DDS Will not complete, No task Manager, etc...

**WOLFH** · 2012-01-28, 15:01

Understood- Luckily this laptop was being used mainly for internet and email access.

ComboFix 12-01-23.02 - adnott 01/27/2012 23:39:04.2.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.984 [GMT -5:00]
Running from: c:\documents and settings\adnott\Desktop\ComboFix.exe
Command switches used :: /nombr
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\adnott\Application Data\dplaysvr.exe
c:\documents and settings\adnott\Application Data\dplayx.dll
c:\documents and settings\All Users\Application Data\iSecurity.exe
c:\windows\$NtUninstallKB4573$\3788501010\@
c:\windows\$NtUninstallKB4573$\3788501010\bckfg.tmp
c:\windows\$NtUninstallKB4573$\3788501010\cfg.ini
c:\windows\$NtUninstallKB4573$\3788501010\Desktop.ini
c:\windows\$NtUninstallKB4573$\3788501010\keywords
c:\windows\$NtUninstallKB4573$\3788501010\kwrd.dll
c:\windows\$NtUninstallKB4573$\3788501010\L\iahonoel
c:\windows\$NtUninstallKB4573$\3788501010\lsflt7.ver
c:\windows\$NtUninstallKB4573$\3788501010\U\00000001.@
c:\windows\$NtUninstallKB4573$\3788501010\U\00000002.@
c:\windows\$NtUninstallKB4573$\3788501010\U\00000004.@
c:\windows\$NtUninstallKB4573$\3788501010\U\80000000.@
c:\windows\$NtUninstallKB4573$\3788501010\U\80000004.@
c:\windows\$NtUninstallKB4573$\3788501010\U\80000032.@
c:\windows\$NtUninstallKB4573$\4237292630 . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-28 )))))))))))))))))))))))))))))))
.
.
2012-01-28 03:02 . 2012-01-28 03:02 -------- d-----w- C:\812b3a270406fef196d1
2012-01-26 06:22 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-01-26 06:22 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-01-26 05:26 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-01-26 00:28 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AACE2563-7A60-42A2-BF97-6178083B7498}\mpengine.dll
2012-01-23 20:21 . 2012-01-23 20:21 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-01-23 20:21 . 2012-01-23 20:21 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-01-23 20:21 . 2012-01-23 20:21 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-23 20:21 . 2012-01-23 20:21 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-23 20:21 . 2012-01-23 20:21 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-23 20:21 . 2012-01-23 20:21 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-22 16:20 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-15 16:52 . 2012-01-17 03:07 -------- d-----w- c:\program files\trend micro
2012-01-15 16:52 . 2012-01-15 16:52 -------- d-----w- C:\rsit
2012-01-11 01:45 . 2012-01-11 01:45 -------- d-----w- c:\program files\ERUNT
2012-01-10 03:52 . 2012-01-10 10:46 14664 ----a-w- c:\windows\stinger.sys
2012-01-08 23:28 . 2012-01-09 13:56 -------- d-----w- c:\windows\Microsoft Antimalware
2012-01-08 23:28 . 2012-01-08 23:28 -------- d-----w- c:\windows\Windows Defender Offline
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-04 09:26 . 2011-05-21 14:13 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-21 10:47 . 2011-06-30 11:06 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-18 12:35 . 2004-08-04 11:00 60416 ----a-w- c:\windows\system32\packager.exe
2000-06-05 21:47 . 2000-06-05 21:47 32768 ----a-w- c:\program files\mozilla firefox\plugins\AppSub32.dll
2012-01-23 20:21 . 2011-05-20 22:44 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-26_01.42.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-14 01:17 . 2011-05-14 01:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
+ 2011-05-14 06:06 . 2011-05-14 06:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-14 06:23 . 2011-05-14 06:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-13 23:37 . 2011-05-13 23:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
+ 2012-01-28 05:18 . 2012-01-28 05:18 16384 c:\windows\temp\Perflib_Perfdata_600.dat
+ 2012-01-28 05:18 . 2012-01-28 05:18 16384 c:\windows\temp\Perflib_Perfdata_35c.dat
+ 2007-01-29 08:58 . 2011-11-08 13:46 46080 c:\windows\SYSTEM32\tzchange.exe
- 2007-01-29 08:58 . 2010-11-03 13:12 46080 c:\windows\SYSTEM32\tzchange.exe
+ 2004-08-04 11:00 . 2011-07-08 14:02 10496 c:\windows\SYSTEM32\DRIVERS\ndistapi.sys
+ 2004-08-04 11:00 . 2009-04-20 17:17 45568 c:\windows\SYSTEM32\dnsrslvr.dll
- 2004-08-04 11:00 . 2008-04-14 00:11 45568 c:\windows\SYSTEM32\dnsrslvr.dll
+ 2011-11-18 12:35 . 2011-11-18 12:35 60416 c:\windows\SYSTEM32\DLLCACHE\packager.exe
+ 2009-04-20 17:17 . 2009-04-20 17:17 45568 c:\windows\SYSTEM32\DLLCACHE\dnsrslvr.dll
+ 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\SYSTEM32\DLLCACHE\csrsrv.dll
- 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\SYSTEM32\DLLCACHE\csrsrv.dll
+ 2004-08-04 11:00 . 2011-10-28 05:31 33280 c:\windows\SYSTEM32\csrsrv.dll
- 2004-08-04 11:00 . 2010-12-09 14:30 33280 c:\windows\SYSTEM32\csrsrv.dll
+ 2012-01-27 03:39 . 2012-01-27 03:39 19968 c:\windows\Installer\5c090.msi
- 2005-01-10 15:11 . 2011-03-11 12:47 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2005-01-10 15:11 . 2012-01-28 02:48 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2005-01-10 15:11 . 2011-03-11 12:47 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2005-01-10 15:11 . 2012-01-28 02:48 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2005-01-10 15:11 . 2011-03-11 12:47 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2005-01-10 15:11 . 2012-01-28 02:48 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2005-01-10 15:11 . 2011-03-11 12:47 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2005-01-10 15:11 . 2012-01-28 02:48 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2012-01-28 01:24 . 2012-01-28 01:24 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-12-28 15:16 . 2010-12-28 15:16 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2010-12-28 14:58 . 2010-12-28 14:58 77824 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 77824 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-12-28 14:57 . 2010-12-28 14:57 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 32768 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 32768 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 12800 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 12800 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 28672 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 28672 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 77824 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 77824 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 36864 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 36864 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 77824 c:\windows\ASSEMBLY\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 77824 c:\windows\ASSEMBLY\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 13312 c:\windows\ASSEMBLY\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 13312 c:\windows\ASSEMBLY\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 10752 c:\windows\ASSEMBLY\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 10752 c:\windows\ASSEMBLY\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 72192 c:\windows\ASSEMBLY\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 72192 c:\windows\ASSEMBLY\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 69120 c:\windows\ASSEMBLY\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 69120 c:\windows\ASSEMBLY\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-04-16 01:56 . 2010-08-26 12:52 5120 c:\windows\SYSTEM32\xpsp4res.dll
+ 2009-04-16 01:56 . 2011-02-17 12:32 5120 c:\windows\SYSTEM32\xpsp4res.dll
- 2005-01-10 15:11 . 2011-03-11 12:47 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2005-01-10 15:11 . 2012-01-28 02:48 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2010-12-28 14:58 . 2010-12-28 14:58 7168 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 7168 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 5632 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-12-28 14:59 . 2010-12-28 14:59 5632 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-12-28 14:58 . 2010-12-28 14:58 6656 c:\windows\ASSEMBLY\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 6656 c:\windows\ASSEMBLY\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 8192 c:\windows\ASSEMBLY\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 8192 c:\windows\ASSEMBLY\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-05-14 06:17 . 2011-05-14 06:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
+ 2011-05-14 06:12 . 2011-05-14 06:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
+ 2011-05-14 06:11 . 2011-05-14 06:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
+ 2004-08-04 11:00 . 2011-03-04 06:37 420864 c:\windows\SYSTEM32\vbscript.dll
+ 2004-08-04 11:00 . 2011-04-29 17:25 151552 c:\windows\SYSTEM32\schannel.dll
- 2004-08-04 11:00 . 2008-06-20 17:46 245248 c:\windows\SYSTEM32\mswsock.dll
+ 2004-08-04 11:00 . 2008-06-20 16:02 245248 c:\windows\SYSTEM32\mswsock.dll
- 2004-08-04 11:00 . 2010-09-18 17:23 974848 c:\windows\SYSTEM32\mfc42u.dll
+ 2004-08-04 11:00 . 2011-02-08 13:33 974848 c:\windows\SYSTEM32\mfc42u.dll
+ 2004-08-04 11:00 . 2011-02-08 13:33 978944 c:\windows\SYSTEM32\mfc42.dll
- 2004-08-04 11:00 . 2009-12-09 05:53 726528 c:\windows\SYSTEM32\jscript.dll
+ 2004-08-04 11:00 . 2011-03-04 06:37 726528 c:\windows\SYSTEM32\jscript.dll
- 2004-08-11 23:20 . 2011-02-10 15:33 484488 c:\windows\SYSTEM32\FNTCACHE.DAT
+ 2004-08-11 23:20 . 2012-01-28 03:51 484488 c:\windows\SYSTEM32\FNTCACHE.DAT
- 2004-08-04 11:00 . 2011-02-09 13:53 186880 c:\windows\SYSTEM32\encdec.dll
+ 2004-08-04 11:00 . 2011-10-18 11:13 186880 c:\windows\SYSTEM32\encdec.dll
+ 2004-08-04 11:00 . 2011-02-17 13:18 357888 c:\windows\SYSTEM32\DRIVERS\srv.sys
+ 2004-08-04 11:00 . 2011-06-24 14:10 139656 c:\windows\SYSTEM32\DRIVERS\rdpwd.sys
- 2004-08-04 11:00 . 2008-04-14 00:13 139656 c:\windows\SYSTEM32\DRIVERS\rdpwd.sys
+ 2004-08-04 11:00 . 2011-04-21 13:37 105472 c:\windows\SYSTEM32\DRIVERS\mup.sys
+ 2004-08-04 11:00 . 2011-08-17 13:49 138496 c:\windows\SYSTEM32\DRIVERS\afd.sys
- 2004-08-04 11:00 . 2008-08-14 10:04 138496 c:\windows\SYSTEM32\DRIVERS\afd.sys
+ 2004-08-04 11:00 . 2011-03-03 06:55 149504 c:\windows\SYSTEM32\dnsapi.dll
+ 2004-08-04 11:00 . 2011-04-30 03:01 758784 c:\windows\SYSTEM32\DLLCACHE\vgx.dll
+ 2008-05-09 10:53 . 2011-03-04 06:37 420864 c:\windows\SYSTEM32\DLLCACHE\vbscript.dll
+ 2008-10-14 23:35 . 2011-02-17 13:18 357888 c:\windows\SYSTEM32\DLLCACHE\srv.sys
+ 2008-12-05 06:54 . 2011-04-29 17:25 151552 c:\windows\SYSTEM32\DLLCACHE\schannel.dll
+ 2008-06-20 17:46 . 2008-06-20 16:02 245248 c:\windows\SYSTEM32\DLLCACHE\mswsock.dll
- 2008-06-20 17:46 . 2008-06-20 17:46 245248 c:\windows\SYSTEM32\DLLCACHE\mswsock.dll
+ 2006-10-14 08:13 . 2011-02-08 13:33 974848 c:\windows\SYSTEM32\DLLCACHE\mfc42u.dll
- 2006-10-14 08:13 . 2010-09-18 17:23 974848 c:\windows\SYSTEM32\DLLCACHE\mfc42u.dll
+ 2010-12-27 18:10 . 2011-02-08 13:33 978944 c:\windows\SYSTEM32\DLLCACHE\mfc42.dll
- 2008-05-09 10:53 . 2009-12-09 05:53 726528 c:\windows\SYSTEM32\DLLCACHE\jscript.dll
+ 2008-05-09 10:53 . 2011-03-04 06:37 726528 c:\windows\SYSTEM32\DLLCACHE\jscript.dll
- 2011-02-09 13:53 . 2011-02-09 13:53 186880 c:\windows\SYSTEM32\DLLCACHE\encdec.dll
+ 2011-02-09 13:53 . 2011-10-18 11:13 186880 c:\windows\SYSTEM32\DLLCACHE\encdec.dll
+ 2008-06-20 17:46 . 2011-03-03 06:55 149504 c:\windows\SYSTEM32\DLLCACHE\dnsapi.dll
+ 2010-04-20 05:30 . 2011-02-15 12:56 290432 c:\windows\SYSTEM32\DLLCACHE\atmfd.dll
+ 2008-06-20 11:40 . 2011-08-17 13:49 138496 c:\windows\SYSTEM32\DLLCACHE\afd.sys
- 2008-06-20 11:40 . 2008-08-14 10:04 138496 c:\windows\SYSTEM32\DLLCACHE\afd.sys
+ 2004-08-04 11:00 . 2011-02-15 12:56 290432 c:\windows\SYSTEM32\atmfd.dll
+ 2012-01-28 00:30 . 2012-01-28 00:30 467456 c:\windows\Installer\2c8cf06.msi
+ 2005-01-10 15:11 . 2012-01-28 02:48 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2005-01-10 15:11 . 2011-03-11 12:47 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2005-01-10 15:11 . 2011-03-11 12:47 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2005-01-10 15:11 . 2012-01-28 02:48 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2005-01-10 15:11 . 2012-01-28 02:48 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2005-01-10 15:11 . 2011-03-11 12:47 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2005-01-10 15:11 . 2011-03-11 12:47 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2005-01-10 15:11 . 2012-01-28 02:48 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2012-01-27 05:10 . 2009-03-08 08:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2012-01-27 05:10 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2012-01-27 05:10 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2012-01-27 23:38 . 2010-03-10 06:15 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2012-01-27 23:38 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2012-01-27 23:38 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2012-01-27 23:38 . 2009-12-09 05:53 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2012-01-28 05:28 . 2012-01-28 05:28 385024 c:\windows\ERDNT\AutoBackup\1-28-2012\Users\00000002\UsrClass.dat
+ 2012-01-28 05:28 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\1-28-2012\ERDNT.EXE
+ 2012-01-28 05:26 . 2012-01-28 05:26 839680 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 839680 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 835584 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 835584 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 114688 c:\windows\ASSEMBLY\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 114688 c:\windows\ASSEMBLY\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 131072 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 131072 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 303104 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 303104 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 372736 c:\windows\ASSEMBLY\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 372736 c:\windows\ASSEMBLY\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 626688 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 626688 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 401408 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 401408 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 188416 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 188416 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-12-28 15:00 . 2010-12-28 15:00 970752 c:\windows\ASSEMBLY\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 970752 c:\windows\ASSEMBLY\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-12-28 15:00 . 2010-12-28 15:00 745472 c:\windows\ASSEMBLY\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 745472 c:\windows\ASSEMBLY\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 425984 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-12-28 15:00 . 2010-12-28 15:00 425984 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 110592 c:\windows\ASSEMBLY\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 110592 c:\windows\ASSEMBLY\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 659456 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 659456 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 372736 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 372736 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 110592 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 110592 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 749568 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 749568 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 655360 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 655360 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 348160 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 348160 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 507904 c:\windows\ASSEMBLY\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-12-28 14:57 . 2010-12-28 14:57 507904 c:\windows\ASSEMBLY\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 261632 c:\windows\ASSEMBLY\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 261632 c:\windows\ASSEMBLY\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 113664 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 113664 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 258048 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 258048 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-12-28 15:00 . 2010-12-28 15:00 486400 c:\windows\ASSEMBLY\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 486400 c:\windows\ASSEMBLY\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-01-26 06:21 . 2010-10-23 00:51 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
+ 2011-05-14 01:04 . 2011-05-14 01:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
+ 2011-05-14 01:04 . 2011-05-14 01:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
+ 2011-11-01 18:34 . 2011-11-01 18:34 1552384 c:\windows\Installer\5c09f.msp
+ 2011-12-06 20:22 . 2011-12-06 20:22 5519360 c:\windows\Installer\5c098.msp
+ 2011-08-10 22:43 . 2011-08-10 22:43 3795968 c:\windows\Installer\5c095.msp
+ 2011-04-29 17:28 . 2011-04-29 17:28 1995264 c:\windows\Installer\5c091.msp
+ 2011-05-17 23:28 . 2011-05-17 23:28 6862848 c:\windows\Installer\5c08b.msp
+ 2011-04-29 18:04 . 2011-04-29 18:04 5053440 c:\windows\Installer\5c08a.msp
+ 2011-10-30 04:10 . 2011-10-30 04:10 6824960 c:\windows\Installer\5c089.msp
+ 2011-09-20 20:36 . 2011-09-20 20:36 5521408 c:\windows\Installer\5c088.msp
+ 2011-10-31 17:37 . 2011-10-31 17:37 4146688 c:\windows\Installer\5c087.msp
+ 2011-11-01 18:34 . 2011-11-01 18:34 2531840 c:\windows\Installer\5c084.msp
+ 2011-05-23 19:15 . 2011-05-23 19:15 3617792 c:\windows\Installer\5c083.msp
+ 2011-07-27 12:39 . 2011-07-27 12:39 9892352 c:\windows\Installer\5c080.msp
+ 2011-11-11 21:16 . 2011-11-11 21:16 8458240 c:\windows\Installer\5c07e.msp
+ 2011-12-26 15:00 . 2011-12-26 15:00 2608640 c:\windows\Installer\396b353.msp
+ 2011-12-26 14:59 . 2011-12-26 14:59 4368896 c:\windows\Installer\396b352.msp
+ 2011-12-06 20:22 . 2011-12-06 20:22 5519360 c:\windows\Installer\34388e.msp
+ 2011-08-10 22:43 . 2011-08-10 22:43 3795968 c:\windows\Installer\34388b.msp
+ 2011-04-29 17:28 . 2011-04-29 17:28 1995264 c:\windows\Installer\343887.msp
+ 2011-05-17 23:28 . 2011-05-17 23:28 6862848 c:\windows\Installer\343886.msp
+ 2011-04-29 18:04 . 2011-04-29 18:04 5053440 c:\windows\Installer\343885.msp
+ 2011-10-30 04:10 . 2011-10-30 04:10 6824960 c:\windows\Installer\343884.msp
+ 2011-09-20 20:36 . 2011-09-20 20:36 5521408 c:\windows\Installer\343883.msp
+ 2011-10-31 17:37 . 2011-10-31 17:37 4146688 c:\windows\Installer\343882.msp
+ 2011-11-01 18:34 . 2011-11-01 18:34 2531840 c:\windows\Installer\34387f.msp
+ 2011-05-23 19:15 . 2011-05-23 19:15 3617792 c:\windows\Installer\34387e.msp
+ 2011-07-27 12:39 . 2011-07-27 12:39 9892352 c:\windows\Installer\34387b.msp
+ 2011-05-17 23:28 . 2011-05-17 23:28 6862848 c:\windows\Installer\3358571.msp
+ 2011-04-29 18:04 . 2011-04-29 18:04 5053440 c:\windows\Installer\3358560.msp
+ 2011-10-30 04:10 . 2011-10-30 04:10 6824960 c:\windows\Installer\3358539.msp
+ 2011-10-31 17:37 . 2011-10-31 17:37 4146688 c:\windows\Installer\32339be.msp
+ 2011-11-01 18:34 . 2011-11-01 18:34 2531840 c:\windows\Installer\32339a8.msp
+ 2011-05-23 19:15 . 2011-05-23 19:15 3617792 c:\windows\Installer\2c8cf31.msp
+ 2012-01-28 00:51 . 2012-01-28 00:52 1067008 c:\windows\Installer\2c8cf21.msi
+ 2011-07-27 12:39 . 2011-07-27 12:39 9892352 c:\windows\Installer\2c8cf0d.msp
+ 2007-04-19 19:09 . 2007-04-19 19:09 1061720 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OMFC.DLL
+ 2012-01-28 05:25 . 2012-01-28 05:25 3182592 c:\windows\ASSEMBLY\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-12-28 15:00 . 2010-12-28 15:00 3182592 c:\windows\ASSEMBLY\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 2048000 c:\windows\ASSEMBLY\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 2048000 c:\windows\ASSEMBLY\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-12-28 14:57 . 2010-12-28 14:57 5025792 c:\windows\ASSEMBLY\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 5025792 c:\windows\ASSEMBLY\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 5062656 c:\windows\ASSEMBLY\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-12-28 14:57 . 2010-12-28 14:57 5062656 c:\windows\ASSEMBLY\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 5242880 c:\windows\ASSEMBLY\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-12-28 14:57 . 2010-12-28 14:57 5242880 c:\windows\ASSEMBLY\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 2933248 c:\windows\ASSEMBLY\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-12-28 15:00 . 2010-12-28 15:00 2933248 c:\windows\ASSEMBLY\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 4550656 c:\windows\ASSEMBLY\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 4550656 c:\windows\ASSEMBLY\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-07-26 21:33 . 2011-07-26 21:33 10984448 c:\windows\Installer\5c094.msp
+ 2011-07-26 21:33 . 2011-07-26 21:33 10984448 c:\windows\Installer\34388a.msp
+ 2012-01-28 05:28 . 2012-01-28 05:28 14344192 c:\windows\ERDNT\AutoBackup\1-28-2012\Users\00000001\ntuser.dat
+ 2012-01-27 03:19 . 2012-01-27 03:19 14344192 c:\windows\ERDNT\AutoBackup\1-26-2012\Users\00000001\ntuser.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2005-06-07 1339392]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"cdloader"="c:\documents and settings\adnott\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-26 4632576]
"nwiz"="nwiz.exe" [2004-10-26 921600]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-08-22 155648]
"bacstray"="BacsTray.exe" [2003-05-15 98304]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-09-30 57344]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-14 50688]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-04 180269]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-06-06 936960]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-05-21 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-05-21 1202448]
"Control Center"="c:\program files\TRENDnet\MFP Server\Control Center.exe" [2009-08-04 3294720]
"UMonit"="c:\windows\system32\umonit.exe" [2004-10-28 53248]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\adnott\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-1-26 98304]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-1-10 24576]
Media Card Companion Monitor.lnk - c:\program files\ArcSoft\Media Card Companion\MCC Monitor.exe [2005-1-21 98304]
MediaManager.lnk - c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaManager.exe [2009-9-10 366136]
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2009-9-10 604008]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TRENDnet\\MFP Server\\Control Center.exe"=
"c:\\Documents and Settings\\adnott\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"7303:UDP"= 7303:UDP:Control Center UDP Port
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\SYSTEM32\DRIVERS\RCFOX.SYS [5/2/2006 10:17 PM 91136]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 11:03 AM 169312]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 3:23 PM 196176]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 5:21 PM 249648]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/4/2004 6:00 AM 14336]
R2 NkPtpEnumP2;NkPtpEnumP2;c:\program files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe [6/17/2005 11:11 AM 24064]
R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/6/2008 9:22 AM 30152]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [10/7/2009 1:48 PM 376680]
R3 KUSBusByTCPMasterBus;Master Bus of Kernel USB Software Bus by TCP;c:\windows\SYSTEM32\DRIVERS\KUSBusByTCPMasterBus.sys [11/11/2008 1:59 PM 70656]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\SYSTEM32\DRIVERS\Pcouffin.sys [1/20/2005 11:31 PM 32416]
R3 VBus;Virtual Bus;c:\windows\SYSTEM32\DRIVERS\NkVBus.sys [6/17/2005 11:11 AM 17664]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\adnott\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\adnott\LOCALS~1\Temp\ALSysIO.sys [?]
S3 BackupReader;BackupReader;c:\windows\SYSTEM32\DRIVERS\BackupReader.sys [4/20/2009 8:49 PM 44784]
S3 fixustor;fixustor;c:\windows\SYSTEM32\DRIVERS\fixustor.sys [10/21/2009 6:30 PM 6016]
S3 KUSBusByTCP;KUSBusByTCP;c:\windows\SYSTEM32\DRIVERS\KUSBusByTCP.sys [11/11/2008 1:59 PM 97664]
S3 PLISp50;PLISp50 NDIS Protocol Driver;c:\windows\SYSTEM32\DRIVERS\PLISp50.sys [1/16/2008 1:21 PM 27072]
S3 PortlUSB;PortlUSB;c:\windows\SYSTEM32\DRIVERS\SiriusUSB.sys [12/28/2005 8:24 PM 7552]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\SYSTEM32\DRIVERS\rcvpn.sys [5/2/2006 10:01 PM 23180]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\adnott\Application Data\Mozilla\Firefox\Profiles\kmroaven.default\
FF - prefs.js: browser.search.defaulturl - hxxp://google.com
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - user.js: yahoo.homepage.dontask - true
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-dplaysvr - c:\documents and settings\adnott\Application Data\dplaysvr.exe
HKCU-Run-Internet Security 2012 - c:\documents and settings\All Users\Application Data\isecurity.exe
HKLM-Run-dplaysvr - c:\documents and settings\adnott\Application Data\dplaysvr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-28 00:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\umonit.exe?p\WZSE1.TMP\imagemate-6.30\WinXP\fixustor.sys??????????????????????????A~?5??????????tqQ?l??? ??|`??|????]??|??D~?????????5??F$?|??B~??B~*?,??5????????????????????????????????B~????????????tqQ?????T?????Q?????tqQ???????V????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4090913760-1689954004-2845501671-1006\Software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
@Allowed: (2) (Administrators)
"Policy"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
"Policy"=hex:00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1696)
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(1668)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\BacsTray.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Windows Home Server\WHSTrayApp.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Verizon\McciBrowser.exe
.
**************************************************************************
.
Completion time: 2012-01-28 00:46:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-28 05:45
ComboFix2.txt 2012-01-26 01:58
.
Pre-Run: 9,334,677,504 bytes free
Post-Run: 7,745,761,280 bytes free
.
- - End Of File - - 8ECAA10D7BE2C85DF7F78D66B0677C9E

**WOLFH** · 2012-01-28, 16:27

Unable to get wireless to work now in safe mode with networking so the update failed. Logged back in to regular xp (non safe mode to post this). By the way, even aswMBR will not complete the definition update here - internet went out at 10.38 MB.

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-01-28 09:24:10
-----------------------------
09:24:10.539 OS Version: Windows 5.1.2600 Service Pack 3
09:24:10.539 Number of processors: 1 586 0xD06
09:24:10.539 ComputerName: MOBILE UserName: adnott
09:24:11.510 Initialize success
09:24:32.250 AVAST engine download error: 0
09:26:36.619 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:26:36.639 Disk 0 Vendor: HTS726060M9AT00 MH4OA6EA Size: 57231MB BusType: 3
09:26:36.669 Disk 0 MBR read successfully
09:26:36.689 Disk 0 MBR scan
09:26:36.709 Disk 0 unknown MBR code
09:26:36.739 Disk 0 MBR hidden
09:26:36.759 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 47 MB offset 63
09:26:36.799 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 53976 MB offset 96390
09:26:36.839 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3200 MB offset 110639655
09:26:36.869 Disk 0 Partition 4 80 (A) 17 Hidd HPFS/NTFS NTFS 7 MB offset 117194175
09:26:36.899 Disk 0 Partition 4 **SUSPICIOUS**
09:26:36.919 Disk 0 scanning sectors +117210224
09:26:37.099 Disk 0 scanning C:\WINDOWS\system32\drivers
09:26:49.497 Service scanning
09:26:54.444 Modules scanning
09:27:02.075 Disk 0 trace - called modules:
09:27:02.095 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a98bfa9]<<
09:27:02.095 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a93b860]
09:27:02.095 3 CLASSPNP.SYS[f76b7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a9cad98]
09:27:02.095 \Driver\atapi[0x8a9682e0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8a98bfa9
09:27:02.095 Scan finished successfully
09:29:37.188 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\adnott\Desktop\MBR.dat"
09:29:37.208 The log file has been saved successfully to "C:\Documents and Settings\adnott\Desktop\aswMBR-12811.txt"

**vict0r** · 2012-01-29, 14:11

Did Combofix alert you that it found Zero Access and needed to reboot?

The log you posted from aswMBR does not have the expected contents. What happened when you ran aswMBR as quoted below/described in my previous post?

Click Start -> Run..., copy and paste the following line into the run box, then click OK:
aswMBR.exe -ap 2

**WOLFH** · 2012-01-29, 15:29

Combo fix did find zero access and rebooted 2 times till completion. The first pass was nearly 1.5 hours.

When trying to run aswMBR.exe -ap 2 'file not found' but it is there on the desktop

**vict0r** · 2012-01-29, 16:24

Let's try this, if asked to download definitions, then answer No:

Click Start -> Run..., copy (including both double quotes) and paste the following line into the run box, then click OK:
"%userprofile%\Desktop\aswMBR.exe" -ap 2

Answer Yes to confirm the active partition change.
Click the Save log button to open the log and paste it into your next reply.

Reboot the computer.

aswMBR

Double click aswMBR.exe (on your desktop) to run it.
When asked if you want to download Avast's virus definitions please select No
Click the Scan button.
After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
Click OK > Exit.
Note: Do not attempt to fix anything at this stage!
Two files will be created, aswMBR.txt & a file named MBR.dat.
MBR.dat is a backup of the MBR(master boot record), do not delete it.
Copy & Paste the contents of aswMBR.txt into your next reply.

**WOLFH** · 2012-01-29, 16:30

running in safe mode- required?

**vict0r** · 2012-01-29, 16:43

Safe mode is not required, but may be needed if the program does not start.

**WOLFH** · 2012-01-29, 16:54

Click Start -> Run..., copy (including both double quotes) and paste the following line into the run box, then click OK:
"%userprofile%\Desktop\aswMBR.exe" -ap 2

Should I see a prompt immediately or after something has happened? I ran that line and saw a lot of Hard Drive activity but nothing else... it's been at least 10 minutes. (I did not run it from safe mode)

**vict0r** · 2012-01-29, 17:01

You may be immediately prompted to run the application, then you should immediately see the aswMBR window and the prompt to change the active partition.

Boot to safe mode, re-run rkill and then try again.

**WOLFH** · 2012-01-29, 19:51

"%userprofile%\Desktop\aswMBR.exe" -ap 2

Running in Safe Mode- I pasted this line in run and nothing happens. I then substituted my user name 'adnott' between the %'s and get the message:

adnott\Desktop\aswMBR.exe

Windows cannot find 'adnott\desktop\aswMBR.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start Button, and then Click Search.

I edit the run line back to userprofile instead of my log in user name and nothing....

Thread: DDS Will not complete, No task Manager, etc...

Thread Tools

Display

Posting Permissions