DDS Will not complete, No task Manager, etc...

[WOLFH]

After that warning screen, I selected ok to close it out and GMER comes up but it does not look like the example you show... lots of the pick boxes are greyed out.

 

[vict0r]

Let's postpone any use of GMER and take a closer look at the MBR:


aswMBR

Please download aswMBR and save it to your Desktop.

• Double click aswMBR.exe to run it.
• When asked if you want to download Avast's virus definitions please select Yes. Continue even if the definition download fails.
• Click the Scan button.
• After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
• Click OK > Exit.
• Note: Do not attempt to fix anything at this stage!
• Two files will be created, aswMBR.txt & a file named MBR.dat.
• MBR.dat is a backup of the MBR(master boot record), do not delete it.
• Copy & Paste the contents of aswMBR.txt into your next reply.

Upload File for testing

Please go to Virustotal.

Click Choose file and upload the following file on your desktop:

MBR.dat

Click Scan it! to upload the file for testing.
Click Reanalyse if asked.
Please wait for all the scanners to finish then copy and paste the web address in your next response.
Example of web address:

MBRCheck

• 
  Please download MBRCheck.exe and save it to your desktop.
• Double click on MBRCheck.exe to run it.
• A window similar to this should open on your desktop:

• If you are prompted with options, enter N at the prompt and press Enter
• Press Enter again.
• A log will open on your Desktop ...... MBRCheck_mm.dd.yy_hh.mm.ss.txt (where mm.dd.yy_hh.mm.ss are the date and time the scan was run)
• Please post the contents of the log in your next reply.

OTL

Please download OTL by Old Timer and save it to your Desktop.

• Double click on OTL.exe to run it.
• Under Output, ensure that Standard Output is selected.
• Under Extra Registry section, select Use SafeList.
• Click the Scan All Users checkbox.
• Please save all work and close all open program windows.
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
• Please post the contents of these 2 Notepad files in your next replies. Please use a separate reply for each log.

Remember to post:

• aswMBR log.
• Link to the Virustotal scan.
• MBRCheck log.
• OTL logs.

How is the computer performing now?
Are you able to start Task Manager and download antivirus updates?
Does google still redirect?
Are the files on your desktop and c: drive visible?
Is the Start menu normal?

 

[WOLFH]

https://www.virustotal.com/file/597...733a00041a053f9d9fe97bcc/analysis/1327625918/

 

[WOLFH]

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-01-26 19:30:21
-----------------------------
19:30:21.103 OS Version: Windows 5.1.2600 Service Pack 3
19:30:21.113 Number of processors: 1 586 0xD06
19:30:21.113 ComputerName: MOBILE UserName: adnott
19:30:21.804 Initialize success
19:34:13.276 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:34:13.276 Disk 0 Vendor: HTS726060M9AT00 MH4OA6EA Size: 57231MB BusType: 3
19:34:13.296 Disk 0 MBR read successfully
19:34:13.296 Disk 0 MBR scan
19:34:13.296 Disk 0 unknown MBR code
19:34:13.306 Disk 0 MBR hidden
19:34:13.306 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 47 MB offset 63
19:34:13.316 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 53976 MB offset 96390
19:34:13.336 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3200 MB offset 110639655
19:34:13.357 Disk 0 Partition 4 80 (A) 17 Hidd HPFS/NTFS NTFS 7 MB offset 117194175
19:34:13.357 Disk 0 Partition 4 **SUSPICIOUS**
19:34:13.367 Disk 0 scanning sectors +117210224
19:34:13.527 Disk 0 scanning C:\WINDOWS\system32\drivers
19:34:22.560 Service scanning
19:34:24.222 Modules scanning
19:34:32.364 Disk 0 trace - called modules:
19:34:32.384 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a93afa9]<<
19:34:32.394 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa07ab8]
19:34:32.394 3 CLASSPNP.SYS[f76b7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aa0cb00]
19:34:32.394 \Driver\atapi[0x8aa0fc28] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8a93afa9
19:34:32.394 Scan finished successfully
19:53:48.857 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\adnott\Desktop\MBR.dat"
19:53:48.877 The log file has been saved successfully to "C:\Documents and Settings\adnott\Desktop\aswMBR.txt"

 

[WOLFH]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 196):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF798B000 cmdide.sys
0xF798D000 intelide.sys
0xF798F000 toside.sys
0xF7991000 viaide.sys
0xF7993000 aliide.sys
0xF74D9000 pcmcia.sys
0xF7607000 MountMgr.sys
0xF74BA000 ftdisk.sys
0xF7494000 dmio.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF78A3000 cpqarray.sys
0xF747C000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF7464000 atapi.sys
0xF78A7000 aha154x.sys
0xF7717000 sparrow.sys
0xF78AB000 symc810.sys
0xF7627000 aic78xx.sys
0xF78AF000 dac960nt.sys
0xF7637000 ql10wnt.sys
0xF78B3000 amsint.sys
0xF771F000 asc.sys
0xF78B7000 asc3550.sys
0xF7727000 mraid35x.sys
0xF772F000 i2omp.sys
0xF78BB000 ini910u.sys
0xF7647000 ql1240.sys
0xF7657000 aic78u2.sys
0xF7737000 symc8xx.sys
0xF773F000 sym_hi.sys
0xF7747000 sym_u3.sys
0xF774F000 ABP480N5.SYS
0xF7757000 asc3350p.sys
0xF7995000 cd20xrnt.sys
0xF7667000 ultra.sys
0xF786E000 adpu160m.sys
0xF775F000 dpti2o.sys
0xF7677000 ql1080.sys
0xF7687000 ql1280.sys
0xF7697000 ql12160.sys
0xF7767000 perc2.sys
0xF7997000 perc2hib.sys
0xF776F000 hpn.sys
0xF78BF000 cbidf2k.sys
0xF7842000 dac2w2k.sys
0xF76A7000 disk.sys
0xF76B7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7967000 fltmgr.sys
0xF7830000 sr.sys
0xF76C7000 PxHelp20.sys
0xF7952000 drvmcdb.sys
0xF7A38000 KSecDD.sys
0xF7A25000 WudfPf.sys
0xF7B52000 Ntfs.sys
0xF7B25000 NDIS.sys
0xF76D7000 sisagp.sys
0xF76E7000 viaagp.sys
0xF76F7000 ohci1394.sys
0xF7587000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA746000 Mup.sys
0xF7577000 agp440.sys
0xF7567000 alim1541.sys
0xF7557000 amdagp.sys
0xF7547000 agpCPQ.sys
0xBA6EA000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xF7414000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA6E6000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB98CE000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB98BA000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF77D7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9896000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77DF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7404000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xB9678000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xF7887000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB965F000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF77EF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA7F0000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF79C1000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xBA7E0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA7D0000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB963C000 \SystemRoot\system32\DRIVERS\ks.sys
0xF77F7000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xB95FB000 \SystemRoot\system32\drivers\stac97.sys
0xB95D7000 \SystemRoot\system32\drivers\portcls.sys
0xBA7C0000 \SystemRoot\system32\drivers\drmk.sys
0xB95A6000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xB94A7000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xB9401000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF77FF000 \SystemRoot\System32\Drivers\Modem.SYS
0xB93E5000 \SystemRoot\system32\DRIVERS\dne2000.sys
0xB93D3000 \SystemRoot\System32\Drivers\KUSBusByTCPMasterBus.sys
0xF7807000 \SystemRoot\System32\Drivers\TDI.SYS
0xF780F000 \SystemRoot\system32\drivers\tbhsd.sys
0xF7AAE000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA7B0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA6B5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB93BC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA7A0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA790000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB93AB000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA780000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7817000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF781F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA695000 \SystemRoot\System32\Drivers\Pcouffin.sys
0xB932B000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA760000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79C5000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB92A5000 \SystemRoot\system32\DRIVERS\update.sys
0xBA69D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA68D000 \SystemRoot\system32\DRIVERS\omci.sys
0xBA685000 \SystemRoot\system32\DRIVERS\NkVBus.sys
0xF7527000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA5F3000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79CB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA712000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xB8256000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xF79ED000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A9F000 \SystemRoot\System32\Drivers\Null.SYS
0xF79EF000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA655000 \SystemRoot\system32\drivers\ssrtln.sys
0xBA64D000 \SystemRoot\System32\drivers\vga.sys
0xF79F1000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79F3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF778F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7797000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA6E2000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB8223000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB8208000 \??\C:\WINDOWS\system32\Drivers\RCFOX.sys
0xB81AF000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB8187000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB814F000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xBA6DE000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB8105000 \SystemRoot\System32\drivers\afd.sys
0xBA5D3000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB80DA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB806A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA5B3000 \SystemRoot\System32\Drivers\Fips.SYS
0xB8044000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA5A3000 \SystemRoot\system32\drivers\ip6fw.sys
0xB8299000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xBA091000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA071000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB8004000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB9D42000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA6FE000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77BF000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7A98000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF3A4000 \SystemRoot\System32\ATMFD.DLL
0xBA061000 \SystemRoot\system32\drivers\drvnddm.sys
0xB9DC4000 \SystemRoot\system32\dla\tfsndres.sys
0xB5A26000 \SystemRoot\system32\dla\tfsnifs.sys
0xB633D000 \SystemRoot\system32\dla\tfsnopio.sys
0xF79A7000 \SystemRoot\system32\dla\tfsnpool.sys
0xF77CF000 \SystemRoot\system32\dla\tfsnboio.sys
0xBA041000 \SystemRoot\system32\dla\tfsncofs.sys
0xB9DC5000 \SystemRoot\system32\dla\tfsndrct.sys
0xB5A0D000 \SystemRoot\system32\dla\tfsnudf.sys
0xB59F4000 \SystemRoot\system32\dla\tfsnudfa.sys
0xB5AF4000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xB584E000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xB5AE4000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0xB5964000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB5954000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xB4EED000 \SystemRoot\system32\DRIVERS\nwrdr.sys
0xB4EC0000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB9D3A000 \??\C:\Program Files\321Studios\Shared\CDRPDACC.SYS
0xB9D38000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xB4D14000 \SystemRoot\system32\DRIVERS\srv.sys
0xB4DC8000 \SystemRoot\System32\Drivers\MCSTRM.SYS
0xB4C44000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB4F65000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xB4B1F000 \SystemRoot\system32\drivers\wdmaud.sys
0xB4E38000 \SystemRoot\system32\drivers\sysaudio.sys
0xB3B87000 \SystemRoot\System32\Drivers\HTTP.sys
0xB1912000 \??\C:\DOCUME~1\adnott\LOCALS~1\Temp\pwtdypod.sys
0xB9D40000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
0xB22BA000 \??\C:\DOCUME~1\adnott\LOCALS~1\Temp\aswMBR.sys
0xB0E07000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

Processes (total 74):
0 System Idle Process
4 System
880 C:\WINDOWS\SYSTEM32\smss.exe
1656 csrss.exe
1680 C:\WINDOWS\SYSTEM32\winlogon.exe
1724 C:\WINDOWS\SYSTEM32\services.exe
1736 C:\WINDOWS\SYSTEM32\lsass.exe
1920 C:\WINDOWS\SYSTEM32\svchost.exe
2008 svchost.exe
156 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
236 C:\WINDOWS\SYSTEM32\svchost.exe
332 C:\WINDOWS\SYSTEM32\svchost.exe
568 C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
724 svchost.exe
984 C:\WINDOWS\SYSTEM32\spoolsv.exe
1076 svchost.exe
1116 C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
1140 C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
1160 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1176 C:\Program Files\Bonjour\mDNSResponder.exe
1212 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
1260 C:\Program Files\Java\jre6\bin\jqs.exe
1312 C:\Program Files\Common Files\Motive\McciCMService.exe
1544 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1584 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
1636 C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
1844 C:\WINDOWS\SYSTEM32\nvsvc32.exe
408 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
1384 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1532 C:\WINDOWS\SYSTEM32\TCPSVCS.EXE
1660 C:\WINDOWS\SYSTEM32\snmp.exe
148 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
2176 C:\WINDOWS\SYSTEM32\svchost.exe
2204 C:\Program Files\Viewpoint\Common\ViewpointService.exe
2296 C:\Program Files\Windows Home Server\WHSConnector.exe
3152 C:\WINDOWS\SYSTEM32\wscntfy.exe
3176 alg.exe
3188 C:\Program Files\Apoint\Apoint.exe
3204 C:\WINDOWS\SYSTEM32\BacsTray.exe
3212 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
3220 wmiprvse.exe
3228 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
3244 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
3276 C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
3304 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
3344 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3368 C:\Program Files\Verizon\McciTrayApp.exe
3396 C:\Program Files\Dell\QuickSet\quickset.exe
3452 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
3480 C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
3532 C:\Program Files\Apoint\ApntEx.exe
3548 C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
3564 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
3612 C:\Program Files\TRENDnet\MFP Server\Control Center.exe
3620 C:\WINDOWS\SYSTEM32\umonit.exe
3628 C:\Program Files\iTunes\iTunesHelper.exe
3660 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3684 C:\Program Files\Microsoft Security Client\msseces.exe
3848 C:\Program Files\AWS\WeatherBug\Weather.exe
3884 C:\Program Files\DellSupport\DSAgnt.exe
4040 C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
2596 C:\Program Files\Digital Line Detect\DLG.exe
2708 C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
464 C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE
556 wmiprvse.exe
1388 C:\Program Files\Windows Home Server\WHSTrayApp.exe
1456 C:\WINDOWS\SYSTEM32\ctfmon.exe
396 C:\Program Files\iPod\bin\iPodService.exe
3288 C:\WINDOWS\explorer.exe
1204 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
2284 C:\Program Files\Mozilla Firefox\firefox.exe
636 C:\WINDOWS\SYSTEM32\wuauclt.exe
3000 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
3292 C:\Documents and Settings\adnott\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)

PhysicalDrive0 Model Number: HTS726060M9AT00, Rev: MH4OA6EA

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 84B95CE8A54B7C5C3AAF149934FC46FB70FF8365


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

 

[WOLFH]

Just as i was about to run otl.exe, an internet security 2012 popup came up along with a warning message saying 'tfswctrl.exe cannot start' file tfswctrl is infected by w32/blaster.worm as well as another popup saying Warning! INTERNET SECURITY 2012 HAS found 68 useless and unwanted files on your computer!

 

[WOLFH]

Beyond the new popups. I see a new internet security 2012 on the desktop that i did not download.

Taskmanager launches
I have programs and files back
internet connection is really flaky again and having trouble downloading even these small tool files

Rkill.exe will not run since this new set of popups

 

[WOLFH]

Newest development. 61 microsoft updates ready to install. No programs at all will run- taskmgr comes up but hides itself, security essentials or web browsers won't even do that.

 

[WOLFH]

In watching the Microsoft Security Updates install... seems like every 2nd or 3rd one fails. Still unable to open any program.

Strange this happens after running aswMBR & MBRcheck. Never got to OTL.exe before this started.

 

[vict0r]

Your computer seems to be infected with a variant of the TDSS Rootkit, also known as W32/Alureon, which installs itself on a hidden partition.

This particular version might not be fixable and in over 90% of cases so far, the only guaranteed cure has been a reformat of the hard drive and reinstall of Windows.

A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

Due to its rootkit functionality, it's impossible to tell what may have been done when the system was compromised.

You should:

• Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.
• Change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password)

Here are two links to further information if you would like more information:
What are rootkits from Wikipedia
How do I respond to a possible identity theft and how do I prevent it


Internet Security 2012 is a fake anti virus often bundled with the other infections we so far have identified on this computer.


Please follow the instructions below:


Safe mode

• Restart your computer
• During startup, but before the Windows logo appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode with Networking, then press Enter.
• Choose your usual account.
• When asked to proceed to safe mode, click Yes.

Try to run rkill, you can alternatively download an alternate rkill from one of the following links and run it:
One Two Three

Re-run exehelper again by double clicking the file.

Disable Microsoft Security Essentials.

• Open MSE and go to Settings > Real Time Protection.
• Then uncheck "Turn on real time protection".
• Exit MSE when done.

Re-run Combofix:
Click Start -> Run..., copy and paste the following line into the run box, then click OK:
combofix /nombr
Let combofix update itself if prompted.
Post the Combofix log in your next reply.

If combofix sucessfully ran and gave you a new log, then:
Start your computer in Safe Mode again (required if Combofix restarted the computer).
Rerun rkill and wait for it to finish.
Click Start -> Run..., copy and paste the following line into the run box, then click OK:
aswMBR.exe -ap 2

When aswMBR finishes running, it should give you a log. Please post it.

 

[WOLFH]

Understood- Luckily this laptop was being used mainly for internet and email access.


ComboFix 12-01-23.02 - adnott 01/27/2012 23:39:04.2.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.984 [GMT -5:00]
Running from: c:\documents and settings\adnott\Desktop\ComboFix.exe
Command switches used :: /nombr
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\adnott\Application Data\dplaysvr.exe
c:\documents and settings\adnott\Application Data\dplayx.dll
c:\documents and settings\All Users\Application Data\iSecurity.exe
c:\windows\$NtUninstallKB4573$\3788501010\@
c:\windows\$NtUninstallKB4573$\3788501010\bckfg.tmp
c:\windows\$NtUninstallKB4573$\3788501010\cfg.ini
c:\windows\$NtUninstallKB4573$\3788501010\Desktop.ini
c:\windows\$NtUninstallKB4573$\3788501010\keywords
c:\windows\$NtUninstallKB4573$\3788501010\kwrd.dll
c:\windows\$NtUninstallKB4573$\3788501010\L\iahonoel
c:\windows\$NtUninstallKB4573$\3788501010\lsflt7.ver
c:\windows\$NtUninstallKB4573$\3788501010\U\00000001.@
c:\windows\$NtUninstallKB4573$\3788501010\U\00000002.@
c:\windows\$NtUninstallKB4573$\3788501010\U\00000004.@
c:\windows\$NtUninstallKB4573$\3788501010\U\80000000.@
c:\windows\$NtUninstallKB4573$\3788501010\U\80000004.@
c:\windows\$NtUninstallKB4573$\3788501010\U\80000032.@
c:\windows\$NtUninstallKB4573$\4237292630 . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-28 )))))))))))))))))))))))))))))))
.
.
2012-01-28 03:02 . 2012-01-28 03:02 -------- d-----w- C:\812b3a270406fef196d1
2012-01-26 06:22 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-01-26 06:22 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-01-26 05:26 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-01-26 00:28 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AACE2563-7A60-42A2-BF97-6178083B7498}\mpengine.dll
2012-01-23 20:21 . 2012-01-23 20:21 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-01-23 20:21 . 2012-01-23 20:21 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-01-23 20:21 . 2012-01-23 20:21 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-23 20:21 . 2012-01-23 20:21 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-23 20:21 . 2012-01-23 20:21 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-23 20:21 . 2012-01-23 20:21 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-22 16:20 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-15 16:52 . 2012-01-17 03:07 -------- d-----w- c:\program files\trend micro
2012-01-15 16:52 . 2012-01-15 16:52 -------- d-----w- C:\rsit
2012-01-11 01:45 . 2012-01-11 01:45 -------- d-----w- c:\program files\ERUNT
2012-01-10 03:52 . 2012-01-10 10:46 14664 ----a-w- c:\windows\stinger.sys
2012-01-08 23:28 . 2012-01-09 13:56 -------- d-----w- c:\windows\Microsoft Antimalware
2012-01-08 23:28 . 2012-01-08 23:28 -------- d-----w- c:\windows\Windows Defender Offline
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-04 09:26 . 2011-05-21 14:13 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-21 10:47 . 2011-06-30 11:06 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-18 12:35 . 2004-08-04 11:00 60416 ----a-w- c:\windows\system32\packager.exe
2000-06-05 21:47 . 2000-06-05 21:47 32768 ----a-w- c:\program files\mozilla firefox\plugins\AppSub32.dll
2012-01-23 20:21 . 2011-05-20 22:44 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-26_01.42.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-14 01:17 . 2011-05-14 01:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
+ 2011-05-14 06:06 . 2011-05-14 06:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-14 06:23 . 2011-05-14 06:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-13 23:37 . 2011-05-13 23:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
+ 2012-01-28 05:18 . 2012-01-28 05:18 16384 c:\windows\temp\Perflib_Perfdata_600.dat
+ 2012-01-28 05:18 . 2012-01-28 05:18 16384 c:\windows\temp\Perflib_Perfdata_35c.dat
+ 2007-01-29 08:58 . 2011-11-08 13:46 46080 c:\windows\SYSTEM32\tzchange.exe
- 2007-01-29 08:58 . 2010-11-03 13:12 46080 c:\windows\SYSTEM32\tzchange.exe
+ 2004-08-04 11:00 . 2011-07-08 14:02 10496 c:\windows\SYSTEM32\DRIVERS\ndistapi.sys
+ 2004-08-04 11:00 . 2009-04-20 17:17 45568 c:\windows\SYSTEM32\dnsrslvr.dll
- 2004-08-04 11:00 . 2008-04-14 00:11 45568 c:\windows\SYSTEM32\dnsrslvr.dll
+ 2011-11-18 12:35 . 2011-11-18 12:35 60416 c:\windows\SYSTEM32\DLLCACHE\packager.exe
+ 2009-04-20 17:17 . 2009-04-20 17:17 45568 c:\windows\SYSTEM32\DLLCACHE\dnsrslvr.dll
+ 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\SYSTEM32\DLLCACHE\csrsrv.dll
- 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\SYSTEM32\DLLCACHE\csrsrv.dll
+ 2004-08-04 11:00 . 2011-10-28 05:31 33280 c:\windows\SYSTEM32\csrsrv.dll
- 2004-08-04 11:00 . 2010-12-09 14:30 33280 c:\windows\SYSTEM32\csrsrv.dll
+ 2012-01-27 03:39 . 2012-01-27 03:39 19968 c:\windows\Installer\5c090.msi
- 2005-01-10 15:11 . 2011-03-11 12:47 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2005-01-10 15:11 . 2012-01-28 02:48 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2005-01-10 15:11 . 2011-03-11 12:47 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2005-01-10 15:11 . 2012-01-28 02:48 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2005-01-10 15:11 . 2011-03-11 12:47 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2005-01-10 15:11 . 2012-01-28 02:48 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2005-01-10 15:11 . 2011-03-11 12:47 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2005-01-10 15:11 . 2012-01-28 02:48 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2012-01-28 01:24 . 2012-01-28 01:24 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-12-28 15:16 . 2010-12-28 15:16 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2010-12-28 14:58 . 2010-12-28 14:58 77824 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 77824 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-12-28 14:57 . 2010-12-28 14:57 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 32768 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 32768 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 12800 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 12800 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 28672 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 28672 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 77824 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 77824 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 36864 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 36864 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 77824 c:\windows\ASSEMBLY\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 77824 c:\windows\ASSEMBLY\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 13312 c:\windows\ASSEMBLY\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 13312 c:\windows\ASSEMBLY\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 10752 c:\windows\ASSEMBLY\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 10752 c:\windows\ASSEMBLY\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 72192 c:\windows\ASSEMBLY\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 72192 c:\windows\ASSEMBLY\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 69120 c:\windows\ASSEMBLY\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 69120 c:\windows\ASSEMBLY\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-04-16 01:56 . 2010-08-26 12:52 5120 c:\windows\SYSTEM32\xpsp4res.dll
+ 2009-04-16 01:56 . 2011-02-17 12:32 5120 c:\windows\SYSTEM32\xpsp4res.dll
- 2005-01-10 15:11 . 2011-03-11 12:47 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2005-01-10 15:11 . 2012-01-28 02:48 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2010-12-28 14:58 . 2010-12-28 14:58 7168 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 7168 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 5632 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-12-28 14:59 . 2010-12-28 14:59 5632 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-12-28 14:58 . 2010-12-28 14:58 6656 c:\windows\ASSEMBLY\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 6656 c:\windows\ASSEMBLY\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 8192 c:\windows\ASSEMBLY\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 8192 c:\windows\ASSEMBLY\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-05-14 06:17 . 2011-05-14 06:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
+ 2011-05-14 06:12 . 2011-05-14 06:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
+ 2011-05-14 06:11 . 2011-05-14 06:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
+ 2004-08-04 11:00 . 2011-03-04 06:37 420864 c:\windows\SYSTEM32\vbscript.dll
+ 2004-08-04 11:00 . 2011-04-29 17:25 151552 c:\windows\SYSTEM32\schannel.dll
- 2004-08-04 11:00 . 2008-06-20 17:46 245248 c:\windows\SYSTEM32\mswsock.dll
+ 2004-08-04 11:00 . 2008-06-20 16:02 245248 c:\windows\SYSTEM32\mswsock.dll
- 2004-08-04 11:00 . 2010-09-18 17:23 974848 c:\windows\SYSTEM32\mfc42u.dll
+ 2004-08-04 11:00 . 2011-02-08 13:33 974848 c:\windows\SYSTEM32\mfc42u.dll
+ 2004-08-04 11:00 . 2011-02-08 13:33 978944 c:\windows\SYSTEM32\mfc42.dll
- 2004-08-04 11:00 . 2009-12-09 05:53 726528 c:\windows\SYSTEM32\jscript.dll
+ 2004-08-04 11:00 . 2011-03-04 06:37 726528 c:\windows\SYSTEM32\jscript.dll
- 2004-08-11 23:20 . 2011-02-10 15:33 484488 c:\windows\SYSTEM32\FNTCACHE.DAT
+ 2004-08-11 23:20 . 2012-01-28 03:51 484488 c:\windows\SYSTEM32\FNTCACHE.DAT
- 2004-08-04 11:00 . 2011-02-09 13:53 186880 c:\windows\SYSTEM32\encdec.dll
+ 2004-08-04 11:00 . 2011-10-18 11:13 186880 c:\windows\SYSTEM32\encdec.dll
+ 2004-08-04 11:00 . 2011-02-17 13:18 357888 c:\windows\SYSTEM32\DRIVERS\srv.sys
+ 2004-08-04 11:00 . 2011-06-24 14:10 139656 c:\windows\SYSTEM32\DRIVERS\rdpwd.sys
- 2004-08-04 11:00 . 2008-04-14 00:13 139656 c:\windows\SYSTEM32\DRIVERS\rdpwd.sys
+ 2004-08-04 11:00 . 2011-04-21 13:37 105472 c:\windows\SYSTEM32\DRIVERS\mup.sys
+ 2004-08-04 11:00 . 2011-08-17 13:49 138496 c:\windows\SYSTEM32\DRIVERS\afd.sys
- 2004-08-04 11:00 . 2008-08-14 10:04 138496 c:\windows\SYSTEM32\DRIVERS\afd.sys
+ 2004-08-04 11:00 . 2011-03-03 06:55 149504 c:\windows\SYSTEM32\dnsapi.dll
+ 2004-08-04 11:00 . 2011-04-30 03:01 758784 c:\windows\SYSTEM32\DLLCACHE\vgx.dll
+ 2008-05-09 10:53 . 2011-03-04 06:37 420864 c:\windows\SYSTEM32\DLLCACHE\vbscript.dll
+ 2008-10-14 23:35 . 2011-02-17 13:18 357888 c:\windows\SYSTEM32\DLLCACHE\srv.sys
+ 2008-12-05 06:54 . 2011-04-29 17:25 151552 c:\windows\SYSTEM32\DLLCACHE\schannel.dll
+ 2008-06-20 17:46 . 2008-06-20 16:02 245248 c:\windows\SYSTEM32\DLLCACHE\mswsock.dll
- 2008-06-20 17:46 . 2008-06-20 17:46 245248 c:\windows\SYSTEM32\DLLCACHE\mswsock.dll
+ 2006-10-14 08:13 . 2011-02-08 13:33 974848 c:\windows\SYSTEM32\DLLCACHE\mfc42u.dll
- 2006-10-14 08:13 . 2010-09-18 17:23 974848 c:\windows\SYSTEM32\DLLCACHE\mfc42u.dll
+ 2010-12-27 18:10 . 2011-02-08 13:33 978944 c:\windows\SYSTEM32\DLLCACHE\mfc42.dll
- 2008-05-09 10:53 . 2009-12-09 05:53 726528 c:\windows\SYSTEM32\DLLCACHE\jscript.dll
+ 2008-05-09 10:53 . 2011-03-04 06:37 726528 c:\windows\SYSTEM32\DLLCACHE\jscript.dll
- 2011-02-09 13:53 . 2011-02-09 13:53 186880 c:\windows\SYSTEM32\DLLCACHE\encdec.dll
+ 2011-02-09 13:53 . 2011-10-18 11:13 186880 c:\windows\SYSTEM32\DLLCACHE\encdec.dll
+ 2008-06-20 17:46 . 2011-03-03 06:55 149504 c:\windows\SYSTEM32\DLLCACHE\dnsapi.dll
+ 2010-04-20 05:30 . 2011-02-15 12:56 290432 c:\windows\SYSTEM32\DLLCACHE\atmfd.dll
+ 2008-06-20 11:40 . 2011-08-17 13:49 138496 c:\windows\SYSTEM32\DLLCACHE\afd.sys
- 2008-06-20 11:40 . 2008-08-14 10:04 138496 c:\windows\SYSTEM32\DLLCACHE\afd.sys
+ 2004-08-04 11:00 . 2011-02-15 12:56 290432 c:\windows\SYSTEM32\atmfd.dll
+ 2012-01-28 00:30 . 2012-01-28 00:30 467456 c:\windows\Installer\2c8cf06.msi
+ 2005-01-10 15:11 . 2012-01-28 02:48 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2005-01-10 15:11 . 2011-03-11 12:47 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2005-01-10 15:11 . 2011-03-11 12:47 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2005-01-10 15:11 . 2012-01-28 02:48 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2005-01-10 15:11 . 2012-01-28 02:48 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2005-01-10 15:11 . 2011-03-11 12:47 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2005-01-10 15:11 . 2011-03-11 12:47 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2005-01-10 15:11 . 2012-01-28 02:48 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2012-01-27 05:10 . 2009-03-08 08:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2012-01-27 05:10 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2012-01-27 05:10 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2012-01-27 23:38 . 2010-03-10 06:15 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2012-01-27 23:38 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2012-01-27 23:38 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2012-01-27 23:38 . 2009-12-09 05:53 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2012-01-28 05:28 . 2012-01-28 05:28 385024 c:\windows\ERDNT\AutoBackup\1-28-2012\Users\00000002\UsrClass.dat
+ 2012-01-28 05:28 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\1-28-2012\ERDNT.EXE
+ 2012-01-28 05:26 . 2012-01-28 05:26 839680 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 839680 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 835584 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 835584 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 114688 c:\windows\ASSEMBLY\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 114688 c:\windows\ASSEMBLY\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 131072 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 131072 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 303104 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 303104 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 372736 c:\windows\ASSEMBLY\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 372736 c:\windows\ASSEMBLY\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 626688 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 626688 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 401408 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 401408 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 188416 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 188416 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-12-28 15:00 . 2010-12-28 15:00 970752 c:\windows\ASSEMBLY\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 970752 c:\windows\ASSEMBLY\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-12-28 15:00 . 2010-12-28 15:00 745472 c:\windows\ASSEMBLY\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 745472 c:\windows\ASSEMBLY\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 425984 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-12-28 15:00 . 2010-12-28 15:00 425984 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 110592 c:\windows\ASSEMBLY\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 110592 c:\windows\ASSEMBLY\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 659456 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 659456 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 372736 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 372736 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 110592 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 110592 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 749568 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 749568 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 655360 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 655360 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 348160 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 348160 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 507904 c:\windows\ASSEMBLY\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-12-28 14:57 . 2010-12-28 14:57 507904 c:\windows\ASSEMBLY\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 261632 c:\windows\ASSEMBLY\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 261632 c:\windows\ASSEMBLY\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 113664 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 113664 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 258048 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 258048 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-12-28 15:00 . 2010-12-28 15:00 486400 c:\windows\ASSEMBLY\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 486400 c:\windows\ASSEMBLY\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-01-26 06:21 . 2010-10-23 00:51 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
+ 2011-05-14 01:04 . 2011-05-14 01:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
+ 2011-05-14 01:04 . 2011-05-14 01:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
+ 2011-11-01 18:34 . 2011-11-01 18:34 1552384 c:\windows\Installer\5c09f.msp
+ 2011-12-06 20:22 . 2011-12-06 20:22 5519360 c:\windows\Installer\5c098.msp
+ 2011-08-10 22:43 . 2011-08-10 22:43 3795968 c:\windows\Installer\5c095.msp
+ 2011-04-29 17:28 . 2011-04-29 17:28 1995264 c:\windows\Installer\5c091.msp
+ 2011-05-17 23:28 . 2011-05-17 23:28 6862848 c:\windows\Installer\5c08b.msp
+ 2011-04-29 18:04 . 2011-04-29 18:04 5053440 c:\windows\Installer\5c08a.msp
+ 2011-10-30 04:10 . 2011-10-30 04:10 6824960 c:\windows\Installer\5c089.msp
+ 2011-09-20 20:36 . 2011-09-20 20:36 5521408 c:\windows\Installer\5c088.msp
+ 2011-10-31 17:37 . 2011-10-31 17:37 4146688 c:\windows\Installer\5c087.msp
+ 2011-11-01 18:34 . 2011-11-01 18:34 2531840 c:\windows\Installer\5c084.msp
+ 2011-05-23 19:15 . 2011-05-23 19:15 3617792 c:\windows\Installer\5c083.msp
+ 2011-07-27 12:39 . 2011-07-27 12:39 9892352 c:\windows\Installer\5c080.msp
+ 2011-11-11 21:16 . 2011-11-11 21:16 8458240 c:\windows\Installer\5c07e.msp
+ 2011-12-26 15:00 . 2011-12-26 15:00 2608640 c:\windows\Installer\396b353.msp
+ 2011-12-26 14:59 . 2011-12-26 14:59 4368896 c:\windows\Installer\396b352.msp
+ 2011-12-06 20:22 . 2011-12-06 20:22 5519360 c:\windows\Installer\34388e.msp
+ 2011-08-10 22:43 . 2011-08-10 22:43 3795968 c:\windows\Installer\34388b.msp
+ 2011-04-29 17:28 . 2011-04-29 17:28 1995264 c:\windows\Installer\343887.msp
+ 2011-05-17 23:28 . 2011-05-17 23:28 6862848 c:\windows\Installer\343886.msp
+ 2011-04-29 18:04 . 2011-04-29 18:04 5053440 c:\windows\Installer\343885.msp
+ 2011-10-30 04:10 . 2011-10-30 04:10 6824960 c:\windows\Installer\343884.msp
+ 2011-09-20 20:36 . 2011-09-20 20:36 5521408 c:\windows\Installer\343883.msp
+ 2011-10-31 17:37 . 2011-10-31 17:37 4146688 c:\windows\Installer\343882.msp
+ 2011-11-01 18:34 . 2011-11-01 18:34 2531840 c:\windows\Installer\34387f.msp
+ 2011-05-23 19:15 . 2011-05-23 19:15 3617792 c:\windows\Installer\34387e.msp
+ 2011-07-27 12:39 . 2011-07-27 12:39 9892352 c:\windows\Installer\34387b.msp
+ 2011-05-17 23:28 . 2011-05-17 23:28 6862848 c:\windows\Installer\3358571.msp
+ 2011-04-29 18:04 . 2011-04-29 18:04 5053440 c:\windows\Installer\3358560.msp
+ 2011-10-30 04:10 . 2011-10-30 04:10 6824960 c:\windows\Installer\3358539.msp
+ 2011-10-31 17:37 . 2011-10-31 17:37 4146688 c:\windows\Installer\32339be.msp
+ 2011-11-01 18:34 . 2011-11-01 18:34 2531840 c:\windows\Installer\32339a8.msp
+ 2011-05-23 19:15 . 2011-05-23 19:15 3617792 c:\windows\Installer\2c8cf31.msp
+ 2012-01-28 00:51 . 2012-01-28 00:52 1067008 c:\windows\Installer\2c8cf21.msi
+ 2011-07-27 12:39 . 2011-07-27 12:39 9892352 c:\windows\Installer\2c8cf0d.msp
+ 2007-04-19 19:09 . 2007-04-19 19:09 1061720 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OMFC.DLL
+ 2012-01-28 05:25 . 2012-01-28 05:25 3182592 c:\windows\ASSEMBLY\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-12-28 15:00 . 2010-12-28 15:00 3182592 c:\windows\ASSEMBLY\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 2048000 c:\windows\ASSEMBLY\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 2048000 c:\windows\ASSEMBLY\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-12-28 14:57 . 2010-12-28 14:57 5025792 c:\windows\ASSEMBLY\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 5025792 c:\windows\ASSEMBLY\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 5062656 c:\windows\ASSEMBLY\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-12-28 14:57 . 2010-12-28 14:57 5062656 c:\windows\ASSEMBLY\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 5242880 c:\windows\ASSEMBLY\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-12-28 14:57 . 2010-12-28 14:57 5242880 c:\windows\ASSEMBLY\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 2933248 c:\windows\ASSEMBLY\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-12-28 15:00 . 2010-12-28 15:00 2933248 c:\windows\ASSEMBLY\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 4550656 c:\windows\ASSEMBLY\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 4550656 c:\windows\ASSEMBLY\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-07-26 21:33 . 2011-07-26 21:33 10984448 c:\windows\Installer\5c094.msp
+ 2011-07-26 21:33 . 2011-07-26 21:33 10984448 c:\windows\Installer\34388a.msp
+ 2012-01-28 05:28 . 2012-01-28 05:28 14344192 c:\windows\ERDNT\AutoBackup\1-28-2012\Users\00000001\ntuser.dat
+ 2012-01-27 03:19 . 2012-01-27 03:19 14344192 c:\windows\ERDNT\AutoBackup\1-26-2012\Users\00000001\ntuser.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2005-06-07 1339392]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"cdloader"="c:\documents and settings\adnott\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-26 4632576]
"nwiz"="nwiz.exe" [2004-10-26 921600]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-08-22 155648]
"bacstray"="BacsTray.exe" [2003-05-15 98304]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-09-30 57344]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-14 50688]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-04 180269]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-06-06 936960]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-05-21 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-05-21 1202448]
"Control Center"="c:\program files\TRENDnet\MFP Server\Control Center.exe" [2009-08-04 3294720]
"UMonit"="c:\windows\system32\umonit.exe" [2004-10-28 53248]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\adnott\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-1-26 98304]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-1-10 24576]
Media Card Companion Monitor.lnk - c:\program files\ArcSoft\Media Card Companion\MCC Monitor.exe [2005-1-21 98304]
MediaManager.lnk - c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaManager.exe [2009-9-10 366136]
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2009-9-10 604008]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TRENDnet\\MFP Server\\Control Center.exe"=
"c:\\Documents and Settings\\adnott\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDPeer Name Resolution Protocol (PNRP)
"7303:UDP"= 7303:UDP:Control Center UDP Port
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\SYSTEM32\DRIVERS\RCFOX.SYS [5/2/2006 10:17 PM 91136]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 11:03 AM 169312]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 3:23 PM 196176]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 5:21 PM 249648]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/4/2004 6:00 AM 14336]
R2 NkPtpEnumP2;NkPtpEnumP2;c:\program files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe [6/17/2005 11:11 AM 24064]
R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/6/2008 9:22 AM 30152]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [10/7/2009 1:48 PM 376680]
R3 KUSBusByTCPMasterBus;Master Bus of Kernel USB Software Bus by TCP;c:\windows\SYSTEM32\DRIVERS\KUSBusByTCPMasterBus.sys [11/11/2008 1:59 PM 70656]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\SYSTEM32\DRIVERS\Pcouffin.sys [1/20/2005 11:31 PM 32416]
R3 VBus;Virtual Bus;c:\windows\SYSTEM32\DRIVERS\NkVBus.sys [6/17/2005 11:11 AM 17664]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\adnott\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\adnott\LOCALS~1\Temp\ALSysIO.sys [?]
S3 BackupReader;BackupReader;c:\windows\SYSTEM32\DRIVERS\BackupReader.sys [4/20/2009 8:49 PM 44784]
S3 fixustor;fixustor;c:\windows\SYSTEM32\DRIVERS\fixustor.sys [10/21/2009 6:30 PM 6016]
S3 KUSBusByTCP;KUSBusByTCP;c:\windows\SYSTEM32\DRIVERS\KUSBusByTCP.sys [11/11/2008 1:59 PM 97664]
S3 PLISp50;PLISp50 NDIS Protocol Driver;c:\windows\SYSTEM32\DRIVERS\PLISp50.sys [1/16/2008 1:21 PM 27072]
S3 PortlUSB;PortlUSB;c:\windows\SYSTEM32\DRIVERS\SiriusUSB.sys [12/28/2005 8:24 PM 7552]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\SYSTEM32\DRIVERS\rcvpn.sys [5/2/2006 10:01 PM 23180]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\adnott\Application Data\Mozilla\Firefox\Profiles\kmroaven.default\
FF - prefs.js: browser.search.defaulturl - hxxp://google.com
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - user.js: yahoo.homepage.dontask - true
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-dplaysvr - c:\documents and settings\adnott\Application Data\dplaysvr.exe
HKCU-Run-Internet Security 2012 - c:\documents and settings\All Users\Application Data\isecurity.exe
HKLM-Run-dplaysvr - c:\documents and settings\adnott\Application Data\dplaysvr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-28 00:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\umonit.exe?p\WZSE1.TMP\imagemate-6.30\WinXP\fixustor.sys??????????????????????????A~?5??????????tqQ?l??? ??|`??|????]??|??D~?????????5??F$?|??B~??B~*?,??5????????????????????????????????B~????????????tqQ?????T?????Q?????tqQ???????V????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4090913760-1689954004-2845501671-1006\Software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
@Allowed: (2) (Administrators)
"Policy"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
"Policy"=hex:00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1696)
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(1668)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\BacsTray.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Windows Home Server\WHSTrayApp.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Verizon\McciBrowser.exe
.
**************************************************************************
.
Completion time: 2012-01-28 00:46:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-28 05:45
ComboFix2.txt 2012-01-26 01:58
.
Pre-Run: 9,334,677,504 bytes free
Post-Run: 7,745,761,280 bytes free
.
- - End Of File - - 8ECAA10D7BE2C85DF7F78D66B0677C9E

 

[WOLFH]

Unable to get wireless to work now in safe mode with networking so the update failed. Logged back in to regular xp (non safe mode to post this). By the way, even aswMBR will not complete the definition update here - internet went out at 10.38 MB.


aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-01-28 09:24:10
-----------------------------
09:24:10.539 OS Version: Windows 5.1.2600 Service Pack 3
09:24:10.539 Number of processors: 1 586 0xD06
09:24:10.539 ComputerName: MOBILE UserName: adnott
09:24:11.510 Initialize success
09:24:32.250 AVAST engine download error: 0
09:26:36.619 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:26:36.639 Disk 0 Vendor: HTS726060M9AT00 MH4OA6EA Size: 57231MB BusType: 3
09:26:36.669 Disk 0 MBR read successfully
09:26:36.689 Disk 0 MBR scan
09:26:36.709 Disk 0 unknown MBR code
09:26:36.739 Disk 0 MBR hidden
09:26:36.759 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 47 MB offset 63
09:26:36.799 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 53976 MB offset 96390
09:26:36.839 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3200 MB offset 110639655
09:26:36.869 Disk 0 Partition 4 80 (A) 17 Hidd HPFS/NTFS NTFS 7 MB offset 117194175
09:26:36.899 Disk 0 Partition 4 **SUSPICIOUS**
09:26:36.919 Disk 0 scanning sectors +117210224
09:26:37.099 Disk 0 scanning C:\WINDOWS\system32\drivers
09:26:49.497 Service scanning
09:26:54.444 Modules scanning
09:27:02.075 Disk 0 trace - called modules:
09:27:02.095 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a98bfa9]<<
09:27:02.095 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a93b860]
09:27:02.095 3 CLASSPNP.SYS[f76b7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a9cad98]
09:27:02.095 \Driver\atapi[0x8a9682e0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8a98bfa9
09:27:02.095 Scan finished successfully
09:29:37.188 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\adnott\Desktop\MBR.dat"
09:29:37.208 The log file has been saved successfully to "C:\Documents and Settings\adnott\Desktop\aswMBR-12811.txt"

 

[vict0r]

Did Combofix alert you that it found Zero Access and needed to reboot?

The log you posted from aswMBR does not have the expected contents. What happened when you ran aswMBR as quoted below/described in my previous post?

Click Start -> Run..., copy and paste the following line into the run box, then click OK:
aswMBR.exe -ap 2

 

[WOLFH]

Combo fix did find zero access and rebooted 2 times till completion. The first pass was nearly 1.5 hours.

When trying to run aswMBR.exe -ap 2 'file not found' but it is there on the desktop

 

[vict0r]

Let's try this, if asked to download definitions, then answer No:

Click Start -> Run..., copy (including both double quotes) and paste the following line into the run box, then click OK:
"%userprofile%\Desktop\aswMBR.exe" -ap 2

Answer Yes to confirm the active partition change.
Click the Save log button to open the log and paste it into your next reply.

Reboot the computer.

aswMBR

• Double click aswMBR.exe (on your desktop) to run it.
• When asked if you want to download Avast's virus definitions please select No
• Click the Scan button.
• After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
• Click OK > Exit.
• Note: Do not attempt to fix anything at this stage!
• Two files will be created, aswMBR.txt & a file named MBR.dat.
• MBR.dat is a backup of the MBR(master boot record), do not delete it.
• Copy & Paste the contents of aswMBR.txt into your next reply.

 

[WOLFH]

running in safe mode- required?

 

[vict0r]

Safe mode is not required, but may be needed if the program does not start.

 

[WOLFH]

Click Start -> Run..., copy (including both double quotes) and paste the following line into the run box, then click OK:
"%userprofile%\Desktop\aswMBR.exe" -ap 2

Should I see a prompt immediately or after something has happened? I ran that line and saw a lot of Hard Drive activity but nothing else... it's been at least 10 minutes. (I did not run it from safe mode)

 

[vict0r]

You may be immediately prompted to run the application, then you should immediately see the aswMBR window and the prompt to change the active partition.

Boot to safe mode, re-run rkill and then try again.

 

[WOLFH]

"%userprofile%\Desktop\aswMBR.exe" -ap 2

Running in Safe Mode- I pasted this line in run and nothing happens. I then substituted my user name 'adnott' between the %'s and get the message:

adnott\Desktop\aswMBR.exe

Windows cannot find 'adnott\desktop\aswMBR.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start Button, and then Click Search.

I edit the run line back to userprofile instead of my log in user name and nothing....