)

3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120811.008\EX64.SYS [2068600 2012-08-12] (Symantec Corporation)

1 NEOFLTR_650_15977; C:\Windows\System32\Drivers\NEOFLTR_650_15977.sys [100472 2010-06-04] (Juniper Networks)

1 SRTSP; C:\Windows\System32\Drivers\NAVx64\1307010.005\SRTSP64.SYS [737912 2012-03-28] (Symantec Corporation)

1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1307010.005\SRTSPX64.SYS [37496 2012-03-28] (Symantec Corporation)

0 SymDS; C:\Windows\System32\drivers\NAVx64\1307010.005\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)

0 SymEFA; C:\Windows\System32\drivers\NAVx64\1307010.005\SYMEFA64.SYS [1092728 2012-03-28] (Symantec Corporation)

3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-05-03] (Symantec Corporation)

1 SymIRON; C:\Windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS [190072 2012-03-28] (Symantec Corporation)

1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1307010.005\SYMNETS.SYS [405624 2012-03-28] (Symantec Corporation)

3 OracleOraDb11g_home1TNSListener; d:\app\Admin\product\11.2.0\dbhome_1\BIN\TNSLSNR [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-12 14:30 - 2012-08-12 14:30 - 00021236 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_12_18_30_30.dmp

2012-08-12 14:16 - 2012-08-12 14:16 - 01439703 ____A (Farbar) C:\Users\Admin\Downloads\FRST64.exe

2012-08-12 13:51 - 2012-08-12 13:51 - 00027607 ____A C:\Users\Admin\Desktop\DDS.txt

2012-08-12 13:50 - 2012-08-12 13:50 - 00012009 ____A C:\Users\Admin\Desktop\Attach.txt

2012-08-12 13:46 - 2012-08-12 13:46 - 00607260 ____R (Swearware) C:\Users\Admin\Desktop\dds.scr

2012-08-12 13:11 - 2012-08-12 13:19 - 325856916 ____A C:\Users\Admin\Downloads\Sunny Leone from Sunnys Big Adventure Blu3torrent file.avi

2012-08-12 13:10 - 2012-08-12 13:19 - 05894737 ____A C:\Users\Admin\Downloads\indian hot oil massage.3gp

2012-08-12 13:09 - 2012-08-12 13:19 - 66930726 ____A C:\Users\Admin\Downloads\censoreding the taxi driver.rar

2012-08-12 12:27 - 2012-08-12 12:27 - 00021138 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_12_16_27_42.dmp

2012-08-12 07:06 - 2012-08-12 07:06 - 00000000 ____D C:\Windows\Sun

2012-08-12 05:52 - 2012-08-12 05:52 - 00002894 ____A C:\Users\Admin\Desktop\RKreport[1].txt

2012-08-12 05:39 - 2012-08-12 05:39 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_12_9_39_49.dmp

2012-08-12 05:30 - 2012-08-12 05:30 - 01558528 ____A C:\Users\Admin\Desktop\RogueKiller.exe

2012-08-12 05:30 - 2012-08-12 05:30 - 00596992 ____A (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe

2012-08-12 05:29 - 2012-08-12 05:52 - 00000000 ____D C:\Users\Admin\Desktop\RK_Quarantine

2012-08-12 05:29 - 2012-08-12 05:29 - 01558528 ____A C:\Users\Admin\Downloads\RogueKiller.exe

2012-08-12 05:25 - 2012-08-12 05:25 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-08-12 05:25 - 2012-08-12 05:25 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-08-12 05:25 - 2012-08-12 05:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes

2012-08-12 05:25 - 2012-08-12 05:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-12 05:25 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-08-12 05:24 - 2012-08-12 05:24 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-1.62.0.1300.exe

2012-08-12 04:48 - 2012-08-12 04:48 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_12_8_48_53.dmp

2012-08-12 04:16 - 2012-08-12 04:16 - 00022640 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_12_8_16_43.dmp

2012-08-11 19:36 - 2012-08-11 19:36 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_11_23_36_24.dmp

2012-08-11 18:33 - 2012-08-11 18:33 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_11_22_33_40.dmp

2012-08-11 18:28 - 2012-08-11 18:30 - 01805736 ____A (Symantec Corporation) C:\Users\Admin\Downloads\FixZeroAccess (1).exe

2012-08-11 07:33 - 2012-08-11 07:33 - 00748749 ____A C:\Users\Admin\Desktop\11Aug_collaborator.log

2012-08-11 07:14 - 2012-08-11 07:14 - 00436669 ____A C:\Users\Admin\Desktop\Screenshot - Action Plan 11Aug2012.pptx

2012-08-10 16:12 - 2012-08-10 16:12 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_10_20_12_48.dmp

2012-08-10 11:03 - 2012-08-10 11:04 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_10_15_3_59.dmp

2012-08-10 09:53 - 2012-08-10 09:54 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_10_13_53_59.dmp

2012-08-10 04:20 - 2012-08-10 04:20 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_10_8_20_51.dmp

2012-08-10 02:50 - 2012-08-10 02:50 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_10_6_50_27.dmp

2012-08-09 20:08 - 2012-08-09 20:08 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_10_0_8_7.dmp

2012-08-09 16:24 - 2012-08-09 16:24 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_9_20_24_21.dmp

2012-08-09 13:43 - 2012-08-09 13:44 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_9_17_43_57.dmp

2012-08-09 11:26 - 2012-08-09 11:26 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_9_15_26_13.dmp

2012-08-09 10:58 - 2012-08-09 10:58 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_9_14_58_22.dmp

2012-08-09 10:51 - 2012-08-09 10:51 - 00000000 ____D C:\Users\Admin\Downloads\7zip

2012-08-09 10:45 - 2012-08-11 18:39 - 00003148 ____A C:\Users\Admin\Downloads\FSS.txt

2012-08-09 10:42 - 2012-08-09 10:42 - 00693235 ____A (Farbar) C:\Users\Admin\Downloads\FSS.exe

2012-08-09 09:09 - 2012-08-09 09:09 - 00022133 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_9_13_9_55.dmp

2012-08-09 07:08 - 2012-08-09 07:08 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_9_11_8_28.dmp

2012-08-09 06:40 - 2012-08-09 06:40 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_9_10_40_14.dmp

2012-08-09 06:11 - 2012-08-12 14:34 - 00327680 ____A C:\Windows\System32\Ikeext.etl

2012-08-09 06:11 - 2012-08-09 06:11 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_9_10_11_17.dmp

2012-08-09 05:38 - 2012-08-09 05:38 - 00003760 ____A C:\{2F72F050-28E6-4D0B-900E-FADBCF0344A4}

2012-08-09 05:35 - 2012-08-09 05:35 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_9_9_35_25.dmp

2012-08-09 05:14 - 2012-08-09 05:17 - 00000000 ____D C:\Users\Admin\AppData\Local\NPE

2012-08-09 04:38 - 2012-08-09 04:38 - 00003792 ____A C:\{AD9548B9-ED37-4797-8AE3-3C0A49B01CF7}

2012-08-09 04:10 - 2012-08-09 04:10 - 00003760 ____A C:\{5397871D-4F6A-448E-9140-E2F2E927BF55}

2012-08-09 03:06 - 2012-08-09 03:06 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_9_7_6_50.dmp

2012-08-09 02:01 - 2012-08-11 03:21 - 00305734 ____A C:\Users\Admin\Desktop\Screenshot - Action Plan 09Aug.pptx

2012-08-09 02:01 - 2012-08-09 02:06 - 00603586 ____A C:\Users\Admin\Desktop\Screenshot - Action Plan 09Aug2012.pptx

2012-08-09 00:49 - 2012-08-09 00:49 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_9_4_49_0.dmp

2012-08-09 00:33 - 2012-08-09 00:33 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_9_4_33_44.dmp

2012-08-09 00:31 - 2012-08-11 18:30 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys

2012-08-09 00:27 - 2012-08-09 00:31 - 01805736 ____A (Symantec Corporation) C:\Users\Admin\Downloads\FixZeroAccess.exe

2012-08-09 00:06 - 2012-08-09 00:06 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_9_4_6_27.dmp

2012-08-08 17:05 - 2012-08-08 17:05 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_8_21_5_44.dmp

2012-08-08 12:56 - 2012-08-08 12:57 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_8_16_56_56.dmp

2012-08-08 08:50 - 2012-08-08 08:50 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_8_12_50_43.dmp

2012-08-08 04:51 - 2012-08-08 04:52 - 00022528 ____A C:\Users\Admin\Desktop\APQUAL_export.xls

2012-08-08 04:24 - 2012-08-08 04:25 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_8_8_24_59.dmp

2012-08-08 02:11 - 2012-08-08 02:11 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_8_6_11_2.dmp

2012-08-07 16:42 - 2012-08-07 18:07 - 731242496 ____A C:\Users\Admin\Downloads\Department - DVDRip - XviD - 1CDRip - [DDR].avi

2012-08-07 15:53 - 2012-08-07 15:53 - 00022133 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_7_19_53_21.dmp

2012-08-07 04:30 - 2012-08-07 04:30 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_7_8_30_35.dmp

2012-08-06 21:04 - 2012-08-06 21:15 - 00000000 ____D C:\Users\Admin\Downloads\Jism 2 - DVDScr - XviD - 1CDRip - [DDR]

2012-08-06 15:58 - 2012-08-06 15:58 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_6_19_58_43.dmp

2012-08-06 13:52 - 2012-08-08 18:42 - 00002411 ____A C:\Users\Admin\Desktop\Google Chrome.lnk

2012-08-06 13:47 - 2012-08-06 13:46 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe

2012-08-06 13:47 - 2012-08-06 13:46 - 00145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe

2012-08-06 13:47 - 2012-08-06 13:46 - 00145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe

2012-08-06 13:38 - 2012-08-06 13:38 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_6_17_38_29.dmp

2012-08-06 13:21 - 2012-08-06 13:21 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_6_17_21_5.dmp

2012-08-06 12:54 - 2012-08-06 12:54 - 00214016 ____A C:\Users\Admin\Downloads\RemoteEngineLaunch (1)

2012-08-06 12:34 - 2012-08-06 12:34 - 00214016 ____A C:\Users\Admin\Downloads\RemoteEngineLaunch

2012-08-06 04:24 - 2012-08-06 04:24 - 00022133 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_6_8_24_12.dmp

2012-08-05 15:08 - 2012-08-05 15:08 - 00022133 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_5_19_8_9.dmp

2012-08-05 06:24 - 2012-08-05 06:24 - 00023644 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_5_10_24_12.dmp

2012-08-05 05:34 - 2012-08-05 05:34 - 00022133 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_5_9_34_51.dmp

2012-08-05 04:15 - 2012-08-05 04:15 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_5_8_15_2.dmp

2012-08-05 04:06 - 2012-08-05 04:06 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_5_8_6_29.dmp

2012-08-05 01:07 - 2012-08-05 01:07 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_5_5_7_30.dmp

2012-08-04 18:19 - 2012-08-04 18:19 - 00022133 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_4_22_19_44.dmp

2012-08-04 17:06 - 2012-08-04 17:06 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_4_21_6_26.dmp

2012-08-04 16:50 - 2012-08-04 16:50 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_4_20_50_47.dmp

2012-08-04 15:27 - 2012-08-04 15:27 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_4_19_27_2.dmp

2012-08-04 04:24 - 2012-08-04 04:24 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_4_8_24_39.dmp

2012-08-04 02:13 - 2012-08-04 02:13 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_4_6_13_35.dmp

2012-08-03 19:25 - 2012-08-03 19:26 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_3_23_25_56.dmp

2012-08-03 08:49 - 2012-08-03 08:49 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_3_12_49_13.dmp

2012-08-03 08:37 - 2012-08-03 08:37 - 00023546 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_3_12_37_51.dmp

2012-08-03 08:13 - 2012-08-03 08:13 - 00023546 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_3_12_13_12.dmp

2012-08-03 06:02 - 2012-08-03 06:02 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_3_10_2_50.dmp

2012-08-03 04:22 - 2012-08-03 04:22 - 00022279 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_3_8_22_23.dmp

2012-08-03 03:14 - 2012-08-03 03:14 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_3_7_14_20.dmp

2012-08-03 01:50 - 2012-08-03 01:50 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_3_5_50_26.dmp

2012-08-02 19:17 - 2012-08-02 19:17 - 00019994 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_2_23_17_52.dmp

2012-08-02 10:25 - 2012-08-02 10:25 - 00022081 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_2_23_55_10.dmp

2012-08-01 23:18 - 2012-08-01 23:18 - 00022081 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_2_12_48_8.dmp

2012-08-01 05:30 - 2012-08-01 05:30 - 00022538 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_1_19_0_8.dmp

2012-07-31 16:14 - 2012-07-31 16:14 - 00022129 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_1_5_44_0.dmp

2012-07-31 10:20 - 2012-07-31 10:20 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_31_23_50_19.dmp

2012-07-30 18:12 - 2012-07-30 18:12 - 00022081 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_31_7_42_9.dmp

2012-07-30 10:17 - 2012-07-30 10:17 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_30_23_47_40.dmp

2012-07-30 06:38 - 2012-07-30 06:38 - 00021184 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_30_20_8_32.dmp

2012-07-29 19:25 - 2012-07-29 19:25 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_30_8_55_29.dmp

2012-07-29 09:24 - 2012-07-29 09:24 - 00022129 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_29_22_54_4.dmp

2012-07-28 22:53 - 2012-07-28 22:53 - 00022081 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_29_12_23_25.dmp

2012-07-28 06:56 - 2012-07-28 06:56 - 00022081 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_28_20_26_5.dmp

2012-07-27 19:59 - 2012-07-27 19:59 - 00022129 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_28_9_29_24.dmp

2012-07-27 05:24 - 2012-07-27 05:24 - 00021086 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_27_18_54_18.dmp

2012-07-27 05:19 - 2012-08-12 12:53 - 00002761 ____A C:\Users\Admin\Desktop\todo.txt

2012-07-27 05:19 - 2012-07-27 05:19 - 00000910 ____A C:\Users\Admin\Desktop\indexes on ws.txt

2012-07-26 18:49 - 2012-07-26 18:49 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_27_8_19_56.dmp

2012-07-26 07:03 - 2012-07-26 07:03 - 00022129 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_26_20_33_26.dmp

2012-07-26 05:08 - 2012-07-30 05:06 - 00000000 ____D C:\Users\Admin\Tracing

2012-07-26 05:08 - 2012-07-26 05:08 - 00000000 ____D C:\Users\Admin\Documents\My Meetings

2012-07-26 03:59 - 2012-07-26 03:59 - 00008490 ____A C:\Users\Admin\Desktop\Cm_Approval_method.txt

2012-07-26 03:11 - 2012-07-31 04:07 - 00002747 ____A C:\Users\Admin\Desktop\CM Custom objects functionality.txt

2012-07-26 02:13 - 2012-07-26 02:13 - 00858939 ____A C:\Users\Admin\Downloads\collaborator[1].log

2012-07-25 19:09 - 2012-07-25 19:09 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_26_8_39_55.dmp

2012-07-25 11:13 - 2012-07-25 11:13 - 00022081 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_26_0_43_11.dmp

2012-07-25 05:15 - 2012-07-25 05:15 - 00021086 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_25_18_45_40.dmp

2012-07-24 19:08 - 2012-07-24 19:08 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_25_8_38_44.dmp

2012-07-24 09:25 - 2012-07-24 09:25 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_24_22_55_28.dmp

2012-07-24 08:09 - 2012-07-24 08:09 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_24_21_39_53.dmp

2012-07-24 07:24 - 2012-07-24 07:24 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_24_20_54_7.dmp

2012-07-24 04:28 - 2012-07-24 04:28 - 00021086 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_24_17_58_23.dmp

2012-07-24 04:24 - 2012-07-24 04:24 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Canon

2012-07-24 04:24 - 2012-07-24 04:24 - 00000000 ____A C:\Users\Admin\Sti_Trace.log

2012-07-23 19:44 - 2012-07-23 19:44 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_24_9_14_47.dmp

2012-07-23 17:12 - 2012-07-23 17:12 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_24_6_42_19.dmp

2012-07-23 10:13 - 2012-07-23 10:13 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_23_23_43_22.dmp

2012-07-23 07:26 - 2012-07-23 07:26 - 00021086 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_23_20_56_26.dmp

2012-07-22 18:24 - 2012-07-22 18:24 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_23_7_54_35.dmp

2012-07-22 04:22 - 2012-07-22 04:22 - 00022129 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_22_17_52_46.dmp

2012-07-21 19:22 - 2012-07-21 19:22 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_22_8_52_49.dmp

2012-07-21 04:01 - 2012-07-21 04:01 - 00022081 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_21_17_31_45.dmp

2012-07-21 03:24 - 2012-07-21 03:24 - 00022081 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_21_16_54_2.dmp

2012-07-20 04:26 - 2012-07-20 04:26 - 00022490 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_20_17_56_50.dmp

2012-07-19 20:00 - 2012-07-19 20:00 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_20_9_30_23.dmp

2012-07-19 17:25 - 2012-07-19 17:25 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_20_6_55_29.dmp

2012-07-19 10:58 - 2012-07-19 10:58 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_20_0_28_36.dmp

2012-07-19 07:57 - 2012-07-19 07:57 - 00022129 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_19_21_27_16.dmp

2012-07-19 03:54 - 2012-07-19 03:54 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_19_17_24_1.dmp

2012-07-18 19:46 - 2012-07-18 19:46 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_19_9_16_49.dmp

2012-07-18 08:20 - 2012-07-18 08:20 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_18_21_50_40.dmp

2012-07-18 03:37 - 2012-07-18 03:37 - 00021276 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_18_17_7_55.dmp

2012-07-17 02:54 - 2012-07-17 02:54 - 00021320 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_17_16_24_9.dmp

2012-07-16 17:25 - 2012-07-16 17:25 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_17_6_55_47.dmp

2012-07-16 06:14 - 2012-07-16 06:14 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_16_19_44_48.dmp

2012-07-16 03:21 - 2012-07-16 03:21 - 00022582 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_16_16_51_44.dmp

2012-07-15 22:55 - 2012-07-15 23:01 - 01195181 ____A C:\Users\Admin\Documents\t_src_item_tmpl.dat

2012-07-15 21:59 - 2012-07-15 23:03 - 00000000 ____D C:\Users\Admin\AppData\Roaming\FileZilla

2012-07-15 21:59 - 2012-07-15 21:59 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client

2012-07-15 21:58 - 2012-07-15 21:58 - 04518720 ____A (FileZilla Project) C:\Users\Admin\Downloads\FileZilla_3.5.3_win32-setup.exe

2012-07-15 19:22 - 2012-07-15 19:22 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_16_8_52_9.dmp

2012-07-15 05:42 - 2012-07-15 05:42 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_15_19_12_8.dmp

2012-07-14 22:05 - 2012-07-14 22:05 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_15_11_35_33.dmp

2012-07-14 06:24 - 2012-07-14 06:24 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_14_19_54_21.dmp

2012-07-14 05:01 - 2012-07-14 05:01 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_14_18_31_6.dmp

2012-07-14 04:36 - 2012-07-14 04:36 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_14_18_6_12.dmp

2012-07-13 21:24 - 2012-07-13 21:24 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_14_10_54_32.dmp

2012-07-13 20:16 - 2012-07-13 20:16 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_14_9_46_10.dmp

2012-07-13 19:51 - 2012-07-13 19:51 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_14_9_21_24.dmp

2012-07-13 04:53 - 2012-07-13 04:53 - 00021276 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_13_18_23_43.dmp

2012-07-13 03:16 - 2012-07-13 03:16 - 00000000 ____D C:\Users\Admin\AppData\Local\Macromedia

============ 3 Months Modified Files ========================

2012-08-12 14:34 - 2012-08-09 06:11 - 00327680 ____A C:\Windows\System32\Ikeext.etl

2012-08-12 14:34 - 2012-05-02 01:58 - 01871105 ____A C:\Windows\WindowsUpdate.log

2012-08-12 14:34 - 2009-07-13 20:45 - 00022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-12 14:34 - 2009-07-13 20:45 - 00022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-12 14:30 - 2012-08-12 14:30 - 00021236 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_12_18_30_30.dmp

2012-08-12 14:29 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-12 14:29 - 2009-07-13 20:51 - 00053630 ____A C:\Windows\setupact.log

2012-08-12 14:18 - 2012-07-12 20:49 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-08-12 14:17 - 2009-07-13 21:13 - 00735402 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-12 14:16 - 2012-08-12 14:16 - 01439703 ____A (Farbar) C:\Users\Admin\Downloads\FRST64.exe

2012-08-12 13:51 - 2012-08-12 13:51 - 00027607 ____A C:\Users\Admin\Desktop\DDS.txt

2012-08-12 13:50 - 2012-08-12 13:50 - 00012009 ____A C:\Users\Admin\Desktop\Attach.txt

2012-08-12 13:46 - 2012-08-12 13:46 - 00607260 ____R (Swearware) C:\Users\Admin\Desktop\dds.scr

2012-08-12 13:41 - 2012-05-10 08:01 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-325862687-2821830248-2684448362-1000UA.job

2012-08-12 13:19 - 2012-08-12 13:11 - 325856916 ____A C:\Users\Admin\Downloads\Sunny Leone from Sunnys Big Adventure Blu3torrent file.avi

2012-08-12 13:19 - 2012-08-12 13:10 - 05894737 ____A C:\Users\Admin\Downloads\indian hot oil massage.3gp

2012-08-12 13:19 - 2012-08-12 13:09 - 66930726 ____A C:\Users\Admin\Downloads\censoreding the taxi driver.rar

2012-08-12 12:53 - 2012-07-27 05:19 - 00002761 ____A C:\Users\Admin\Desktop\todo.txt

2012-08-12 12:27 - 2012-08-12 12:27 - 00021138 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_12_16_27_42.dmp

2012-08-12 09:41 - 2012-05-10 08:01 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-325862687-2821830248-2684448362-1000Core.job

2012-08-12 05:52 - 2012-08-12 05:52 - 00002894 ____A C:\Users\Admin\Desktop\RKreport[1].txt

2012-08-12 05:39 - 2012-08-12 05:39 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_12_9_39_49.dmp

2012-08-12 05:38 - 2010-11-20 19:47 - 00099418 ____A C:\Windows\PFRO.log

2012-08-12 05:30 - 2012-08-12 05:30 - 01558528 ____A C:\Users\Admin\Desktop\RogueKiller.exe

2012-08-12 05:30 - 2012-08-12 05:30 - 00596992 ____A (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe

2012-08-12 05:29 - 2012-08-12 05:29 - 01558528 ____A C:\Users\Admin\Downloads\RogueKiller.exe

2012-08-12 05:25 - 2012-08-12 05:25 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-08-12 05:24 - 2012-08-12 05:24 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-1.62.0.1300.exe

2012-08-12 04:48 - 2012-08-12 04:48 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_12_8_48_53.dmp

2012-08-12 04:26 - 2012-05-04 02:54 - 00748616 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-08-12 04:16 - 2012-08-12 04:16 - 00022640 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_12_8_16_43.dmp

2012-08-11 19:36 - 2012-08-11 19:36 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_11_23_36_24.dmp

2012-08-11 18:39 - 2012-08-09 10:45 - 00003148 ____A C:\Users\Admin\Downloads\FSS.txt

2012-08-11 18:33 - 2012-08-11 18:33 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_11_22_33_40.dmp

2012-08-11 18:30 - 2012-08-11 18:28 - 01805736 ____A (Symantec Corporation) C:\Users\Admin\Downloads\FixZeroAccess (1).exe

2012-08-11 18:30 - 2012-08-09 00:31 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys

2012-08-11 16:02 - 2012-05-03 20:58 - 00001996 ___AH C:\Users\Admin\Documents\Default.rdp

2012-08-11 07:44 - 2012-04-02 04:57 - 00013962 ____A C:\Users\Admin\Desktop\1.txt

2012-08-11 07:33 - 2012-08-11 07:33 - 00748749 ____A C:\Users\Admin\Desktop\11Aug_collaborator.log

2012-08-11 07:14 - 2012-08-11 07:14 - 00436669 ____A C:\Users\Admin\Desktop\Screenshot - Action Plan 11Aug2012.pptx

2012-08-11 03:21 - 2012-08-09 02:01 - 00305734 ____A C:\Users\Admin\Desktop\Screenshot - Action Plan 09Aug.pptx

2012-08-10 16:12 - 2012-08-10 16:12 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_10_20_12_48.dmp

2012-08-10 11:04 - 2012-08-10 11:03 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_10_15_3_59.dmp

2012-08-10 09:54 - 2012-08-10 09:53 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_10_13_53_59.dmp

2012-08-10 04:20 - 2012-08-10 04:20 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_10_8_20_51.dmp

2012-08-10 02:50 - 2012-08-10 02:50 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_10_6_50_27.dmp

2012-08-09 20:08 - 2012-08-09 20:08 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_10_0_8_7.dmp

2012-08-09 16:24 - 2012-08-09 16:24 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_9_20_24_21.dmp

2012-08-09 13:44 - 2012-08-09 13:43 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_9_17_43_57.dmp

2012-08-09 11:26 - 2012-08-09 11:26 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_9_15_26_13.dmp

2012-08-09 10:58 - 2012-08-09 10:58 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_9_14_58_22.dmp

2012-08-09 10:42 - 2012-08-09 10:42 - 00693235 ____A (Farbar) C:\Users\Admin\Downloads\FSS.exe

2012-08-09 09:09 - 2012-08-09 09:09 - 00022133 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_9_13_9_55.dmp

2012-08-09 07:08 - 2012-08-09 07:08 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_9_11_8_28.dmp

2012-08-09 06:57 - 2012-06-12 23:24 - 00007601 ____A C:\Users\Admin\AppData\Local\Resmon.ResmonCfg

2012-08-09 06:40 - 2012-08-09 06:40 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_9_10_40_14.dmp

2012-08-09 06:11 - 2012-08-09 06:11 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_9_10_11_17.dmp

2012-08-09 05:38 - 2012-08-09 05:38 - 00003760 ____A C:\{2F72F050-28E6-4D0B-900E-FADBCF0344A4}

2012-08-09 05:35 - 2012-08-09 05:35 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_9_9_35_25.dmp

2012-08-09 04:38 - 2012-08-09 04:38 - 00003792 ____A C:\{AD9548B9-ED37-4797-8AE3-3C0A49B01CF7}

2012-08-09 04:10 - 2012-08-09 04:10 - 00003760 ____A C:\{5397871D-4F6A-448E-9140-E2F2E927BF55}

2012-08-09 03:06 - 2012-08-09 03:06 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_9_7_6_50.dmp

2012-08-09 02:06 - 2012-08-09 02:01 - 00603586 ____A C:\Users\Admin\Desktop\Screenshot - Action Plan 09Aug2012.pptx

2012-08-09 00:49 - 2012-08-09 00:49 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_9_4_49_0.dmp

2012-08-09 00:33 - 2012-08-09 00:33 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_9_4_33_44.dmp

2012-08-09 00:31 - 2012-08-09 00:27 - 01805736 ____A (Symantec Corporation) C:\Users\Admin\Downloads\FixZeroAccess.exe

2012-08-09 00:06 - 2012-08-09 00:06 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_9_4_6_27.dmp

2012-08-08 18:42 - 2012-08-06 13:52 - 00002411 ____A C:\Users\Admin\Desktop\Google Chrome.lnk

2012-08-08 17:05 - 2012-08-08 17:05 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_8_21_5_44.dmp

2012-08-08 12:57 - 2012-08-08 12:56 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_8_16_56_56.dmp

2012-08-08 08:50 - 2012-08-08 08:50 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_8_12_50_43.dmp

2012-08-08 04:52 - 2012-08-08 04:51 - 00022528 ____A C:\Users\Admin\Desktop\APQUAL_export.xls

2012-08-08 04:25 - 2012-08-08 04:24 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_8_8_24_59.dmp

2012-08-08 02:11 - 2012-08-08 02:11 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_8_6_11_2.dmp

2012-08-07 18:07 - 2012-08-07 16:42 - 731242496 ____A C:\Users\Admin\Downloads\Department - DVDRip - XviD - 1CDRip - [DDR].avi

2012-08-07 15:53 - 2012-08-07 15:53 - 00022133 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_7_19_53_21.dmp

2012-08-07 04:30 - 2012-08-07 04:30 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_7_8_30_35.dmp

2012-08-06 15:58 - 2012-08-06 15:58 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_6_19_58_43.dmp

2012-08-06 13:46 - 2012-08-06 13:47 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe

2012-08-06 13:46 - 2012-08-06 13:47 - 00145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe

2012-08-06 13:46 - 2012-08-06 13:47 - 00145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe

2012-08-06 13:46 - 2012-05-17 20:59 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll

2012-08-06 13:38 - 2012-08-06 13:38 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_6_17_38_29.dmp

2012-08-06 13:32 - 2012-05-15 05:11 - 00010710 ____A C:\Windows\SysWOW64\jupdate-1.5.0_17-b04.log

2012-08-06 13:21 - 2012-08-06 13:21 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_6_17_21_5.dmp

2012-08-06 12:54 - 2012-08-06 12:54 - 00214016 ____A C:\Users\Admin\Downloads\RemoteEngineLaunch (1)

2012-08-06 12:34 - 2012-08-06 12:34 - 00214016 ____A C:\Users\Admin\Downloads\RemoteEngineLaunch

2012-08-06 04:24 - 2012-08-06 04:24 - 00022133 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_6_8_24_12.dmp

2012-08-05 15:08 - 2012-08-05 15:08 - 00022133 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_5_19_8_9.dmp

2012-08-05 06:24 - 2012-08-05 06:24 - 00023644 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_5_10_24_12.dmp

2012-08-05 05:34 - 2012-08-05 05:34 - 00022133 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_5_9_34_51.dmp

2012-08-05 04:15 - 2012-08-05 04:15 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_5_8_15_2.dmp

2012-08-05 04:06 - 2012-08-05 04:06 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_5_8_6_29.dmp

2012-08-05 01:07 - 2012-08-05 01:07 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_5_5_7_30.dmp

2012-08-04 18:19 - 2012-08-04 18:19 - 00022133 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_4_22_19_44.dmp

2012-08-04 17:06 - 2012-08-04 17:06 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_4_21_6_26.dmp

2012-08-04 16:50 - 2012-08-04 16:50 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_4_20_50_47.dmp

2012-08-04 15:27 - 2012-08-04 15:27 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_4_19_27_2.dmp

2012-08-04 04:24 - 2012-08-04 04:24 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_4_8_24_39.dmp

2012-08-04 02:13 - 2012-08-04 02:13 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_4_6_13_35.dmp

2012-08-03 19:26 - 2012-08-03 19:25 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_3_23_25_56.dmp

2012-08-03 08:49 - 2012-08-03 08:49 - 00022231 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_3_12_49_13.dmp

2012-08-03 08:37 - 2012-08-03 08:37 - 00023546 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_3_12_37_51.dmp

2012-08-03 08:13 - 2012-08-03 08:13 - 00023546 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_3_12_13_12.dmp

2012-08-03 06:02 - 2012-08-03 06:02 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_3_10_2_50.dmp

2012-08-03 04:22 - 2012-08-03 04:22 - 00022279 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_3_8_22_23.dmp

2012-08-03 03:14 - 2012-08-03 03:14 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_3_7_14_20.dmp

2012-08-03 01:50 - 2012-08-03 01:50 - 00022542 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_3_5_50_26.dmp

2012-08-02 19:17 - 2012-08-02 19:17 - 00019994 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_2_23_17_52.dmp

2012-08-02 16:48 - 2012-05-06 23:15 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-08-02 16:48 - 2012-05-06 23:15 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-08-02 10:25 - 2012-08-02 10:25 - 00022081 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_2_23_55_10.dmp

2012-08-01 23:18 - 2012-08-01 23:18 - 00022081 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_2_12_48_8.dmp

2012-08-01 05:30 - 2012-08-01 05:30 - 00022538 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_1_19_0_8.dmp

2012-07-31 16:14 - 2012-07-31 16:14 - 00022129 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_8_1_5_44_0.dmp

2012-07-31 10:20 - 2012-07-31 10:20 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_31_23_50_19.dmp

2012-07-31 04:07 - 2012-07-26 03:11 - 00002747 ____A C:\Users\Admin\Desktop\CM Custom objects functionality.txt

2012-07-30 21:36 - 2012-05-16 05:55 - 544812872 ____A C:\Windows\MEMORY.DMP

2012-07-30 18:12 - 2012-07-30 18:12 - 00022081 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_31_7_42_9.dmp

2012-07-30 10:17 - 2012-07-30 10:17 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_30_23_47_40.dmp

2012-07-30 06:38 - 2012-07-30 06:38 - 00021184 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_30_20_8_32.dmp

2012-07-29 19:25 - 2012-07-29 19:25 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_30_8_55_29.dmp

2012-07-29 18:11 - 2012-05-13 00:06 - 00013979 ____A C:\Users\Admin\Desktop\Book1.xlsx

2012-07-29 09:24 - 2012-07-29 09:24 - 00022129 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_29_22_54_4.dmp

2012-07-28 22:53 - 2012-07-28 22:53 - 00022081 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_29_12_23_25.dmp

2012-07-28 06:56 - 2012-07-28 06:56 - 00022081 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_28_20_26_5.dmp

2012-07-27 19:59 - 2012-07-27 19:59 - 00022129 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_28_9_29_24.dmp

2012-07-27 05:24 - 2012-07-27 05:24 - 00021086 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_27_18_54_18.dmp

2012-07-27 05:19 - 2012-07-27 05:19 - 00000910 ____A C:\Users\Admin\Desktop\indexes on ws.txt

2012-07-26 18:49 - 2012-07-26 18:49 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_27_8_19_56.dmp

2012-07-26 07:03 - 2012-07-26 07:03 - 00022129 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_26_20_33_26.dmp

2012-07-26 03:59 - 2012-07-26 03:59 - 00008490 ____A C:\Users\Admin\Desktop\Cm_Approval_method.txt

2012-07-26 02:13 - 2012-07-26 02:13 - 00858939 ____A C:\Users\Admin\Downloads\collaborator[1].log

2012-07-25 19:09 - 2012-07-25 19:09 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_26_8_39_55.dmp

2012-07-25 11:13 - 2012-07-25 11:13 - 00022081 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_26_0_43_11.dmp

2012-07-25 09:45 - 2009-07-13 21:08 - 00032644 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-07-25 05:15 - 2012-07-25 05:15 - 00021086 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_25_18_45_40.dmp

2012-07-24 19:08 - 2012-07-24 19:08 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_25_8_38_44.dmp

2012-07-24 09:25 - 2012-07-24 09:25 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_24_22_55_28.dmp

2012-07-24 08:09 - 2012-07-24 08:09 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_24_21_39_53.dmp

2012-07-24 07:24 - 2012-07-24 07:24 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_24_20_54_7.dmp

2012-07-24 04:28 - 2012-07-24 04:28 - 00021086 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_24_17_58_23.dmp

2012-07-24 04:24 - 2012-07-24 04:24 - 00000000 ____A C:\Users\Admin\Sti_Trace.log

2012-07-24 04:07 - 2012-06-21 22:19 - 00024576 ____A C:\Users\Admin\Desktop\Bill Submission Form.xls

2012-07-23 19:44 - 2012-07-23 19:44 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_24_9_14_47.dmp

2012-07-23 17:12 - 2012-07-23 17:12 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_24_6_42_19.dmp

2012-07-23 10:13 - 2012-07-23 10:13 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_23_23_43_22.dmp

2012-07-23 07:26 - 2012-07-23 07:26 - 00021086 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_23_20_56_26.dmp

2012-07-22 18:24 - 2012-07-22 18:24 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_23_7_54_35.dmp

2012-07-22 04:22 - 2012-07-22 04:22 - 00022129 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_22_17_52_46.dmp

2012-07-21 19:22 - 2012-07-21 19:22 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_22_8_52_49.dmp

2012-07-21 04:01 - 2012-07-21 04:01 - 00022081 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_21_17_31_45.dmp

2012-07-21 03:24 - 2012-07-21 03:24 - 00022081 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_21_16_54_2.dmp

2012-07-20 04:26 - 2012-07-20 04:26 - 00022490 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_20_17_56_50.dmp

2012-07-19 20:00 - 2012-07-19 20:00 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_20_9_30_23.dmp

2012-07-19 17:25 - 2012-07-19 17:25 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_20_6_55_29.dmp

2012-07-19 10:58 - 2012-07-19 10:58 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_20_0_28_36.dmp

2012-07-19 07:57 - 2012-07-19 07:57 - 00022129 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_19_21_27_16.dmp

2012-07-19 03:54 - 2012-07-19 03:54 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_19_17_24_1.dmp

2012-07-18 19:46 - 2012-07-18 19:46 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_19_9_16_49.dmp

2012-07-18 08:20 - 2012-07-18 08:20 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_18_21_50_40.dmp

2012-07-18 03:37 - 2012-07-18 03:37 - 00021276 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_18_17_7_55.dmp

2012-07-17 02:54 - 2012-07-17 02:54 - 00021320 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_17_16_24_9.dmp

2012-07-16 17:25 - 2012-07-16 17:25 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_17_6_55_47.dmp

2012-07-16 06:14 - 2012-07-16 06:14 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_16_19_44_48.dmp

2012-07-16 03:21 - 2012-07-16 03:21 - 00022582 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_16_16_51_44.dmp

2012-07-15 23:01 - 2012-07-15 22:55 - 01195181 ____A C:\Users\Admin\Documents\t_src_item_tmpl.dat

2012-07-15 21:58 - 2012-07-15 21:58 - 04518720 ____A (FileZilla Project) C:\Users\Admin\Downloads\FileZilla_3.5.3_win32-setup.exe

2012-07-15 19:22 - 2012-07-15 19:22 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_16_8_52_9.dmp

2012-07-15 05:42 - 2012-07-15 05:42 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_15_19_12_8.dmp

2012-07-14 22:05 - 2012-07-14 22:05 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_15_11_35_33.dmp

2012-07-14 06:24 - 2012-07-14 06:24 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_14_19_54_21.dmp

2012-07-14 05:01 - 2012-07-14 05:01 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_14_18_31_6.dmp

2012-07-14 04:36 - 2012-07-14 04:36 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_14_18_6_12.dmp

2012-07-13 21:24 - 2012-07-13 21:24 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_14_10_54_32.dmp

2012-07-13 20:16 - 2012-07-13 20:16 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_14_9_46_10.dmp

2012-07-13 19:51 - 2012-07-13 19:51 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_14_9_21_24.dmp

2012-07-13 04:53 - 2012-07-13 04:53 - 00021276 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_13_18_23_43.dmp

2012-07-12 15:51 - 2012-07-12 15:51 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_13_5_21_32.dmp

2012-07-12 03:04 - 2012-07-12 03:04 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_12_16_34_30.dmp

2012-07-11 20:52 - 2009-07-13 20:45 - 00363328 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-11 19:31 - 2012-07-11 19:31 - 00022173 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_12_9_1_12.dmp

2012-07-11 18:33 - 2012-05-12 21:13 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-11 09:40 - 2012-07-11 09:40 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_11_23_10_20.dmp

2012-07-11 05:49 - 2012-07-11 05:49 - 00021178 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_11_19_19_31.dmp

2012-07-10 19:24 - 2012-07-10 19:24 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_11_8_54_21.dmp

2012-07-10 07:39 - 2012-07-10 07:39 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_10_21_9_41.dmp

2012-07-10 03:10 - 2012-07-10 03:10 - 00021276 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_10_16_40_54.dmp

2012-07-09 19:39 - 2012-07-09 19:39 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_10_9_9_5.dmp

2012-07-09 10:26 - 2012-07-09 10:26 - 00022173 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_9_23_56_32.dmp

2012-07-09 03:35 - 2012-07-09 03:35 - 00022173 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_9_17_5_24.dmp

2012-07-08 19:22 - 2012-07-08 19:22 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_9_8_52_43.dmp

2012-07-08 06:19 - 2012-07-08 06:19 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_8_19_49_25.dmp

2012-07-07 21:48 - 2012-07-07 21:48 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_8_11_18_18.dmp

2012-07-07 17:39 - 2012-07-07 17:39 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_8_7_9_24.dmp

2012-07-07 09:47 - 2012-07-07 09:47 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_7_23_17_32.dmp

2012-07-07 05:27 - 2012-07-07 05:27 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_7_18_57_32.dmp

2012-07-06 15:24 - 2012-07-06 15:24 - 00022173 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_7_4_54_4.dmp

2012-07-06 11:04 - 2012-07-06 11:04 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_7_0_34_19.dmp

2012-07-06 06:27 - 2012-07-06 06:27 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_6_19_57_22.dmp

2012-07-05 20:35 - 2012-07-05 20:35 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_6_10_5_53.dmp

2012-07-05 10:57 - 2012-07-05 10:57 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_6_0_27_58.dmp

2012-07-05 01:20 - 2012-07-05 01:20 - 00022173 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_5_14_50_29.dmp

2012-07-05 01:11 - 2012-07-05 01:11 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_5_14_41_49.dmp

2012-07-04 23:14 - 2012-07-04 23:14 - 00022173 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_5_12_44_30.dmp

2012-07-04 20:36 - 2012-07-04 20:36 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_5_10_6_45.dmp

2012-07-04 19:35 - 2012-07-04 19:35 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_5_9_5_56.dmp

2012-07-04 09:12 - 2012-07-04 09:12 - 00022173 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_4_22_42_40.dmp

2012-07-04 06:33 - 2012-07-04 06:33 - 00022173 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_4_20_3_29.dmp

2012-07-03 21:51 - 2012-07-03 21:49 - 02752533 ____A C:\Users\Admin\Downloads\Municipal tax.zip

2012-07-03 09:46 - 2012-08-12 05:25 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-03 08:39 - 2012-07-03 08:39 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_3_22_9_12.dmp

2012-07-03 06:37 - 2012-07-03 06:37 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_3_20_7_37.dmp

2012-07-03 04:30 - 2012-07-03 04:30 - 00022173 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_3_18_0_38.dmp

2012-07-02 17:59 - 2012-07-02 17:59 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_3_7_29_8.dmp

2012-07-02 09:46 - 2012-07-02 09:46 - 00022173 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_2_23_16_35.dmp

2012-07-02 05:08 - 2012-07-02 05:08 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_2_18_38_15.dmp

2012-07-02 04:25 - 2012-07-02 04:25 - 00021276 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_2_17_55_2.dmp

2012-07-01 18:43 - 2012-07-01 18:43 - 00022173 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_2_8_13_55.dmp

2012-07-01 18:35 - 2012-07-01 17:02 - 54861536 ____A C:\Users\Admin\Downloads\Shekhar Ultradent User Training-20120209 1509-1 (1).arf

2012-07-01 16:55 - 2012-07-01 16:42 - 02809863 ____A C:\Users\Admin\Downloads\Shekhar Ultradent User Training-20120209 1509-1.arf

2012-06-30 22:26 - 2012-06-30 22:26 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_7_1_11_56_1.dmp

2012-06-30 04:22 - 2012-06-30 04:22 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_30_17_52_25.dmp

2012-06-29 19:49 - 2012-06-29 19:49 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_30_9_19_15.dmp

2012-06-29 03:20 - 2012-06-29 03:20 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_29_16_50_10.dmp

2012-06-29 03:13 - 2012-06-29 03:13 - 00021418 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_29_16_43_48.dmp

2012-06-29 03:13 - 2012-06-29 03:13 - 00001166 ____A C:\Users\Public\Desktop\Canon MF Toolbox 4.9.lnk

2012-06-29 02:49 - 2012-06-29 02:49 - 17600050 ____A ( ) C:\Users\Admin\Downloads\ClassicPDFSetup.exe

2012-06-28 22:26 - 2012-06-28 22:26 - 00002627 ____A C:\Users\Public\Desktop\AT&T Global Network Client.lnk

2012-06-28 22:25 - 2012-06-28 22:21 - 54698032 ____A (AT&T) C:\Users\Admin\Downloads\agnc_vpn.exe

2012-06-28 21:35 - 2012-06-28 21:34 - 31476912 ____A (Citrix Systems, Inc.) C:\Users\Admin\Downloads\CitrixReceiver.exe

2012-06-28 16:11 - 2012-06-28 16:11 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_29_5_41_37.dmp

2012-06-28 09:25 - 2012-06-28 09:25 - 00022173 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_28_22_55_1.dmp

2012-06-28 05:45 - 2012-06-28 05:45 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_28_19_15_13.dmp

2012-06-28 03:29 - 2012-06-28 03:29 - 00022173 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_28_16_59_20.dmp

2012-06-27 19:37 - 2012-06-27 19:37 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_28_9_7_27.dmp

2012-06-27 10:17 - 2012-06-27 10:17 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_27_23_47_47.dmp

2012-06-27 08:17 - 2012-06-27 08:17 - 00022173 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_27_21_47_13.dmp

2012-06-27 03:32 - 2012-06-27 03:32 - 00021276 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_27_17_2_35.dmp

2012-06-26 22:38 - 2012-06-26 22:38 - 00008128 ____A C:\Users\Admin\Desktop\PassportApplicationForm_Main_English_V1.0_data.xml

2012-06-26 18:45 - 2012-06-26 18:45 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_27_8_15_30.dmp

2012-06-26 07:04 - 2012-06-26 07:04 - 00021178 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_26_20_34_10.dmp

2012-06-26 03:04 - 2012-06-26 03:04 - 00022173 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_26_16_34_45.dmp

2012-06-25 21:43 - 2012-06-25 21:43 - 02060288 ____A C:\Users\Admin\Downloads\gtm_6_2_Product_Introduction_ppt (1).exe

2012-06-25 18:19 - 2012-06-25 18:19 - 00022221 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_26_7_49_8.dmp

2012-06-25 09:30 - 2012-06-25 09:30 - 00022035 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_25_23_0_48.dmp

2012-06-25 04:28 - 2012-06-25 04:28 - 00022083 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_25_17_58_51.dmp

2012-06-25 02:30 - 2012-06-25 02:30 - 00022035 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_25_16_0_28.dmp

2012-06-24 19:12 - 2012-06-24 19:11 - 00022035 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_25_8_41_57.dmp

2012-06-24 04:09 - 2012-06-24 04:09 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_24_17_39_53.dmp

2012-06-24 03:05 - 2012-06-24 03:04 - 00022083 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_24_16_34_57.dmp

2012-06-24 02:20 - 2012-06-24 02:20 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_24_15_50_51.dmp

2012-06-23 23:55 - 2012-06-23 23:55 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_24_13_25_22.dmp

2012-06-23 22:55 - 2012-06-23 22:55 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_24_12_25_53.dmp

2012-06-23 20:13 - 2012-06-23 20:08 - 07217706 ____A (Macromedia, Inc.) C:\Users\Admin\Downloads\ibsetupws.exe

2012-06-23 07:30 - 2012-06-23 07:30 - 00022083 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_23_21_0_34.dmp

2012-06-23 05:41 - 2012-06-23 05:41 - 00022083 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_23_19_11_9.dmp

2012-06-22 20:31 - 2012-06-22 20:31 - 00022444 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_23_10_1_26.dmp

2012-06-22 04:24 - 2012-06-22 04:24 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_22_17_54_22.dmp

2012-06-22 02:29 - 2012-06-22 02:29 - 00022035 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_22_15_59_56.dmp

2012-06-22 02:01 - 2012-06-22 02:01 - 00000020 ____A C:\Users\Admin\Documents\gpfax.adr

2012-06-22 02:01 - 2012-06-22 02:01 - 00000008 ____A C:\Users\Admin\Documents\gpfax.idx

2012-06-22 01:48 - 2012-06-22 01:48 - 00266288 ____A C:\Windows\Minidump\062212-21808-01.dmp

2012-06-21 23:38 - 2012-06-21 23:37 - 11875442 ____A (Macromedia, Inc.) C:\Users\Admin\Downloads\gtm_awareness.exe

2012-06-21 20:29 - 2012-06-21 20:29 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_22_9_59_37.dmp

2012-06-21 11:03 - 2012-06-21 11:03 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_22_0_33_51.dmp

2012-06-21 05:33 - 2012-06-21 05:33 - 00021040 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_21_19_3_45.dmp

2012-06-20 17:07 - 2012-06-20 17:07 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_21_6_37_57.dmp

2012-06-20 08:41 - 2012-06-20 08:41 - 00022035 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_20_22_11_6.dmp

2012-06-20 03:46 - 2012-06-20 03:46 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_20_17_16_1.dmp

2012-06-20 00:40 - 2012-06-20 00:40 - 00463080 ____A (CNET Download.com) C:\Users\Admin\Downloads\cnet2_ClassicPDFSetup_exe.exe

2012-06-19 18:29 - 2012-06-19 18:29 - 00022240 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_20_7_59_22.dmp

2012-06-19 07:19 - 2012-06-19 07:19 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_19_20_49_59.dmp

2012-06-19 04:24 - 2012-06-19 04:24 - 00022083 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_19_17_54_18.dmp

2012-06-19 02:58 - 2012-06-19 02:58 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_19_16_28_27.dmp

2012-06-19 01:49 - 2012-06-19 01:48 - 30705376 ____A C:\Users\Admin\Downloads\LiveProjectInstaller_kadonkcom.exe

2012-06-18 21:57 - 2012-05-21 05:50 - 00002676 ____A C:\Users\Admin\Desktop\Document checklist.txt

2012-06-18 19:01 - 2012-06-18 19:01 - 00022083 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_19_8_31_35.dmp

2012-06-18 08:38 - 2012-06-18 08:38 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_18_22_8_15.dmp

2012-06-18 03:56 - 2012-06-18 03:56 - 00022035 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_18_17_26_15.dmp

2012-06-18 00:28 - 2012-06-18 00:28 - 00710425 ____A C:\Users\Admin\Desktop\PassportApplicationForm_Main_English_V1.0.zip

2012-06-18 00:28 - 2012-06-18 00:28 - 00546709 ____A C:\Users\Admin\Downloads\PassportApplicationForm_PCC_English_V1.0.zip

2012-06-18 00:28 - 2012-06-18 00:28 - 00546709 ____A C:\Users\Admin\Downloads\PassportApplicationForm_PCC_English_V1.0 (1).zip

2012-06-18 00:28 - 2012-06-18 00:28 - 00546709 ____A C:\Users\Admin\Desktop\PassportApplicationForm_PCC_English_V1.0.zip

2012-06-17 23:02 - 2012-06-17 23:02 - 00023960 ____A C:\{6E42CBB6-5B20-4E20-953A-B25E7A02AA33}

2012-06-17 22:59 - 2012-06-17 22:59 - 00002464 ____A C:\{71F71042-64DA-4B48-9520-46035A3366DE}

2012-06-17 10:33 - 2012-06-17 10:33 - 00022083 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_18_0_3_26.dmp

2012-06-17 04:41 - 2012-06-17 04:41 - 00022083 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_17_18_11_51.dmp

2012-06-17 02:15 - 2012-06-17 02:15 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_17_15_45_5.dmp

2012-06-16 20:02 - 2012-06-16 20:02 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_17_9_32_15.dmp

2012-06-16 10:51 - 2012-06-16 10:51 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_17_0_21_31.dmp

2012-06-16 09:44 - 2012-06-02 22:29 - 727592224 ____A C:\Users\Admin\Downloads\Rowdy Rathore 2012 DvdScr 1CD [icTv] ~ DaX {www.desibbrg.com}.avi

2012-06-16 07:59 - 2012-06-10 17:32 - 696888522 ____A C:\Users\Admin\Downloads\Vicky Donor (2012) DVDScr - Xvid- MP3- Team IcTv Exclusive (1).avi

2012-06-16 00:16 - 2012-06-16 00:16 - 00022083 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_16_13_46_55.dmp

2012-06-15 22:00 - 2012-06-15 22:00 - 00022035 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_16_11_30_4.dmp

2012-06-15 08:51 - 2012-06-15 08:51 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_15_22_21_42.dmp

2012-06-15 03:08 - 2012-06-15 03:08 - 00023448 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_15_16_38_15.dmp

2012-06-14 10:30 - 2012-06-14 10:30 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_15_0_0_45.dmp

2012-06-14 09:24 - 2012-06-14 08:08 - 00506368 ____A C:\Users\Admin\Desktop\Inspirage - Powerpoint template - July 25 2011.ppt

2012-06-14 07:14 - 2012-06-14 07:14 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_14_20_44_36.dmp

2012-06-14 04:10 - 2012-06-14 04:10 - 00021138 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_14_17_40_52.dmp

2012-06-13 09:05 - 2012-06-13 09:05 - 00022173 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_13_22_35_43.dmp

2012-06-13 04:17 - 2012-06-13 04:17 - 00022490 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_13_17_47_39.dmp

2012-06-12 20:02 - 2012-06-12 20:02 - 00022129 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_13_9_32_20.dmp

2012-06-12 18:31 - 2012-06-12 18:31 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_13_8_1_16.dmp

2012-06-12 10:39 - 2012-06-12 10:38 - 00022081 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_13_0_8_57.dmp

2012-06-12 03:50 - 2012-06-12 03:50 - 00022081 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_12_17_20_22.dmp

2012-06-11 20:25 - 2012-06-11 20:25 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_12_9_55_11.dmp

2012-06-11 19:08 - 2012-07-11 18:36 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-11 18:09 - 2012-06-11 18:09 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_12_7_39_7.dmp

2012-06-11 07:30 - 2012-06-11 07:30 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_11_21_0_15.dmp

2012-06-10 20:02 - 2012-06-10 20:02 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_11_9_32_52.dmp

2012-06-10 05:12 - 2012-06-10 05:12 - 00022081 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_10_18_42_32.dmp

2012-06-10 01:52 - 2012-06-10 01:52 - 00019994 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_10_15_22_31.dmp

2012-06-09 18:25 - 2012-06-09 18:25 - 00022129 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_10_7_55_19.dmp

2012-06-09 11:24 - 2012-06-09 11:24 - 00021086 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_10_0_54_16.dmp

2012-06-09 08:14 - 2012-06-09 08:14 - 00022129 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_9_21_44_20.dmp

2012-06-08 21:43 - 2012-07-11 09:15 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 20:41 - 2012-07-11 09:15 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-08 05:46 - 2012-06-08 05:46 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_8_19_16_11.dmp

2012-06-08 03:58 - 2012-06-08 03:58 - 00022490 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_8_17_28_2.dmp

2012-06-07 19:35 - 2012-06-07 19:35 - 00022129 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_8_9_5_33.dmp

2012-06-07 03:45 - 2012-06-07 03:45 - 00022129 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_7_17_15_30.dmp

2012-06-06 18:31 - 2012-06-06 18:31 - 00021897 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_7_8_1_37.dmp

2012-06-06 06:51 - 2012-06-06 06:51 - 00021086 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_6_20_21_54.dmp

2012-06-05 23:54 - 2012-06-05 23:54 - 01237390 ____A C:\Users\Admin\Downloads\compat-libstdc++-rh62-1.i386.rpm

2012-06-05 22:06 - 2012-07-11 09:15 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-05 22:06 - 2012-07-11 09:15 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-05 22:02 - 2012-07-11 09:09 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-05 21:05 - 2012-07-11 09:15 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-05 21:05 - 2012-07-11 09:15 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-05 21:03 - 2012-07-11 09:09 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-06-05 07:38 - 2012-06-05 07:38 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_5_21_8_33.dmp

2012-06-05 03:55 - 2012-06-05 03:55 - 00022538 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_5_17_25_1.dmp

2012-06-04 18:25 - 2012-06-04 18:25 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_5_7_55_35.dmp

2012-06-04 11:22 - 2012-06-04 11:22 - 00022582 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_5_0_52_28.dmp

2012-06-04 06:57 - 2012-06-04 06:57 - 00455680 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deploytk.dll

2012-06-04 05:38 - 2012-06-04 05:38 - 00022081 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_4_19_8_40.dmp

2012-06-04 02:32 - 2012-06-04 02:32 - 00218129 ____A C:\Users\Admin\Downloads\h2testw_1.4.zip

2012-06-03 07:05 - 2012-06-03 07:05 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_3_20_35_2.dmp

2012-06-02 23:38 - 2012-06-02 23:38 - 00022081 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_3_13_8_20.dmp

2012-06-02 14:19 - 2012-06-25 17:46 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-25 17:46 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-25 17:46 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-25 17:46 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-25 17:46 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:15 - 2012-06-25 17:46 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:15 - 2012-06-25 17:46 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 07:04 - 2012-06-02 07:04 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_2_20_34_16.dmp

2012-06-02 04:49 - 2012-07-11 18:32 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-02 04:17 - 2012-07-11 18:32 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-02 04:12 - 2012-07-11 18:32 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-02 04:05 - 2012-07-11 18:32 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-02 04:05 - 2012-07-11 18:32 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-02 04:04 - 2012-07-11 18:32 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-02 04:04 - 2012-07-11 18:32 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-02 04:03 - 2012-07-11 18:32 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-02 04:01 - 2012-07-11 18:32 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-02 04:00 - 2012-07-11 18:32 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-02 03:59 - 2012-07-11 18:32 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-02 03:57 - 2012-07-11 18:32 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-02 03:57 - 2012-07-11 18:32 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-02 03:54 - 2012-07-11 18:32 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-02 01:49 - 2012-06-25 17:46 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 01:45 - 2012-06-25 17:46 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 01:07 - 2012-07-11 18:32 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-02 00:43 - 2012-07-11 18:32 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-02 00:33 - 2012-07-11 18:32 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-02 00:26 - 2012-07-11 18:32 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-02 00:25 - 2012-07-11 18:32 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-02 00:25 - 2012-07-11 18:32 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-02 00:23 - 2012-07-11 18:32 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-02 00:21 - 2012-07-11 18:32 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-02 00:20 - 2012-07-11 18:32 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-02 00:19 - 2012-07-11 18:32 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-02 00:19 - 2012-07-11 18:32 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-02 00:17 - 2012-07-11 18:32 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-02 00:16 - 2012-07-11 18:32 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-02 00:14 - 2012-07-11 18:32 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-01 21:50 - 2012-07-11 09:15 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-01 21:48 - 2012-07-11 09:15 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-01 21:48 - 2012-07-11 09:15 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-01 21:45 - 2012-07-11 09:15 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 21:44 - 2012-07-11 09:15 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 20:40 - 2012-07-11 09:15 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 20:40 - 2012-07-11 09:15 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 20:39 - 2012-07-11 09:15 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-01 20:34 - 2012-07-11 09:15 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-06-01 09:08 - 2012-06-01 09:08 - 00022081 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_1_22_38_46.dmp

2012-06-01 04:06 - 2012-06-01 04:06 - 00021086 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_1_17_36_44.dmp

2012-06-01 03:44 - 2012-06-01 03:42 - 02900480 ____A C:\Users\Admin\Downloads\102808_62341_ppt.exe

2012-06-01 03:44 - 2012-06-01 03:38 - 12433498 ____A (Macromedia, Inc.) C:\Users\Admin\Downloads\otm_gtm_tech_architecture.exe

2012-06-01 01:38 - 2009-07-13 18:34 - 00000824 ____A C:\Windows\System32\Drivers\etc\hostsOrig

2012-05-31 22:23 - 2012-05-31 22:23 - 02895009 ____A C:\Users\Admin\Downloads\E14525_01.zip

2012-05-31 22:16 - 2012-05-31 22:16 - 08674124 ____A C:\Users\Admin\Downloads\E20111_01.zip

2012-05-31 18:23 - 2012-05-31 18:23 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_6_1_7_53_55.dmp

2012-05-31 09:52 - 2012-05-31 09:52 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_31_23_22_36.dmp

2012-05-31 04:12 - 2012-05-31 04:12 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_31_17_42_0.dmp

2012-05-24 09:37 - 2012-05-24 09:37 - 00022129 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_24_23_7_5.dmp

2012-05-24 05:14 - 2012-05-24 05:14 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_24_18_44_56.dmp

2012-05-24 01:31 - 2012-05-24 01:31 - 00022129 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_24_15_1_27.dmp

2012-05-23 20:40 - 2012-05-23 20:40 - 00021086 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_24_10_10_19.dmp

2012-05-23 05:22 - 2012-05-23 05:22 - 00021184 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_23_18_52_47.dmp

2012-05-22 21:41 - 2012-05-22 21:41 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_23_11_11_19.dmp

2012-05-22 21:12 - 2012-05-22 21:12 - 00001028 ____A C:\Users\Public\Desktop\PSWizard.lnk

2012-05-22 18:37 - 2012-05-22 18:37 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_23_8_7_25.dmp

2012-05-22 07:07 - 2012-05-22 07:07 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_22_20_37_49.dmp

2012-05-22 05:16 - 2012-05-22 05:16 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_22_18_46_49.dmp

2012-05-22 04:02 - 2012-05-22 04:02 - 00021184 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_22_17_32_15.dmp

2012-05-21 19:33 - 2012-05-21 19:33 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_22_9_3_56.dmp

2012-05-21 09:54 - 2012-05-21 09:54 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_21_23_24_42.dmp

2012-05-21 01:32 - 2012-05-21 01:14 - 00006541 ____A C:\Windows\SysWOW64\jupdate-1.6.0_07-b06.log

2012-05-21 01:19 - 2012-05-21 01:19 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_21_14_49_20.dmp

2012-05-21 01:13 - 2012-05-21 01:02 - 15984024 ____A C:\Users\Admin\Downloads\oaj2se.exe

2012-05-20 23:59 - 2012-05-20 22:18 - 00016504 ____A C:\Users\Admin\Downloads\p14076370_7313_WINNT64.zip

2012-05-20 21:43 - 2012-05-20 21:43 - 00001860 ____A C:\Users\Public\Desktop\Network Recording Player.lnk

2012-05-20 21:07 - 2012-05-20 21:07 - 00014097 ____A C:\Users\Admin\Downloads\Inspirage_resource_actuals_and_remaining_hours_CRAIG.xlsx

2012-05-20 18:59 - 2012-05-20 18:59 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_21_8_29_30.dmp

2012-05-20 08:14 - 2012-05-20 08:14 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_20_21_44_13.dmp

2012-05-19 21:31 - 2012-05-19 21:31 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_20_11_1_28.dmp

2012-05-19 04:59 - 2012-05-19 04:59 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_19_18_29_9.dmp

2012-05-18 20:58 - 2012-05-18 20:58 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_19_10_28_56.dmp

2012-05-18 18:25 - 2012-05-18 18:25 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_19_7_55_54.dmp

2012-05-18 10:23 - 2012-05-18 10:23 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_18_23_53_19.dmp

2012-05-18 09:57 - 2012-05-02 02:41 - 00002388 ____A C:\Users\Public\Desktop\Norton AntiVirus.lnk

2012-05-18 07:05 - 2012-05-18 07:05 - 00021346 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_18_20_35_53.dmp

2012-05-18 03:10 - 2012-05-18 03:10 - 00892360 ____A (Oracle Corporation) C:\Users\Admin\Downloads\jxpiinstall.exe

2012-05-18 03:08 - 2012-05-18 03:09 - 00544032 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll

2012-05-18 03:08 - 2012-05-18 00:17 - 00525600 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll

2012-05-18 03:07 - 2012-05-18 03:06 - 17210144 ____A (Sun Microsystems, Inc.) C:\Users\Admin\Downloads\jre-6u32-windows-x64.exe

2012-05-18 03:00 - 2012-05-18 03:00 - 00000000 ____A C:\Windows\SysWOW64\cd.dat

2012-05-18 00:53 - 2012-05-18 00:52 - 70541080 ____A C:\Users\Admin\Downloads\jdk-6u25-windows-x64.exe

2012-05-18 00:15 - 2012-05-18 00:14 - 72938776 ____A C:\Users\Admin\Downloads\jdk-6u31-windows-x64.exe

2012-05-17 22:50 - 2012-05-17 22:48 - 00010686 ____A C:\Windows\SysWOW64\jupdate-1.5.0_22-b03.log

2012-05-17 19:07 - 2012-05-17 19:07 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_18_8_37_40.dmp

2012-05-17 08:12 - 2012-05-17 08:12 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_17_21_42_4.dmp

2012-05-17 05:20 - 2012-05-17 05:20 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_17_18_50_31.dmp

2012-05-17 03:47 - 2012-05-17 03:47 - 00022081 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_17_17_17_35.dmp

2012-05-16 19:38 - 2012-05-16 19:38 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_17_9_8_22.dmp

2012-05-16 18:44 - 2012-05-16 18:44 - 00093272 ____A (Citrix Systems, Inc.) C:\Windows\System32\Drivers\ctxusbm.sys

2012-05-16 06:35 - 2012-05-16 06:35 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_16_20_5_40.dmp

2012-05-16 05:55 - 2012-05-16 05:55 - 00262144 ____A C:\Windows\Minidump\051612-26036-01.dmp

2012-05-16 04:21 - 2012-05-16 04:21 - 00022129 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_16_17_51_16.dmp

2012-05-15 19:43 - 2012-05-15 19:43 - 00000000 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_16_9_13_32.dmp

2012-05-15 11:35 - 2012-05-15 11:35 - 00019994 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_16_1_5_1.dmp

2012-05-15 07:04 - 2012-05-15 07:04 - 00022081 ____A C:\Windows\SysWOW64\nmesrvc_core_2012_5_15_20_34_15.dmp

2012-05-15 00:17 - 2012-05-15 00:17 - 00259783 ____A C:\Users\Admin\Downloads\Cummins_CES_CF Key solutions.pptx

ZeroAccess:

C:\Windows\Installer\{ae963f8e-ac3e-59ff-8e3e-cf2ef11cd12e}

C:\Windows\Installer\{ae963f8e-ac3e-59ff-8e3e-cf2ef11cd12e}\@

C:\Windows\Installer\{ae963f8e-ac3e-59ff-8e3e-cf2ef11cd12e}\L

C:\Windows\Installer\{ae963f8e-ac3e-59ff-8e3e-cf2ef11cd12e}\U

ZeroAccess:

C:\Users\Admin\AppData\Local\{ae963f8e-ac3e-59ff-8e3e-cf2ef11cd12e}

C:\Users\Admin\AppData\Local\{ae963f8e-ac3e-59ff-8e3e-cf2ef11cd12e}\@

C:\Users\Admin\AppData\Local\{ae963f8e-ac3e-59ff-8e3e-cf2ef11cd12e}\L

C:\Users\Admin\AppData\Local\{ae963f8e-ac3e-59ff-8e3e-cf2ef11cd12e}\U

C:\Users\Admin\AppData\Local\{ae963f8e-ac3e-59ff-8e3e-cf2ef11cd12e}\U\00000008.@

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%

Total physical RAM: 4039.86 MB

Available physical RAM: 3435.38 MB

Total Pagefile: 4038.06 MB

Available Pagefile: 3426.42 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:97.56 GB) (Free:53.9 GB) NTFS

2 Drive e: () (Fixed) (Total:146.48 GB) (Free:96.43 GB) NTFS

3 Drive f: () (Fixed) (Total:221.62 GB) (Free:140.42 GB) NTFS

5 Drive h: (Transcend) (Removable) (Total:7.59 GB) (Free:6.53 GB) FAT32

6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

7 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 0 B

Disk 1 Online 7788 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 97 GB 101 MB

Partition 3 Primary 146 GB 97 GB

Partition 4 Primary 221 GB 244 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 97 GB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E NTFS Partition 146 GB Healthy

==================================================================================

Disk: 0

Partition 4

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 F NTFS Partition 221 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 7787 MB 944 KB

==================================================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 H Transcend FAT32 Removable 7787 MB Healthy

==================================================================================

Last Boot: 2012-08-07 08:24

======================= End Of Log ==========================

SEARCH.TXT

Farbar Recovery Scan Tool Version: 09-08-2012

Ran by SYSTEM at 2012-08-12 18:39:23

Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

Link to post
Share on other sites

OK, here you go......Please carefully carry out this procedure!!!!!!

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012

Ran by SYSTEM at 2012-08-12 19:34:44 Run:1

Running from H:\

==============================================

C:\Windows\Installer\{ae963f8e-ac3e-59ff-8e3e-cf2ef11cd12e} moved successfully.

C:\Users\Admin\AppData\Local\{ae963f8e-ac3e-59ff-8e3e-cf2ef11cd12e} moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

Well Done, lets run ComboFix to clear up any leftovers.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 12-08-10.02 - Admin 08/12/2012 19:55:02.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4040.2239 [GMT -4:00]

Running from: c:\users\Admin\Desktop\ComboFix.exe

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Roaming

.

.

((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))

.

.

2012-08-13 02:37 . 2012-08-13 02:37 -------- d-----w- C:\FRST

2012-08-13 00:00 . 2012-08-13 00:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-12 15:06 . 2012-08-12 15:06 -------- d-----w- c:\windows\Sun

2012-08-12 13:25 . 2012-08-12 13:25 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes

2012-08-12 13:25 . 2012-08-12 13:25 -------- d-----w- c:\programdata\Malwarebytes

2012-08-12 13:25 . 2012-08-12 13:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-12 13:25 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-09 13:14 . 2012-08-09 13:17 -------- d-----w- c:\users\Admin\AppData\Local\NPE

2012-08-09 08:31 . 2012-08-12 02:30 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys

2012-08-02 06:12 . 2012-08-02 06:12 -------- d-----w- c:\users\Admin\AppData\Local\ElevatedDiagnostics

2012-07-26 13:08 . 2012-07-30 13:06 -------- d-----w- c:\users\Admin\Tracing

2012-07-24 12:24 . 2012-07-24 12:24 -------- d-----w- c:\users\Admin\AppData\Roaming\Canon

2012-07-16 05:59 . 2012-07-16 07:03 -------- d-----w- c:\users\Admin\AppData\Roaming\FileZilla

2012-07-16 05:59 . 2012-07-16 05:59 -------- d-----w- c:\program files (x86)\FileZilla FTP Client

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-06 21:46 . 2012-05-18 04:59 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-08-03 00:48 . 2012-05-07 07:15 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-03 00:48 . 2012-05-07 07:15 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-12 02:33 . 2012-05-13 05:13 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-06-12 03:08 . 2012-07-12 02:36 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-06-09 05:43 . 2012-07-11 17:15 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 06:06 . 2012-07-11 17:15 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-11 17:15 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-11 17:09 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-11 17:15 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-11 17:15 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-11 17:09 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-04 14:57 . 2012-06-04 14:57 455680 ----a-w- c:\windows\system32\deploytk.dll

2012-06-02 22:19 . 2012-06-26 01:46 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-26 01:46 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-26 01:46 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-26 01:46 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-26 01:46 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-26 01:46 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-26 01:46 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 12:49 . 2012-07-12 02:32 17807360 ----a-w- c:\windows\system32\mshtml.dll

2012-06-02 12:17 . 2012-07-12 02:32 10924032 ----a-w- c:\windows\system32\ieframe.dll

2012-06-02 12:12 . 2012-07-12 02:32 2311680 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 12:05 . 2012-07-12 02:32 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-06-02 12:05 . 2012-07-12 02:32 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 12:04 . 2012-07-12 02:32 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 12:04 . 2012-07-12 02:32 237056 ----a-w- c:\windows\system32\url.dll

2012-06-02 12:03 . 2012-07-12 02:32 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-06-02 12:01 . 2012-07-12 02:32 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 12:00 . 2012-07-12 02:32 818688 ----a-w- c:\windows\system32\jscript.dll

2012-06-02 11:59 . 2012-07-12 02:32 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-06-02 11:57 . 2012-07-12 02:32 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-06-02 11:57 . 2012-07-12 02:32 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 11:54 . 2012-07-12 02:32 248320 ----a-w- c:\windows\system32\ieui.dll

2012-06-02 09:49 . 2012-06-26 01:46 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 09:45 . 2012-06-26 01:46 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 08:33 . 2012-07-12 02:32 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-02 08:25 . 2012-07-12 02:32 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-06-02 08:25 . 2012-07-12 02:32 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-06-02 08:20 . 2012-07-12 02:32 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-06-02 08:16 . 2012-07-12 02:32 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-06-02 05:50 . 2012-07-11 17:15 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-11 17:15 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:48 . 2012-07-11 17:15 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:45 . 2012-07-11 17:15 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-11 17:15 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-11 17:15 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-11 17:15 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-11 17:15 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-11 17:15 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-05-18 11:08 . 2012-05-18 11:09 544032 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-05-18 11:08 . 2012-05-18 08:17 525600 ----a-w- c:\windows\system32\deployJava1.dll

2012-05-17 02:44 . 2012-05-17 02:44 93272 ----a-w- c:\windows\system32\drivers\ctxusbm.sys

1996-05-22 10:19 . 1996-05-22 10:19 25088 ----a-w- c:\program files (x86)\ZAPGRAB2.EXE

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]

"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-11-21 3289088]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-22 6591800]

"NetSP - restore settings on power failure"="c:\program files (x86)\AT&T Global Network Client\NetSP.exe" [2012-03-28 55136]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]

"332BigDog"="c:\program files (x86)\USB Camera2\VM332_STI.EXE" [2010-01-19 536576]

"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-05-23 371896]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-20 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AT&T Global Network Client Monitor.lnk - c:\windows\Installer\{37880B62-627C-4F6B-BB85-984BB7E26125}\NetGM1_89563E53ECF44E868145468A128BDC83.exe [2012-6-29 91504]

Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-12-14 1133856]

Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]

R3 OracleOraDb11g_home1ClrAgent;OracleOraDb11g_home1ClrAgent;d:\app\Admin\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe [2010-02-27 38400]

R3 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;d:\app\Admin\product\11.2.0\dbhome_1\BIN\TNSLSNR [x]

R3 OracleServiceORCL;OracleServiceORCL;d:\app\admin\product\11.2.0\dbhome_1\bin\ORACLE.EXE ORCL [x]

R3 OracleVssWriterORCL;Oracle ORCL VSS Writer Service;d:\app\admin\product\11.2.0\dbhome_1\bin\OraVSSW.exe ORCL [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-09-30 299520]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-03 1255736]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]

R4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;d:\app\admin\product\11.2.0\dbhome_1\Bin\extjob.exe ORCL [x]

S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2012-05-02 39008]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS [2011-07-26 451192]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120804.001\BHDrvx64.sys [2012-06-19 1161376]

S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys [2011-11-29 167048]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2012-05-17 93272]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120810.001\IDSvia64.sys [2012-06-14 509088]

S1 NEOFLTR_650_15977;Juniper Networks TDI Filter Driver (NEOFLTR_650_15977);c:\windows\system32\Drivers\NEOFLTR_650_15977.SYS [2010-06-04 100472]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS [2012-03-29 190072]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]

S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-02-18 13336]

S2 JuniperAccessService;Juniper Unified Network Service;c:\program files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2011-06-02 198520]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]

S2 NetClientSvc;AT&T Global Network Client Service;c:\program files (x86)\AT&T Global Network Client\NetClientSvc.exe [2012-03-28 370528]

S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2011-06-24 317296]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-05-18 641464]

S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2012-05-02 29792]

S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-15 349224]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-15 39464]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-10-21 76912]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]

S3 NetLogSvc;NetLogSvc;c:\program files (x86)\AT&T Global Network Client\NetLogSvc.exe [2012-03-28 82272]

S3 vm2uvcflt;Vimicro USB Camera Filter 2;c:\windows\system32\Drivers\vm2uvcflt.sys [2010-09-21 15056]

S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys [2010-12-10 234960]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 00:48]

.

2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-325862687-2821830248-2684448362-1000Core.job

- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10 16:01]

.

2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-325862687-2821830248-2684448362-1000UA.job

- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10 16:01]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418840]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]

"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-05-02 9753024]

"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-05-02 5908928]

"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = hxxp://in.yahoo.com/?fr=fp-spt_gen

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm

Trusted Zone: solutionbeacon.net

TCP: DhcpNameServer = 172.16.0.1

TCP: Interfaces\{38F75B14-47DE-47B4-AEBE-9D57EE0B3643}: NameServer = 155.132.2.31,155.132.9.10

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.ultradent.com/CACHE/stc/2/binaries/vpnweb.cab

FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ncfa4qkh.default\

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=

.

.

------- File Associations -------

.

vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*

vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*

jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-PDFVPrinter - c:\program files (x86)\Classic PDF Editor\PDFVPrinter.exe

BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]

"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\OracleOraDb11g_home1ClrAgent]

"ImagePath"="d:\app\Admin\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS=\"EXTPROC_DLLS=ONLY:d:\app\Admin\product\11.2.0\dbhome_1\bin\oraclr11.dll\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\OracleOraDb11g_home1TNSListener]

"ImagePath"="d:\app\Admin\product\11.2.0\dbhome_1\BIN\TNSLSNR "

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-08-12 20:02:36

ComboFix-quarantined-files.txt 2012-08-13 00:02

.

Pre-Run: 57,772,417,024 bytes free

Post-Run: 59,200,671,744 bytes free

.

- - End Of File - - B8879570C4647C4783B3B668C11C3F3C

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.12.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Admin :: ADMIN-PC [administrator]

Protection: Enabled

8/12/2012 8:23:35 PM

mbam-log-2012-08-12 (20-23-35).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 196215

Time elapsed: 2 minute(s), 20 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

We got rid of the ZA infection using FRST:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012

Ran by SYSTEM at 2012-08-12 19:34:44 Run:1

Running from H:\

==============================================

C:\Windows\Installer\{ae963f8e-ac3e-59ff-8e3e-cf2ef11cd12e} moved successfully.

C:\Users\Admin\AppData\Local\{ae963f8e-ac3e-59ff-8e3e-cf2ef11cd12e} moved successfully.

==== End of Fixlog ====

Most of the time services.exe is also infected but yours wasn't.

Cleaned up any other malware with ComboFix

Scanned with MB and it came up clean.

Done.

-------------------------------

If everything is OK..........

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

I did a Quick Scan with Norton Antivirus.

The Unresolved Security Risk section still shows services.exe (Trojan.ZeroAccess!inf4) detected by Auto-Protect with Status "Manual Removal Required".

The Date and time but reflects that of yesterday i.e. 11 august.

Does this mean there is still a trace left or Norton is not working or it has been quarantined?

Link to post
Share on other sites

Your copies of services.exe are the correct ones and not infected

We go by the MD5:

C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

https://www.virustot...5e7e2/analysis/

I don't know what Norton is seeing, you just can't quarantine that file > it has to be replaced with a good copy.

As far as I know, Norton can't do that.

MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.