Jump to content

laptop won't connect to internet


Recommended Posts

It is a dell laptop running xp pro with service pack 3 and boots up fine but will not connect to the internet. I installed malwarebytes on it in safe mode from a flash drive and tried to run a scan. Everything looked normal until malwarebytes just shut down and when I tried to restart it I got an error message that stated that windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the file. When the computer was first brought to me by a friend the system clock had been changed to 2002. I reset that in order to get the computer to boot right.

Link to post
Share on other sites

You'll need to download this to your Flash Drive and transfer it to the laptop.

Windows Repair (all in one)

Download Windows Repair (all in one) from this site

Install and then run the program.

On the Start Repairs tab, select Advanced Mode and click Start

Capture1.gif

Select the items Checked in the screen shot below (remove the checks from the rest ) and check Restart System When Finished.

post-12-0-99865100-1337358713.png

----------

Once complete let me know if that fixed the issues. :)

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

 Sorry for the lack of response since I first posted. I've been doing a lot of hours at the prison that I work at. I downloaded the program you gave me the link to and installed and ran it. This version did not give me the option to select the advanced tab though. It did not resolve the problem of connecting to the internet. IE does not load up but Firefox will although it cannot connect to the homepage. I have tried wired and wireless connections. I did run a virus scan using openoffice portable off of the flashdrive but found nothing. Thanks again for the time. 

Try this:

Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:

IPCONFIG /release

IPCONFIG /flushdns

IPCONFIG /renew

IPCONFIG /registerdns

netsh winsock reset

netsh int ip reset

regsvr32 netshell.dll

regsvr32 netcfgx.dll

regsvr32 netman.dll

Exit

Link to post
Share on other sites

Copy Combofix to your flash drive and transfer it over to the non-working pc.

Download Combofix from any of the links below but rename it to iexplore.exe before saving it to your desktop.

If need be, Download the tools needed to a flash drive or other USB device, and transfer them to the infected computer.

Note:

If combofix (iexplore.exe) won't run from the desktop, try running it from the USB device.

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save iexplore.exe to your Desktop

Double click on the iexplore.exe ComboFix.exe & follow the prompts.

Be sure to download any updates.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

ComboFix 12-05-22.02 - D600 05/21/2012 23:53:11.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.202 [GMT -4:00]

Running from: c:\documents and settings\D600\Desktop\ComboFix.exe

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\6DFE5BE1-F7D0-5C3B-535B-1F2726BBB186.avi

c:\documents and settings\All Users\Application Data\6DFE5BE1-F7D0-5C3B-535B-1F2726BBB186.ico

c:\documents and settings\All Users\Application Data\d04cc2a

c:\documents and settings\All Users\Application Data\d04cc2a\638.mof

c:\documents and settings\All Users\Application Data\d04cc2a\WED.ico

c:\documents and settings\All Users\Application Data\d04cc2a\WEDDSys\vd952342.bd

c:\documents and settings\All Users\Start Menu\Programs\Security Defender

c:\documents and settings\All Users\Start Menu\Programs\Security Defender\Security Defender.lnk

c:\documents and settings\D600\Application Data\6DFE5BE1-F7D0-5C3B-535B-1F2726BBB186.avi

c:\documents and settings\D600\Application Data\6DFE5BE1-F7D0-5C3B-535B-1F2726BBB186.ico

c:\documents and settings\D600\Local Settings\Application Data\{D6609136-00B2-434C-AF00-EFA8B1095666}

c:\documents and settings\D600\Local Settings\Application Data\{D6609136-00B2-434C-AF00-EFA8B1095666}\chrome.manifest

c:\documents and settings\D600\Local Settings\Application Data\{D6609136-00B2-434C-AF00-EFA8B1095666}\chrome\content\_cfg.js

c:\documents and settings\D600\Local Settings\Application Data\{D6609136-00B2-434C-AF00-EFA8B1095666}\chrome\content\overlay.xul

c:\documents and settings\D600\Local Settings\Application Data\{D6609136-00B2-434C-AF00-EFA8B1095666}\install.rdf

c:\documents and settings\D600\Local Settings\Application Data\6DFE5BE1-F7D0-5C3B-535B-1F2726BBB186.avi

c:\documents and settings\D600\Start Menu\Programs\AnVi

c:\documents and settings\D600\Start Menu\Programs\AnVi\About.lnk

c:\documents and settings\D600\Start Menu\Programs\AnVi\Activate.lnk

c:\documents and settings\D600\Start Menu\Programs\AnVi\Antivirus Support.lnk

c:\documents and settings\D600\Start Menu\Programs\AnVi\Antivirus.lnk

c:\documents and settings\D600\Start Menu\Programs\AnVi\Buy.lnk

c:\documents and settings\D600\Start Menu\Programs\AnVi\Scan.lnk

c:\documents and settings\D600\Start Menu\Programs\AnVi\Settings.lnk

c:\documents and settings\D600\Start Menu\Programs\AnVi\Update.lnk

c:\documents and settings\D600\Start Menu\Programs\Security Defender

c:\program files\AnVi

c:\program files\Security Defender

c:\program files\Security Defender\Security Defender.dll

c:\program files\Security Defender\Security Defender.ico

c:\windows\PRAGMAwtxyexuwob

c:\windows\PRAGMAwtxyexuwob\PRAGMAcfg.ini

c:\windows\PRAGMAwtxyexuwob\PRAGMAsrcr.dat

c:\windows\system32\6DFE5BE1-F7D0-5C3B-535B-1F2726BBB186.avi

c:\windows\system32\c_03184.nl_

c:\windows\system32\drivers\vbmac37a.sys

c:\windows\system32\SET40B.tmp

c:\windows\system32\SET40C.tmp

.

Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\wuauclt.exe

.

Infected copy of c:\windows\system32\DRIVERS\usbhub.sys was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\usbhub.sys

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_PRAGMAWTXYEXUWOB

-------\Service_PRAGMAwtxyexuwob

-------\Service_vbmac37a

.

.

((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))

.

.

2012-05-21 14:12 . 2012-05-21 14:12 -------- d-----w- C:\Reg_Backup

2012-05-21 14:12 . 2012-05-21 14:17 181064 ----a-w- c:\windows\PSEXESVC.EXE

2012-05-21 14:12 . 2012-05-21 14:14 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs

2012-05-21 14:11 . 2012-05-21 14:11 -------- d-----w- c:\program files\Tweaking.com

2012-05-17 11:43 . 2012-05-17 11:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2012-05-17 08:59 . 2012-05-17 08:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-17 08:59 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-15 12:34 . 2012-05-17 08:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-05-15 12:34 . 2012-05-15 12:34 -------- d-----w- c:\documents and settings\D600\Application Data\Malwarebytes

2012-05-15 12:34 . 2012-05-15 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys

[-] 2008-04-13 19:19 . D41D8CD98F00B204E9800998ECF8427E . 0 . . [------] . . c:\windows\system32\drivers\ipsec.sys

[7] 2004-08-12 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys

.

[7] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys

[-] 2008-04-13 19:19 . D41D8CD98F00B204E9800998ECF8427E . 0 . . [------] . . c:\windows\system32\drivers\ipsec.sys

[7] 2004-08-12 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^6DFE5BE1-F7D0-5C3B-535B-1F2726BBB186.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\6DFE5BE1-F7D0-5C3B-535B-1F2726BBB186.lnk

backup=c:\windows\pss\6DFE5BE1-F7D0-5C3B-535B-1F2726BBB186.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^D600^Desktop^Startup^6DFE5BE1-F7D0-5C3B-535B-1F2726BBB186.lnk]

path=c:\documents and settings\D600\Desktop\Startup\6DFE5BE1-F7D0-5C3B-535B-1F2726BBB186.lnk

backup=c:\windows\pss\6DFE5BE1-F7D0-5C3B-535B-1F2726BBB186.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]

2002-12-17 16:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akuxejoxodokakej]

2008-04-14 00:12 72704 ----a-w- c:\windows\WMVDBAD.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]

2011-12-03 06:22 2415456 ----a-w- c:\program files\AVG\AVG2012\avgtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]

2006-11-01 16:48 1392640 ----a-w- c:\windows\system32\WLTRAY.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R280 Series]

2007-04-13 10:00 182272 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICKA.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hrikixuqot]

2008-04-14 00:12 199680 ----a-w- c:\windows\udovefifizo.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-01-25 20:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]

2009-07-17 15:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]

2009-12-09 01:29 240992 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-09-04 23:44 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xnorqlu]

2012-01-11 14:37 33280 ----a-w- c:\documents and settings\D600\Local Settings\Application Data\App\xnorqlu.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SeaPort"=2 (0x2)

"ose"=3 (0x3)

"NIS"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"gusvc"=3 (0x3)

"AVP"=3 (0x3)

"WMPNetworkSvc"=3 (0x3)

"wlidsvc"=2 (0x2)

"avgwd"=2 (0x2)

"AVGIDSAgent"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 2:14 AM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7/11/2011 2:13 AM 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 2:13 AM 230608]

R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [9/25/2007 6:13 PM 92550]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 2:14 AM 295248]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 2:14 AM 134608]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 2:14 AM 24272]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [7/11/2011 2:14 AM 16720]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/15/2012 8:34 AM 40776]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/12/2004 9:30 AM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 7:25 AM 4433248]

S4 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 7:09 AM 192776]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

.

.

------- Supplementary Scan -------

.

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\D600\Application Data\Mozilla\Firefox\Profiles\9ej5tf8a.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG2012\Firefox4

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)

HKCU-Run-6DFE5BE1-F7D0-5C3B-535B-1F2726BBB186 - c:\documents and settings\D600\Application Data\6DFE5BE1-F7D0-5C3B-535B-1F2726BBB186.avi

MSConfigStartUp-6DFE5BE1-F7D0-5C3B-535B-1F2726BBB186 - c:\windows\system32\6DFE5BE1-F7D0-5C3B-535B-1F2726BBB186.avi

MSConfigStartUp-dfrgsnapnt - c:\docume~1\D600\LOCALS~1\Temp\dfrgsnapnt.exe

MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

MSConfigStartUp-Gamevance - c:\program files\Gamevance\gamevance32.exe

MSConfigStartUp-SearchSettings - c:\program files\Dealio Toolbar\SearchSettings.exe

AddRemove-The Weather Channel Desktop 6 - c:\program files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-22 01:17

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(652)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(3228)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\System32\SCardSvr.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Completion time: 2012-05-22 01:22:25 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-22 05:22

.

Pre-Run: 26,311,151,616 bytes free

Post-Run: 26,238,337,024 bytes free

.

- - End Of File - - 03EB9916AE786ADC506D1280EC762309

The computer is still acting as it has been but when It rebooted after the scan there was an error message that stated this" Error loading C:\ Documents and Settings\ D600\ Application Data\ 6DFE5BE-77D0-5C3B-535B-1F2726BBB186.AVI

The specified module could not be found.

Link to post
Share on other sites

There are some others that need fixed.

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\documents and settings\D600\Local Settings\Application Data\App\xnorqlu.dll
c:\documents and settings\All Users\Start Menu\Programs\Startup\6DFE5BE1-F7D0-5C3B-535B-1F2726BBB186.lnk
c:\windows\pss\6DFE5BE1-F7D0-5C3B-535B-1F2726BBB186.lnk
c:\documents and settings\D600\Desktop\Startup\6DFE5BE1-F7D0-5C3B-535B-1F2726BBB186.lnk
c:\windows\WMVDBAD.dll
c:\windows\udovefifizo.dll

FCopy::
c:\windows\ServicePackFiles\i386\ipsec.sys | c:\windows\system32\drivers\ipsec.sys

ClearJavaCache::

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xnorqlu]
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^6DFE5BE1-F7D0-5C3B-535B-1F2726BBB186.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^D600^Desktop^Startup^6DFE5BE1-F7D0-5C3B-535B-1F2726BBB186.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akuxejoxodokakej]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hrikixuqot]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xnorqlu]

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Ok that seems to have fixed the connectivity trouble. I will paste the log and see if you see any other problems. Should I go ahead and install mbam?

ComboFix 12-05-22.02 - D600 05/22/2012 4:33.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.225 [GMT -4:00]

Running from: c:\documents and settings\D600\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\D600\Desktop\CFScript.txt

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

FILE ::

"c:\documents and settings\All Users\Start Menu\Programs\Startup\6DFE5BE1-F7D0-5C3B-535B-1F2726BBB186.lnk"

"c:\documents and settings\D600\Desktop\Startup\6DFE5BE1-F7D0-5C3B-535B-1F2726BBB186.lnk"

"c:\documents and settings\D600\Local Settings\Application Data\App\xnorqlu.dll"

"c:\windows\pss\6DFE5BE1-F7D0-5C3B-535B-1F2726BBB186.lnk"

"c:\windows\udovefifizo.dll"

"c:\windows\WMVDBAD.dll"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\drivers\vbmac37a.sys

.

c:\program files\AVG\AVG2012\avgwdsvc.exe . . . is infected!!

c:\program files\AVG\AVG2012\avgwdsvc.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\windows\System32\WLTRYSVC.EXE . . . is infected!!

c:\windows\System32\WLTRYSVC.EXE . . . was deleted!! You should re-install the program it pertains to

.

.

--------------- FCopy ---------------

.

c:\windows\ServicePackFiles\i386\ipsec.sys --> c:\windows\system32\drivers\ipsec.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_vbmac37a

.

.

((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))

.

.

2012-05-21 14:12 . 2012-05-21 14:12 -------- d-----w- C:\Reg_Backup

2012-05-21 14:12 . 2012-05-21 14:17 181064 ----a-w- c:\windows\PSEXESVC.EXE

2012-05-21 14:12 . 2012-05-21 14:14 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs

2012-05-21 14:11 . 2012-05-21 14:11 -------- d-----w- c:\program files\Tweaking.com

2012-05-17 11:43 . 2012-05-17 11:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2012-05-17 08:59 . 2012-05-17 08:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-17 08:59 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-15 12:34 . 2012-05-17 08:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-05-15 12:34 . 2012-05-15 12:34 -------- d-----w- c:\documents and settings\D600\Application Data\Malwarebytes

2012-05-15 12:34 . 2012-05-15 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-22_05.17.43 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-09-25 21:33 . 2009-08-06 23:24 53472 c:\windows\system32\wuauclt.exe

+ 2004-08-12 13:26 . 2012-05-22 08:50 95442 c:\windows\system32\perfc009.dat

- 2004-08-12 13:26 . 2012-05-22 05:19 95442 c:\windows\system32\perfc009.dat

+ 2004-08-12 13:20 . 2008-04-13 19:19 75264 c:\windows\system32\dllcache\ipsec.sys

+ 2004-08-12 13:26 . 2012-05-22 08:50 526008 c:\windows\system32\perfh009.dat

- 2004-08-12 13:26 . 2012-05-22 05:19 526008 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]

2002-12-17 16:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]

2011-12-03 06:22 2415456 ----a-w- c:\program files\AVG\AVG2012\avgtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]

2006-11-01 16:48 1392640 ----a-w- c:\windows\system32\WLTRAY.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R280 Series]

2007-04-13 10:00 182272 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICKA.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-01-25 20:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]

2009-07-17 15:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]

2009-12-09 01:29 240992 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-09-04 23:44 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SeaPort"=2 (0x2)

"ose"=3 (0x3)

"NIS"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"gusvc"=3 (0x3)

"AVP"=3 (0x3)

"WMPNetworkSvc"=3 (0x3)

"wlidsvc"=2 (0x2)

"avgwd"=2 (0x2)

"AVGIDSAgent"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 2:14 AM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7/11/2011 2:13 AM 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 2:13 AM 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 2:14 AM 295248]

R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [9/25/2007 6:13 PM 92550]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 2:14 AM 134608]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 2:14 AM 24272]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [7/11/2011 2:14 AM 16720]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/15/2012 8:34 AM 40776]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/12/2004 9:30 AM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 7:25 AM 4433248]

S4 avgwd;AVG WatchDog;"c:\program files\AVG\AVG2012\avgwdsvc.exe" --> c:\program files\AVG\AVG2012\avgwdsvc.exe [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

.

.

------- Supplementary Scan -------

.

TCP: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8

FF - ProfilePath - c:\documents and settings\D600\Application Data\Mozilla\Firefox\Profiles\9ej5tf8a.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG2012\Firefox4

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-22 04:49

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\windows\system32\wuauclt.exe.wusetup.496884.bak 111104 bytes executable

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(800)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(3904)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\System32\SCardSvr.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\Ati2evxx.exe

.

**************************************************************************

.

Completion time: 2012-05-22 04:53:33 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-22 08:53

ComboFix2.txt 2012-05-22 05:22

.

Pre-Run: 26,240,716,800 bytes free

Post-Run: 26,207,072,256 bytes free

.

- - End Of File - - 99AFB60C174C950A50383ED53CF1927C

Again thanks for the help.

Link to post
Share on other sites

I missed one:

c:\documents and settings\D600\Application Data\Malwarebytes

It doesn't belong there.

We'll need to run mbam clean after this before installing it again

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

Folder::
c:\documents and settings\D600\Application Data\Malwarebytes

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Once you have run the last fix, do this:


  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here

    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Link to post
Share on other sites

The computer locked up after combComboFix ofix did it's thing. I had to do a hard reboot and then it finished the log.

12-05-22.02 - D600 05/22/2012 6:46.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.41 [GMT -4:00]

Running from: c:\documents and settings\D600\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\D600\Desktop\CFScript.txt

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\D600\Application Data\Malwarebytes

c:\windows\system32\drivers\vbmac37a.sys

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_vbmac37a

.

.

((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))

.

.

2012-05-22 09:41 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2012-05-22 09:35 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2012-05-21 14:12 . 2012-05-21 14:12 -------- d-----w- C:\Reg_Backup

2012-05-21 14:12 . 2012-05-21 14:17 181064 ----a-w- c:\windows\PSEXESVC.EXE

2012-05-21 14:12 . 2012-05-21 14:14 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs

2012-05-21 14:11 . 2012-05-21 14:11 -------- d-----w- c:\program files\Tweaking.com

2012-05-17 11:43 . 2012-05-17 11:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2012-05-17 08:59 . 2012-05-17 08:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-17 08:59 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-15 12:34 . 2012-05-17 08:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-05-15 12:34 . 2012-05-15 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-21 01:19 . 2012-05-22 09:56 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-22_05.17.43 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-05-22 10:19 . 2012-05-22 10:19 21880 c:\windows\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe

- 2010-10-09 18:44 . 2010-10-09 18:44 21880 c:\windows\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe

+ 2007-09-25 21:33 . 2009-08-06 23:24 53472 c:\windows\system32\wuauclt.exe

+ 2007-07-18 12:42 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe

- 2007-07-18 12:42 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe

+ 2004-08-12 13:26 . 2012-05-22 10:38 95442 c:\windows\system32\perfc009.dat

- 2004-08-12 13:26 . 2012-05-22 05:19 95442 c:\windows\system32\perfc009.dat

- 2004-08-12 13:25 . 2009-10-08 18:56 20480 c:\windows\system32\oleaccrc.dll

+ 2004-08-12 13:25 . 2011-09-26 15:41 20480 c:\windows\system32\oleaccrc.dll

+ 2004-08-12 13:24 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys

+ 2004-08-12 13:20 . 2008-04-13 19:19 75264 c:\windows\system32\drivers\ipsec.sys

+ 2004-08-12 13:25 . 2011-09-26 15:41 20480 c:\windows\system32\dllcache\oleaccrc.dll

- 2004-08-12 13:25 . 2009-10-08 18:56 20480 c:\windows\system32\dllcache\oleaccrc.dll

+ 2004-08-12 13:20 . 2008-04-13 19:19 75264 c:\windows\system32\dllcache\ipsec.sys

+ 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll

- 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll

+ 2004-08-12 13:18 . 2011-10-28 05:31 33280 c:\windows\system32\csrsrv.dll

- 2004-08-12 13:18 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll

+ 2011-12-26 07:54 . 2011-12-26 07:54 15120 c:\windows\Microsoft.NET\Framework\v4.0.30319\webengine.dll

+ 2011-12-26 07:54 . 2011-12-26 07:54 33552 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe

- 2010-10-09 18:44 . 2010-10-09 18:44 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

+ 2012-05-22 10:16 . 2012-05-22 10:16 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

+ 2012-05-22 10:16 . 2012-05-22 10:16 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

+ 2012-05-22 10:16 . 2012-05-22 10:16 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

- 2010-10-09 18:44 . 2010-10-09 18:44 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll

+ 2012-05-22 10:16 . 2012-05-22 10:16 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll

+ 2012-05-22 10:16 . 2012-05-22 10:16 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll

- 2010-10-09 18:44 . 2010-10-09 18:44 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll

- 2010-10-09 18:44 . 2010-10-09 18:44 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2010-10-09 18:44 . 2010-10-09 18:44 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll

- 2010-10-09 18:44 . 2010-10-09 18:44 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll

- 2010-10-09 18:44 . 2010-10-09 18:44 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll

- 2010-10-09 18:43 . 2010-10-09 18:43 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll

- 2010-10-09 18:44 . 2010-10-09 18:44 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll

- 2010-10-09 18:44 . 2010-10-09 18:44 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll

- 2010-10-09 18:43 . 2010-10-09 18:43 95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll

+ 2012-05-22 10:18 . 2012-05-22 10:18 95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll

- 2010-10-09 18:43 . 2010-10-09 18:43 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe

- 2010-10-09 18:44 . 2010-10-09 18:44 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe

+ 2012-05-22 10:15 . 2012-05-22 10:15 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2011-04-15 00:18 . 2011-04-15 00:18 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2012-05-22 10:18 . 2012-05-22 10:18 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll

- 2010-10-09 18:43 . 2010-10-09 18:43 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll

- 2010-10-09 18:44 . 2010-10-09 18:44 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2012-05-22 10:57 . 2012-05-22 10:57 55808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\cad77c4fc754ff28464ee641fc166d16\System.Xaml.Hosting.ni.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll

+ 2004-08-12 13:33 . 2011-04-26 11:07 293376 c:\windows\system32\winsrv.dll

- 2004-08-12 13:33 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll

- 2008-07-29 23:59 . 2009-10-08 18:57 611328 c:\windows\system32\uiautomationcore.dll

+ 2008-07-29 23:59 . 2011-09-26 15:41 611328 c:\windows\system32\uiautomationcore.dll

+ 2004-08-12 13:26 . 2012-05-22 10:38 526008 c:\windows\system32\perfh009.dat

- 2004-08-12 13:26 . 2012-05-22 05:19 526008 c:\windows\system32\perfh009.dat

- 2004-08-12 13:25 . 2008-04-14 00:12 551936 c:\windows\system32\oleaut32.dll

+ 2004-08-12 13:25 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll

- 2004-08-12 13:25 . 2009-10-08 18:57 220160 c:\windows\system32\oleacc.dll

+ 2004-08-12 13:25 . 2011-09-26 15:41 220160 c:\windows\system32\oleacc.dll

+ 2007-09-25 21:33 . 2011-10-10 14:22 692736 c:\windows\system32\inetcomm.dll

- 2007-09-25 21:33 . 2011-03-07 05:33 692736 c:\windows\system32\inetcomm.dll

- 2004-08-12 13:19 . 2011-02-09 13:53 186880 c:\windows\system32\encdec.dll

+ 2004-08-12 13:19 . 2011-10-18 11:13 186880 c:\windows\system32\encdec.dll

+ 2004-08-12 13:23 . 2011-04-21 13:37 105472 c:\windows\system32\drivers\mup.sys

+ 2004-08-12 13:22 . 2011-07-15 13:29 456320 c:\windows\system32\drivers\mrxsmb.sys

+ 2004-08-12 13:17 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd.sys

- 2004-08-12 13:17 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys

- 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll

+ 2010-06-18 17:45 . 2011-04-26 11:07 293376 c:\windows\system32\dllcache\winsrv.dll

+ 2007-09-25 21:33 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll

+ 2010-12-20 17:32 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll

+ 2004-08-12 13:25 . 2011-09-26 15:41 220160 c:\windows\system32\dllcache\oleacc.dll

- 2004-08-12 13:25 . 2009-10-08 18:57 220160 c:\windows\system32\dllcache\oleacc.dll

+ 2009-10-21 19:19 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys

+ 2009-10-21 19:18 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll

- 2009-10-21 19:18 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll

- 2011-02-09 13:53 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll

+ 2011-02-09 13:53 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll

+ 2011-09-28 07:06 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll

- 2008-06-20 11:40 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys

+ 2008-06-20 11:40 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys

- 2004-08-12 13:18 . 2008-04-14 00:11 599040 c:\windows\system32\crypt32.dll

+ 2004-08-12 13:18 . 2011-09-28 07:06 599040 c:\windows\system32\crypt32.dll

+ 2011-12-26 07:54 . 2011-12-26 07:54 496400 c:\windows\Microsoft.NET\Framework\v4.0.30319\webengine4.dll

+ 2011-12-26 08:39 . 2011-12-26 08:39 192792 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe

- 2011-04-15 00:19 . 2011-04-15 00:19 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

+ 2012-05-22 10:16 . 2012-05-22 10:16 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

+ 2012-05-22 10:16 . 2012-05-22 10:16 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll

+ 2012-05-22 10:16 . 2012-05-22 10:16 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll

- 2010-10-09 18:44 . 2010-10-09 18:44 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll

- 2010-10-09 18:44 . 2010-10-09 18:44 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll

+ 2012-05-22 10:16 . 2012-05-22 10:16 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2010-10-09 18:44 . 2010-10-09 18:44 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll

- 2010-10-09 18:44 . 2010-10-09 18:44 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll

- 2010-10-09 18:44 . 2010-10-09 18:44 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll

- 2010-10-09 18:44 . 2010-10-09 18:44 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll

- 2010-10-09 18:43 . 2010-10-09 18:43 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll

+ 2012-05-22 10:16 . 2012-05-22 10:16 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll

- 2010-10-09 18:44 . 2010-10-09 18:44 316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll

- 2010-10-09 18:44 . 2010-10-09 18:44 170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2012-05-22 10:16 . 2012-05-22 10:16 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2012-05-22 10:16 . 2012-05-22 10:16 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2010-10-09 18:43 . 2010-10-09 18:43 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll

+ 2012-05-22 10:18 . 2012-05-22 10:18 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll

+ 2012-05-22 10:18 . 2012-05-22 10:18 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll

- 2010-10-09 18:43 . 2010-10-09 18:43 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll

+ 2012-05-22 10:18 . 2012-05-22 10:18 804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll

- 2010-10-09 18:43 . 2010-10-09 18:43 804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2012-05-22 10:16 . 2012-05-22 10:16 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll

+ 2012-05-22 10:16 . 2012-05-22 10:16 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

+ 2012-05-22 10:16 . 2012-05-22 10:16 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

+ 2012-05-22 10:16 . 2012-05-22 10:16 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

+ 2012-05-22 10:16 . 2012-05-22 10:16 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

+ 2012-05-22 10:16 . 2012-05-22 10:16 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

- 2010-10-09 18:44 . 2010-10-09 18:44 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll

- 2010-10-09 18:44 . 2010-10-09 18:44 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2010-10-09 18:44 . 2010-10-09 18:44 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2010-10-09 18:44 . 2010-10-09 18:44 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2010-10-09 18:44 . 2010-10-09 18:44 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2012-05-22 10:16 . 2012-05-22 10:16 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2012-05-22 10:16 . 2012-05-22 10:16 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2012-05-22 10:18 . 2012-05-22 10:18 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

- 2010-10-09 18:43 . 2010-10-09 18:43 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

+ 2012-05-22 10:06 . 2009-03-08 08:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll

+ 2012-05-22 10:06 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll

+ 2012-05-22 10:06 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe

+ 2009-10-21 19:19 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys

+ 2012-05-22 10:57 . 2012-05-22 10:57 424448 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\af1f0e68692587e4d80e3b53f8fb290a\System.ServiceModel.Activation.ni.dll

+ 2012-05-22 10:55 . 2012-05-22 10:55 768512 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ecb223445194da6576186b598f3d40ac\System.Runtime.Remoting.ni.dll

+ 2012-05-22 10:55 . 2012-05-22 10:55 471040 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\9d9fd24831d556a0801f93527fcaaa12\ComSvcConfig.ni.exe

+ 2012-05-22 10:54 . 2012-05-22 10:54 848384 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\f0ad3caa67a701f532b3d569cb100f66\AspNetMMCExt.ni.dll

+ 2004-08-12 13:25 . 2011-11-01 16:07 1288704 c:\windows\system32\ole32.dll

+ 2010-07-16 12:05 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll

+ 2011-12-26 07:54 . 2011-12-26 07:54 1863464 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.dll

+ 2011-12-26 07:54 . 2011-12-26 07:54 5230864 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.dll

+ 2011-04-28 15:06 . 2011-04-28 15:06 1749880 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DataVisualization.dll

+ 2012-05-22 10:16 . 2012-05-22 10:16 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 3481928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 3481928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll

- 2010-10-09 18:44 . 2010-10-09 18:44 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll

- 2010-10-09 18:44 . 2010-10-09 18:44 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 4982120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 4982120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 1863464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 1749880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

- 2010-10-09 18:43 . 2010-10-09 18:43 5078360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2012-05-22 10:18 . 2012-05-22 10:18 5078360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll

+ 2012-05-22 10:16 . 2012-05-22 10:16 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll

- 2010-10-09 18:44 . 2010-10-09 18:44 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll

- 2010-10-09 18:44 . 2010-10-09 18:44 1064816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 1064816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll

+ 2012-05-22 10:19 . 2012-05-22 10:19 5230864 c:\windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll

+ 2012-05-22 10:16 . 2012-05-22 10:16 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll

- 2011-04-15 00:18 . 2011-04-15 00:18 5196112 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 5196112 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll

- 2011-04-15 00:19 . 2011-04-15 00:19 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll

+ 2012-05-22 10:15 . 2012-05-22 10:15 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll

+ 2011-12-26 09:06 . 2011-12-26 09:06 5115392 c:\windows\Installer\4cc0ff.msp

+ 2011-04-28 21:51 . 2011-04-28 21:51 1375744 c:\windows\Installer\4cc0f9.msp

+ 2012-05-22 10:56 . 2012-05-22 10:56 1866752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\4fe3b65cecb042fd4fe62f1f4111dbf6\System.Web.Services.ni.dll

+ 2012-05-22 10:57 . 2012-05-22 10:57 1048064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\34479c688b67ace5dfdef4a44da34a24\System.ServiceModel.Web.ni.dll

+ 2012-05-22 10:57 . 2012-05-22 10:57 2008576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\b3ae59a96b5b6947f313f6b27a18bd60\System.Data.Services.ni.dll

+ 2012-05-22 10:57 . 2012-05-22 10:57 1398272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\e56281e3300e711518a958f26156641d\System.Data.Entity.Design.ni.dll

+ 2012-05-22 10:55 . 2012-05-22 10:55 1133568 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\0e3fedd31c0ea18430424b1c7fe3ed0c\Microsoft.VisualBasic.Compatibility.ni.dll

+ 2012-05-22 10:56 . 2012-05-22 10:56 11999232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\cb8644232323ba1738c3506897862e56\System.Web.ni.dll

+ 2012-05-22 10:20 . 2012-05-22 10:20 10859008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\3c525a773039c9be1cb93fa7f17f584f\System.Design.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]

2002-12-17 16:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]

2006-11-01 16:48 1392640 ----a-w- c:\windows\system32\WLTRAY.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R280 Series]

2007-04-13 10:00 182272 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICKA.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-01-25 20:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]

2009-07-17 15:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]

2009-12-09 01:29 240992 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-09-04 23:44 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SeaPort"=2 (0x2)

"ose"=3 (0x3)

"NIS"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"gusvc"=3 (0x3)

"AVP"=3 (0x3)

"WMPNetworkSvc"=3 (0x3)

"wlidsvc"=2 (0x2)

"avgwd"=2 (0x2)

"AVGIDSAgent"=2 (0x2)

"wuauserv"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 2:14 AM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7/11/2011 2:13 AM 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 2:13 AM 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 2:14 AM 295248]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [9/25/2007 6:13 PM 92550]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 2:14 AM 134608]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 2:14 AM 24272]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [7/11/2011 2:14 AM 16720]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/15/2012 8:34 AM 40776]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/22/2012 5:56 AM 129976]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/12/2004 9:30 AM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 7:25 AM 4433248]

S4 avgwd;AVG WatchDog;"c:\program files\AVG\AVG2012\avgwdsvc.exe" --> c:\program files\AVG\AVG2012\avgwdsvc.exe [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

.

.

------- Supplementary Scan -------

.

TCP: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8

FF - ProfilePath - c:\documents and settings\D600\Application Data\Mozilla\Firefox\Profiles\9ej5tf8a.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-22 09:25

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(804)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(2404)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\System32\SCardSvr.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\SearchIndexer.exe

.

**************************************************************************

.

Completion time: 2012-05-22 09:28:14 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-22 13:28

ComboFix2.txt 2012-05-22 08:53

ComboFix3.txt 2012-05-22 05:22

.

Pre-Run: 25,596,452,864 bytes free

Post-Run: 25,518,120,960 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - A18303DC65754A31CA535DC940A48FFE

Link to post
Share on other sites

The mbam scan came up with 14 items that I will post. I clicked the remove selected items but have not restarted computer until I posted this. But at least the computeris now accessing the internet as it should.

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.23.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

D600 :: D600-AA5F1F7BBB [administrator]

5/22/2012 9:51:57 AM

mbam-log-2012-05-22 (10-08-48).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 207405

Time elapsed: 16 minute(s), 19 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCR\CLSID\{4FA18276-912A-11D1-AD9B-00C04FD8FDFF} (Trojan.Agent.Max) -> No action taken.

Registry Values Detected: 2

HKCU\SOFTWARE|24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> Data: -> No action taken.

HKCU\SOFTWARE|7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Data: -> No action taken.

Registry Data Items Detected: 1

HKCR\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=213&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> No action taken.

Folders Detected: 1

C:\Documents and Settings\D600\Application Data\Security Defender (Rogue.SecurityDefender) -> No action taken.

Files Detected: 9

C:\WINDOWS\udovefifizo.dll (Trojan.Hiloti) -> No action taken.

C:\WINDOWS\WMVDBAD.dll (Trojan.Hiloti) -> No action taken.

C:\Documents and Settings\D600\Application Data\Security Defender\{1011D261-C5D1-4913-E798-AF2238D9EEF0}.pst (Rogue.SecurityDefender) -> No action taken.

C:\Documents and Settings\D600\Application Data\Security Defender\{FD54F037-A9A8-4E7D-EB9B-24AF8E105112}.pst (Rogue.SecurityDefender) -> No action taken.

C:\Documents and Settings\All Users\Application Data\pragmamfeklnmal.dll (Rootkit.TDSS) -> No action taken.

C:\Documents and Settings\D600\Application Data\usernt.dat (Malware.Trace) -> No action taken.

C:\WINDOWS\system32\msxslt.dat (Malware.Trace) -> No action taken.

C:\Documents and Settings\D600\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Defender.lnk (Rogue.SecurityDefender) -> No action taken.

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\shsvcs.dll (Trojan.Agent.Max) -> No action taken.

(end)

Link to post
Share on other sites

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.
  • Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
    •Free browser plug-in for Internet Explorer and Firefox
    •Real-time safety ratings
    •Ideal for Facebook, Twitter and LinkedIn
  • JAVA Click this link and click on the Free JAVA Download
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.