Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

The specified service does not exist as an installed service

Started by el_jack, Jul 31 2012 10:32 AM

This topic is locked
Go to first unread post

25 replies to this topic

#1
el_jack

Posted 31 July 2012 - 10:32 AM

New Member

Members
32 posts

The machine in question is a emachine running windows 7. It had viruses on it. It will not allow me to open device manager or any other service. The message box says " The specified service does not exist as an installed service. I ran malwarebytes and removed 4 viruses and how I did that was by taking the hardrive and docking it in a usb stand and scanned it on another pc. I hook the hard drive in the pc it belongs in and it still is doing the same thing. It is not allowing me to access device manager, Malwarebyte or any service. The machine is hard wired to internet but it says not connected. In safe mode with networking I still can not connect to internet but Malwarebyte runs. I ran it again and the machine shows no infections. I tried the device manager but It opened with no icons the window is blank. How can I fix this? I know there is a hidden service running in the background I want to unhide it or delete it.

Thanks

#2
screen317

Posted 31 July 2012 - 10:34 AM

MBAM Sentinel

Moderators
19,465 posts

Gender:Male
Location:New Haven, CT

Hi and welcome to Malwarebytes.

Transfer any needed tools from a clean computer via flash drive or CD.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Chris Fistonich
Research Team

#3
el_jack

Posted 01 August 2012 - 02:22 PM

New Member

Members
32 posts

hello

Here is the malware quick scan and dds

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.03.05
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Receptionist :: RECEPTIONIST-PC [administrator]
8/1/2012 2:17:38 PM
mbam-log-2012-08-01 (14-17-38).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210422
Time elapsed: 2 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

Here is the dds scan

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.5.0_17
Run by Receptionist at 13:51:01 on 2012-08-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.3384 [GMT -5:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Host Intrusion Prevention Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80273&lng=en
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=17360910a116p0455v115r4582s216
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=17360910a116p0455v115r4582s216
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=17360910a116p0455v115r4582s216
uURLSearchHooks: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
BHO: : {ccb69577-088b-4004-9ed8-ff5bcc83a039} - C:\PROGRA~2\REBATE~1\RebateI.dll
BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [vchap] rundll32.exe "C:\Users\RECEPT~1\AppData\Local\Temp\vchap.dll",IsConvertImagesDialogShowed
uRun: [PortableMedia] "C:\Users\Receptionist\AppData\Local\Portable\PortableMedia.exe" /b
uRun: [pasfri] rundll32.exe "C:\Users\RECEPT~1\AppData\Local\Temp\pasfri.dll",QuaternionLn
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: agencyanywhere.agency.ni.nwie.net
Trusted Zone: skilldialogue.com
Trusted Zone: skillport.com
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://logic.live.primorisservices.com/systemInfo/ScriptX/smsx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {9916D178-71C8-4764-969C-95B9B67A1F76} - hxxps://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://agents.nationwide.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 10.1.10.1
TCP: Interfaces\{B91B9BA9-4B3F-4729-B204-73F2C2BCEE58} : DhcpNameServer = 10.1.10.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~2\REBATE~1\RebateI.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
BHO-X64: : {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~2\REBATE~1\RebateI.dll
BHO-X64: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
TB-X64: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun-x64: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun-x64: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);\??\C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS --> C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS [?]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R3 FirehkMP;FirehkMP;C:\Windows\system32\DRIVERS\firehk.sys --> C:\Windows\system32\DRIVERS\firehk.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 enterceptAgent;McAfee Host Intrusion Prevention Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-6-15 1498224]
S2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176]
S2 hips;McAfee HIPSCore Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2011-2-7 39840]
S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-3-25 226624]
S2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-8-25 20792]
S2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-1-12 120128]
S2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2011-5-10 183040]
S2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2010-8-25 66880]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-5-3 243232]
S3 Firehk;McAfee NDIS Intermediate Filter;C:\Windows\system32\DRIVERS\firehk.sys --> C:\Windows\system32\DRIVERS\firehk.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176]
S3 HIPK;McAfee Inc. HIPK;C:\Windows\system32\drivers\HIPK.sys --> C:\Windows\system32\drivers\HIPK.sys [?]
S3 HIPPSK;McAfee Inc. HIPPSK;C:\Windows\system32\drivers\HIPPSK.sys --> C:\Windows\system32\drivers\HIPPSK.sys [?]
S3 HIPQK;McAfee Inc. HIPQK;C:\Windows\system32\drivers\HIPQK.sys --> C:\Windows\system32\drivers\HIPQK.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-21 21:28:57 102248 ----a-w- C:\Users\Receptionist\GoToAssistDownloadHelper.exe
.
============= FINISH: 13:51:48.20 ===============

#4
screen317

Posted 01 August 2012 - 10:59 PM

MBAM Sentinel

Moderators
19,465 posts

Gender:Male
Location:New Haven, CT

Hi,

Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Chris Fistonich
Research Team

#5
el_jack

Posted 01 August 2012 - 11:49 PM

New Member

Members
32 posts

here is the combofix txt file and new dds text file
ComboFix 12-07-31.03 - Receptionist 08/01/2012 23:35:07.1.1 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.3375 [GMT -5:00]
Running from: c:\users\Receptionist\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Host Intrusion Prevention Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\RECEPT~1\AppData\Local\Temp\pasfri.dll
c:\users\Receptionist\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 18:46 . 2011-12-05 20:34 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-11 08:15 . 2010-09-09 18:30 57848688 ----a-w- c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}]
2011-10-25 03:01 832680 ----a-w- c:\progra~2\REBATE~1\RebateI.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2010-03-26 563744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 136176]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-03-25 226624]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-08-26 20792]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232]
R3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\DRIVERS\firehk.sys [2008-10-17 56648]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 136176]
R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2010-06-15 138904]
R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2010-06-15 45424]
R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2010-06-15 40152]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-19 100520]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-09 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-06-15 1498224]
R4 hips;McAfee HIPSCore Service;c:\program files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2010-06-15 39840]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-19 281416]
S1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);c:\windows\system32\Drivers\NEOFLTR_650_15991.SYS [2010-06-08 100472]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-04-19 156248]
S3 FirehkMP;FirehkMP;c:\windows\system32\DRIVERS\firehk.sys [2008-10-17 56648]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 19:38]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 19:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80273&lng=en
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=17360910a116p0455v115r4582s216
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: agencyanywhere.agency.ni.nwie.net
Trusted Zone: skilldialogue.com
Trusted Zone: skillport.com
TCP: DhcpNameServer = 10.1.10.1
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - c:\progra~2\REBATE~1\RebateI.dll
DPF: {9916D178-71C8-4764-969C-95B9B67A1F76} - hxxps://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-PortableMedia - c:\users\Receptionist\AppData\Local\Portable\PortableMedia.exe
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-01 23:45:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-02 04:45
.
Pre-Run: 420,662,083,584 bytes free
Post-Run: 420,605,194,240 bytes free
.
- - End Of File - - 4A08DEE2E1A07AAA1E23777F6B1BB142

---------dds-------------file
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.5.0_17
Run by Receptionist at 23:46:43 on 2012-08-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.3262 [GMT -5:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Host Intrusion Prevention Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80273&lng=en
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=17360910a116p0455v115r4582s216
uURLSearchHooks: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
BHO: : {ccb69577-088b-4004-9ed8-ff5bcc83a039} - C:\PROGRA~2\REBATE~1\RebateI.dll
BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: agencyanywhere.agency.ni.nwie.net
Trusted Zone: skilldialogue.com
Trusted Zone: skillport.com
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://logic.live.primorisservices.com/systemInfo/ScriptX/smsx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {9916D178-71C8-4764-969C-95B9B67A1F76} - hxxps://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://agents.nationwide.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 10.1.10.1
TCP: Interfaces\{B91B9BA9-4B3F-4729-B204-73F2C2BCEE58} : DhcpNameServer = 10.1.10.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~2\REBATE~1\RebateI.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
BHO-X64: : {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~2\REBATE~1\RebateI.dll
BHO-X64: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
TB-X64: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun-x64: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);\??\C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS --> C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS [?]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R3 FirehkMP;FirehkMP;C:\Windows\system32\DRIVERS\firehk.sys --> C:\Windows\system32\DRIVERS\firehk.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176]
S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-3-25 226624]
S2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-8-25 20792]
S2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-1-12 120128]
S2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2011-5-10 183040]
S2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2010-8-25 66880]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-5-3 243232]
S3 Firehk;McAfee NDIS Intermediate Filter;C:\Windows\system32\DRIVERS\firehk.sys --> C:\Windows\system32\DRIVERS\firehk.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176]
S3 HIPK;McAfee Inc. HIPK;C:\Windows\system32\drivers\HIPK.sys --> C:\Windows\system32\drivers\HIPK.sys [?]
S3 HIPPSK;McAfee Inc. HIPPSK;C:\Windows\system32\drivers\HIPPSK.sys --> C:\Windows\system32\drivers\HIPPSK.sys [?]
S3 HIPQK;McAfee Inc. HIPQK;C:\Windows\system32\drivers\HIPQK.sys --> C:\Windows\system32\drivers\HIPQK.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 enterceptAgent;McAfee Host Intrusion Prevention Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-6-15 1498224]
S4 hips;McAfee HIPSCore Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2011-2-7 39840]
.
=============== Created Last 30 ================
.
2012-08-02 04:41:35 -------- d-----w- C:\$RECYCLE.BIN
2012-08-02 04:21:07 98816 ----a-w- C:\Windows\sed.exe
2012-08-02 04:21:07 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-02 04:21:07 256000 ----a-w- C:\Windows\PEV.exe
2012-08-02 04:21:07 208896 ----a-w- C:\Windows\MBR.exe
.
==================== Find3M ====================
.
2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 23:46:57.04 ===============

#6
screen317

Posted 02 August 2012 - 02:40 PM

MBAM Sentinel

Moderators
19,465 posts

Gender:Male
Location:New Haven, CT

Hi,

I suggest uninstalling this:

Rebate Informer

Reboot.

Run TFC by OldTimer to clear temporary files:

Please download TFC from here and save it to your desktop.
Close any open programs and Internet browsers.
Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Next, please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Chris Fistonich
Research Team

#7
el_jack

Posted 02 August 2012 - 02:47 PM

New Member

Members
32 posts

hello I reposted again (sorry)and another member suggested roguekill and here are the results from both dds attatch and rogue kill text

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.5.0_17
Run by Receptionist at 13:14:51 on 2012-08-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.3410 [GMT -5:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Host Intrusion Prevention Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80273&lng=en
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=17360910a116p0455v115r4582s216
uURLSearchHooks: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
BHO: : {ccb69577-088b-4004-9ed8-ff5bcc83a039} - C:\PROGRA~2\REBATE~1\RebateI.dll
BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: agencyanywhere.agency.ni.nwie.net
Trusted Zone: skilldialogue.com
Trusted Zone: skillport.com
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://logic.live.primorisservices.com/systemInfo/ScriptX/smsx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {9916D178-71C8-4764-969C-95B9B67A1F76} - hxxps://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://agents.nationwide.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 10.1.10.1
TCP: Interfaces\{B91B9BA9-4B3F-4729-B204-73F2C2BCEE58} : DhcpNameServer = 10.1.10.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~2\REBATE~1\RebateI.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
BHO-X64: : {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~2\REBATE~1\RebateI.dll
BHO-X64: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
TB-X64: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun-x64: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);\??\C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS --> C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS [?]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R3 FirehkMP;FirehkMP;C:\Windows\system32\DRIVERS\firehk.sys --> C:\Windows\system32\DRIVERS\firehk.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176]
S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-3-25 226624]
S2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-8-25 20792]
S2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-1-12 120128]
S2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2011-5-10 183040]
S2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2010-8-25 66880]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-5-3 243232]
S3 Firehk;McAfee NDIS Intermediate Filter;C:\Windows\system32\DRIVERS\firehk.sys --> C:\Windows\system32\DRIVERS\firehk.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176]
S3 HIPK;McAfee Inc. HIPK;C:\Windows\system32\drivers\HIPK.sys --> C:\Windows\system32\drivers\HIPK.sys [?]
S3 HIPPSK;McAfee Inc. HIPPSK;C:\Windows\system32\drivers\HIPPSK.sys --> C:\Windows\system32\drivers\HIPPSK.sys [?]
S3 HIPQK;McAfee Inc. HIPQK;C:\Windows\system32\drivers\HIPQK.sys --> C:\Windows\system32\drivers\HIPQK.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 enterceptAgent;McAfee Host Intrusion Prevention Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-6-15 1498224]
S4 hips;McAfee HIPSCore Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2011-2-7 39840]
.
=============== Created Last 30 ================
.
2012-08-02 16:53:00 -------- d-----w- C:\Users\Receptionist\AppData\Roaming\WildTangent
2012-08-02 04:41:35 -------- d-----w- C:\$RECYCLE.BIN
2012-08-02 04:21:07 98816 ----a-w- C:\Windows\sed.exe
2012-08-02 04:21:07 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-02 04:21:07 256000 ----a-w- C:\Windows\PEV.exe
2012-08-02 04:21:07 208896 ----a-w- C:\Windows\MBR.exe
.
==================== Find3M ====================
.
2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 13:15:47.95 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/9/2010 12:55:23 PM
System Uptime: 8/2/2012 1:13:52 PM (0 hours ago)
.
Motherboard: eMachines | | ET1350
Processor: AMD Athlon™ II 160u Processor | CPU 1 | 1808/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 447 GiB total, 392.849 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP113: 4/26/2012 4:05:30 PM - Scheduled Checkpoint
RP114: 5/4/2012 2:30:15 PM - Scheduled Checkpoint
RP115: 5/10/2012 7:34:04 AM - Windows Update
RP116: 5/11/2012 3:00:12 AM - Windows Update
RP117: 5/22/2012 1:48:14 PM - Scheduled Checkpoint
RP118: 5/30/2012 9:04:40 AM - Scheduled Checkpoint
RP119: 6/11/2012 2:09:39 PM - Scheduled Checkpoint
RP120: 7/3/2012 10:57:09 AM - Scheduled Checkpoint
RP121: 7/11/2012 12:00:05 AM - Scheduled Checkpoint
RP122: 7/20/2012 5:12:43 PM - Scheduled Checkpoint
RP123: 8/2/2012 12:37:59 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.6 MUI
Advertising Center
AppGraffiti
Bejeweled 2 Deluxe
Blackhawk Striker 2
Bob the Builder Can-Do-Zoo
Brother MFL-Pro Suite MFC-8480DN
Build-a-lot 2
Citrix XenApp Plugin for Hosted Apps
Compatibility Pack for the 2007 Office system
CyberLink PowerDVD 9
eBay Worldwide
eMachines Game Console
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
Escape Rosecliff Island
Faerie Solitaire
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
Hotkey Utility
Identity Card
ImagXpress
Inbox Toolbar
Internet TV for Windows Media Center
J2SE Runtime Environment 5.0 Update 17
Java Auto Updater
Java™ 6 Update 29
Jewel Quest Solitaire 3
Juniper Networks Host Checker
Juniper Networks Secure Application Manager
Juniper Networks Setup Client
Junk Mail filter update
Malwarebytes Anti-Malware version 1.62.0.1300
McAfee Agent
McAfee AntiSpyware Enterprise Module
McAfee Host Intrusion Prevention
McAfee SiteAdvisor Enterprise Plus
McAfee VirusScan Enterprise
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Business 2010 - English
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Monopoly
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Lost in Los Angeles
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
NVIDIA ForceWare Network Access Manager
Penguins!
Plants vs. Zombies
Polar Bowler
Polar Golfer
Realtek High Definition Audio Driver
RebateInformer
ScanSoft PaperPort 11
Scrabble Plus
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
System Information Reporter
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Virtual Families
Virtual Villagers - A New Home
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Center Add-in for Flash
Yahoo! BrowserPlus 2.9.8
Yahtzee
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
8/2/2012 12:44:16 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
8/2/2012 12:30:33 PM, Error: Service Control Manager [7024] - The Disk Defragmenter service terminated with service-specific error %%-2147023834.
8/2/2012 11:36:19 AM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
8/2/2012 11:36:15 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
8/2/2012 11:35:25 AM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
8/2/2012 11:35:21 AM, Error: Service Control Manager [7023] - The seclogon service terminated with the following error: The specified procedure could not be found.
8/2/2012 1:14:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
8/2/2012 1:14:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
8/2/2012 1:14:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/2/2012 1:14:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/2/2012 1:14:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/2/2012 1:14:23 PM, Error: Service Control Manager [7023] - The Power service terminated with the following error: The service has not been started.
8/2/2012 1:14:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
8/2/2012 1:14:19 PM, Error: Service Control Manager [7003] - The Workstation service depends the following service: NSI. This service might not be installed.
8/2/2012 1:14:19 PM, Error: Service Control Manager [7003] - The DNS Client service depends the following service: NSI. This service might not be installed.
8/2/2012 1:14:19 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/2/2012 1:14:18 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error The parameter is incorrect..
8/2/2012 1:14:18 PM, Error: Service Control Manager [7003] - The Telephony service depends the following service: PlugPlay. This service might not be installed.
8/2/2012 1:14:18 PM, Error: Service Control Manager [7003] - The Network Location Awareness service depends the following service: NSI. This service might not be installed.
8/2/2012 1:14:18 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: Netman. This service might not be installed.
8/2/2012 1:14:18 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
8/2/2012 1:14:17 PM, Error: Service Control Manager [7003] - The IP Helper service depends the following service: NSI. This service might not be installed.
8/2/2012 1:14:15 PM, Error: Service Control Manager [7003] - The Windows Driver Foundation - User-mode Driver Framework service depends the following service: PlugPlay. This service might not be installed.
8/2/2012 1:14:15 PM, Error: Service Control Manager [7003] - The Windows Audio Endpoint Builder service depends the following service: PlugPlay. This service might not be installed.
8/2/2012 1:14:15 PM, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: NSI. This service might not be installed.
8/2/2012 1:14:15 PM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
8/1/2012 11:41:23 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
8/1/2012 11:40:23 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/1/2012 11:39:52 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/1/2012 11:33:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
8/1/2012 11:30:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/1/2012 1:46:52 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service has not been started.
.
==== End Of File ===========================

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User: Receptionist [Admin rights]
Mode: Scan -- Date: 08/02/2012 13:21:00
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 3 ¤¤¤
[SCRSV] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Users\RECEPT~1\Desktop\dds.scr) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : c:\users\receptionist\appdata\local\{141217f5-01f1-cc55-56ea-e23dae3f84a7}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\users\receptionist\appdata\local\{141217f5-01f1-cc55-56ea-e23dae3f84a7}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\receptionist\appdata\local\{141217f5-01f1-cc55-56ea-e23dae3f84a7}\L --> FOUND
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 716b200493e5deeed3a0e18a51753e52
[BSP] ec2b29426b3d17b2394cf4039c4cd572 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 19456 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 39847936 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 40052736 | Size: 457382 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt

#8
screen317

Posted 02 August 2012 - 03:11 PM

MBAM Sentinel

Moderators
19,465 posts

Gender:Male
Location:New Haven, CT

I have deleted your other topics. Do not run things I don't ask for please.

Just do what I asked above..

Chris Fistonich
Research Team

#9
el_jack

Posted 02 August 2012 - 03:36 PM

New Member

Members
32 posts

screen317, on 02 August 2012 - 03:11 PM, said:

I have deleted your other topics. Do not run things I don't ask for please.

Just do what I asked above..

ok, will do

I can't uninstall it.

#10
screen317

Posted 06 August 2012 - 10:43 AM

MBAM Sentinel

Moderators
19,465 posts

Gender:Male
Location:New Haven, CT

Hi,

Sorry for the delay.

Please take a screenshot of what happens when you try to uninstall it.

Chris Fistonich
Research Team

#11
el_jack

Posted 06 August 2012 - 12:05 PM

New Member

Members
32 posts

I can only run in safe mode and trying to delete in safe mode doesn't do anything. I click and click but the machine does not do anything nor give a message

#12
el_jack

Posted 06 August 2012 - 12:07 PM

New Member

Members
32 posts

I know I am infected with "zero access"

#13
screen317

Posted 07 August 2012 - 11:19 AM

MBAM Sentinel

Moderators
19,465 posts

Gender:Male
Location:New Haven, CT

Hi,

How do you know this??

Please grab a fresh copy of ComboFix, run it, and post its log. Run DDS again and post its log.

Chris Fistonich
Research Team

#14
el_jack

Posted 08 August 2012 - 10:08 AM

New Member

Members
32 posts

Hello Screen317

I now have internet access in normal mode. I ran rogue kill and it posted the infection I have zero access. I will run combofix and dds again

#15
el_jack

Posted 08 August 2012 - 10:31 AM

New Member

Members
32 posts

here is dds attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/9/2010 12:55:23 PM
System Uptime: 8/8/2012 10:21:27 AM (0 hours ago)
.
Motherboard: eMachines | | ET1350
Processor: AMD Athlon™ II 160u Processor | CPU 1 | 1808/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 447 GiB total, 393.001 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP115: 5/10/2012 7:34:04 AM - Windows Update
RP116: 5/11/2012 3:00:12 AM - Windows Update
RP117: 5/22/2012 1:48:14 PM - Scheduled Checkpoint
RP118: 5/30/2012 9:04:40 AM - Scheduled Checkpoint
RP119: 6/11/2012 2:09:39 PM - Scheduled Checkpoint
RP120: 7/3/2012 10:57:09 AM - Scheduled Checkpoint
RP121: 7/11/2012 12:00:05 AM - Scheduled Checkpoint
RP122: 7/20/2012 5:12:43 PM - Scheduled Checkpoint
RP123: 8/2/2012 12:37:59 PM - Scheduled Checkpoint
RP124: 8/7/2012 10:08:30 AM - Windows Update
RP125: 8/7/2012 10:20:50 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.6 MUI
Advertising Center
AppGraffiti
Bejeweled 2 Deluxe
Blackhawk Striker 2
Bob the Builder Can-Do-Zoo
Brother MFL-Pro Suite MFC-8480DN
Build-a-lot 2
Citrix XenApp Plugin for Hosted Apps
Compatibility Pack for the 2007 Office system
CyberLink PowerDVD 9
eBay Worldwide
eMachines Game Console
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
Escape Rosecliff Island
Faerie Solitaire
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
Hotkey Utility
Identity Card
ImagXpress
Inbox Toolbar
Internet TV for Windows Media Center
J2SE Runtime Environment 5.0 Update 17
Java Auto Updater
Java™ 6 Update 29
Jewel Quest Solitaire 3
Juniper Networks Host Checker
Juniper Networks Secure Application Manager
Juniper Networks Setup Client
Junk Mail filter update
Malwarebytes Anti-Malware version 1.62.0.1300
McAfee Agent
McAfee AntiSpyware Enterprise Module
McAfee Host Intrusion Prevention
McAfee SiteAdvisor Enterprise Plus
McAfee VirusScan Enterprise
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Business 2010 - English
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Monopoly
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Lost in Los Angeles
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
NVIDIA ForceWare Network Access Manager
Penguins!
Plants vs. Zombies
Polar Bowler
Polar Golfer
Realtek High Definition Audio Driver
RebateInformer
ScanSoft PaperPort 11
Scrabble Plus
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
System Information Reporter
Tweaking.com - Windows Repair (All in One)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Virtual Families
Virtual Villagers - A New Home
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Center Add-in for Flash
Yahoo! BrowserPlus 2.9.8
Yahtzee
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
8/8/2012 10:22:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/8/2012 10:22:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/8/2012 10:22:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/8/2012 10:22:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/8/2012 10:22:22 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
8/8/2012 10:22:22 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
8/8/2012 10:22:22 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/8/2012 10:22:22 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
8/8/2012 10:22:20 AM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: Netman. This service might not be installed.
8/8/2012 10:20:57 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/8/2012 10:14:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
8/7/2012 9:57:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
8/7/2012 9:57:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
8/7/2012 8:48:48 AM, Error: Service Control Manager [7023] - The Power service terminated with the following error: The service has not been started.
8/7/2012 8:48:46 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error The parameter is incorrect..
8/7/2012 8:48:46 AM, Error: Service Control Manager [7003] - The Workstation service depends the following service: NSI. This service might not be installed.
8/7/2012 8:48:46 AM, Error: Service Control Manager [7003] - The Telephony service depends the following service: PlugPlay. This service might not be installed.
8/7/2012 8:48:46 AM, Error: Service Control Manager [7003] - The Network Location Awareness service depends the following service: NSI. This service might not be installed.
8/7/2012 8:48:46 AM, Error: Service Control Manager [7003] - The DNS Client service depends the following service: NSI. This service might not be installed.
8/7/2012 8:48:43 AM, Error: Service Control Manager [7003] - The IP Helper service depends the following service: NSI. This service might not be installed.
8/7/2012 8:48:42 AM, Error: Service Control Manager [7003] - The Windows Driver Foundation - User-mode Driver Framework service depends the following service: PlugPlay. This service might not be installed.
8/7/2012 8:48:42 AM, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: NSI. This service might not be installed.
8/7/2012 8:48:41 AM, Error: Service Control Manager [7003] - The Windows Audio Endpoint Builder service depends the following service: PlugPlay. This service might not be installed.
8/7/2012 8:48:41 AM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
8/7/2012 2:19:01 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer EPC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B91B9BA9-4B3F-4729-B204-73F2C2BCEE58}. The master browser is stopping or an election is being forced.
8/7/2012 11:44:47 AM, Error: Service Control Manager [7023] - The Portable Device Enumerator Service service terminated with the following error: The system cannot find the file specified.
8/7/2012 11:44:45 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
8/7/2012 11:43:29 AM, Error: Service Control Manager [7023] - The Remote Access Connection Manager service terminated with the following error: The system cannot find the file specified.
8/7/2012 11:43:14 AM, Error: Service Control Manager [7023] - The seclogon service terminated with the following error: The specified procedure could not be found.
8/7/2012 11:40:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
8/2/2012 3:50:52 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
8/2/2012 3:50:02 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
8/2/2012 3:50:00 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
8/2/2012 3:49:11 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
8/2/2012 12:30:33 PM, Error: Service Control Manager [7024] - The Disk Defragmenter service terminated with service-specific error %%-2147023834.
8/1/2012 11:39:52 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/1/2012 1:46:52 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service has not been started.
.
==== End Of File ===========================

#16
el_jack

Posted 08 August 2012 - 10:31 AM

New Member

Members
32 posts

DDS

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.5.0_17
Run by Receptionist at 10:28:45 on 2012-08-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.3203 [GMT -5:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80273&lng=en
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=17360910a116p0455v115r4582s216
uURLSearchHooks: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
BHO: : {ccb69577-088b-4004-9ed8-ff5bcc83a039} - C:\PROGRA~2\REBATE~1\RebateI.dll
BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [<NO NAME>]
mRunOnce: [GrpConv] grpconv -o
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: agencyanywhere.agency.ni.nwie.net
Trusted Zone: skilldialogue.com
Trusted Zone: skillport.com
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://logic.live.primorisservices.com/systemInfo/ScriptX/smsx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {9916D178-71C8-4764-969C-95B9B67A1F76} - hxxps://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://agents.nationwide.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{B91B9BA9-4B3F-4729-B204-73F2C2BCEE58} : DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~2\REBATE~1\RebateI.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
BHO-X64: : {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~2\REBATE~1\RebateI.dll
BHO-X64: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
TB-X64: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun-x64: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce-x64: [(Default)]
mRunOnce-x64: [GrpConv] grpconv -o
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);\??\C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS --> C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS [?]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R3 FirehkMP;FirehkMP;C:\Windows\system32\DRIVERS\firehk.sys --> C:\Windows\system32\DRIVERS\firehk.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176]
S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-3-25 226624]
S2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-8-25 20792]
S2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-1-12 120128]
S2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2011-5-10 183040]
S2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2010-8-25 66880]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-5-3 243232]
S3 Firehk;McAfee NDIS Intermediate Filter;C:\Windows\system32\DRIVERS\firehk.sys --> C:\Windows\system32\DRIVERS\firehk.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176]
S3 HIPK;McAfee Inc. HIPK;C:\Windows\system32\drivers\HIPK.sys --> C:\Windows\system32\drivers\HIPK.sys [?]
S3 HIPPSK;McAfee Inc. HIPPSK;C:\Windows\system32\drivers\HIPPSK.sys --> C:\Windows\system32\drivers\HIPPSK.sys [?]
S3 HIPQK;McAfee Inc. HIPQK;C:\Windows\system32\drivers\HIPQK.sys --> C:\Windows\system32\drivers\HIPQK.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 enterceptAgent;McAfee Host Intrusion Prevention Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-6-15 1498224]
S4 hips;McAfee HIPSCore Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2011-2-7 39840]
.
=============== Created Last 30 ================
.
2012-08-08 15:22:35 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-07 16:38:10 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2012-08-07 16:37:01 303616 ----a-w- C:\SetACL.exe
2012-08-07 16:16:40 290304 ----a-w- C:\subinacl.exe
2012-08-07 16:14:42 -------- d-----w- C:\RegBackup
2012-08-07 15:51:56 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-08-07 15:51:48 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2012-08-07 15:10:10 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-08-07 15:09:10 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-08-07 15:09:10 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-08-07 13:47:36 -------- d-----w- C:\_OTL
2012-08-02 16:53:00 -------- d-----w- C:\Users\Receptionist\AppData\Roaming\WildTangent
2012-08-02 04:21:07 98816 ----a-w- C:\Windows\sed.exe
2012-08-02 04:21:07 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-02 04:21:07 256000 ----a-w- C:\Windows\PEV.exe
2012-08-02 04:21:07 208896 ----a-w- C:\Windows\MBR.exe
.
==================== Find3M ====================
.
2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
.
============= FINISH: 10:28:59.26 ===============

#17
el_jack

Posted 08 August 2012 - 10:32 AM

New Member

Members
32 posts

Combofix

ComboFix 12-08-07.05 - Receptionist 08/08/2012 10:15:46.4.1 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.3311 [GMT -5:00]
Running from: J:\ComboFix.exe
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
.
.
2012-08-08 15:20 . 2012-08-08 15:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-07 16:38 . 2012-08-07 16:38 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2012-08-07 16:37 . 2008-05-08 05:03 303616 ----a-w- C:\SetACL.exe
2012-08-07 16:16 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-08-07 16:14 . 2012-08-07 16:14 -------- d-----w- C:\RegBackup
2012-08-07 15:51 . 2012-08-07 16:40 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-08-07 15:51 . 2012-08-07 15:51 -------- d-----w- c:\program files (x86)\Tweaking.com
2012-08-07 15:10 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-08-07 15:10 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-08-07 15:10 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-08-07 15:10 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-07 15:09 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-07 15:09 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-08-07 13:47 . 2012-08-07 13:47 -------- d-----w- C:\_OTL
2012-08-02 16:53 . 2012-08-02 16:53 -------- d-----w- c:\users\Receptionist\AppData\Roaming\WildTangent
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 18:46 . 2011-12-05 20:34 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 08:19 . 2010-09-09 18:30 59701280 ----a-w- c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-02_04.41.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-04 04:11 . 2012-08-07 16:46 41466 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-07 16:46 42814 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-09 17:57 . 2012-08-07 16:46 11304 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-949684801-2628650921-427860460-1000_UserData.bin
- 2010-09-09 16:51 . 2012-07-24 18:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-09 16:51 . 2012-08-07 17:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-09 16:51 . 2012-07-24 18:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-08-07 16:48 . 2012-08-07 17:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-24 18:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-07 17:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-08-07 16:49 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-05-11 08:12 . 2012-05-11 08:12 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-05-11 08:12 . 2012-05-11 08:12 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-05-11 08:12 . 2012-05-11 08:12 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-05-11 08:11 . 2012-05-11 08:11 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-05-11 08:11 . 2012-05-11 08:11 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-08-07 15:08 . 2012-08-07 15:08 25600 c:\windows\Installer\a28ac.msi
- 2010-05-04 04:23 . 2012-05-11 08:15 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-05-04 04:23 . 2012-08-07 15:36 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-05-04 04:23 . 2012-08-07 15:36 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-05-04 04:23 . 2012-05-11 08:15 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-05-04 04:23 . 2012-05-11 08:15 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-05-04 04:23 . 2012-08-07 15:36 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-08-07 17:00 . 2012-08-07 17:00 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\7d8e25020591e95326aa6203a4822838\System.Web.DynamicData.Design.ni.dll
+ 2012-08-07 16:54 . 2012-08-07 16:54 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\278b2cc231c33f587e5b4b20939ebd00\WindowsLiveWriter.ni.exe
+ 2012-08-07 16:54 . 2012-08-07 16:54 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8bfdc50805fabbf41f706229e939bd1d\WindowsLive.Writer.Api.ni.dll
+ 2012-08-07 16:56 . 2012-08-07 16:56 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\9c64ecb6b01e37720f4c0bbce38b2aa9\System.Web.DynamicData.Design.ni.dll
- 2012-08-02 04:41 . 2012-08-02 04:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-08 15:22 . 2012-08-08 15:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-08 15:22 . 2012-08-08 15:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-02 04:41 . 2012-08-02 04:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-07 15:18 . 2012-06-06 05:03 805376 c:\windows\SysWOW64\cdosys.dll
- 2011-07-01 15:00 . 2010-11-20 12:18 805376 c:\windows\SysWOW64\cdosys.dll
+ 2009-07-14 02:36 . 2012-08-08 15:14 624614 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-01 18:54 624614 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-01 18:54 106732 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-08-08 15:14 106732 c:\windows\system32\perfc009.dat
- 2009-07-14 04:45 . 2012-05-11 08:34 343576 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-08-07 16:42 343576 c:\windows\system32\FNTCACHE.DAT
+ 2012-08-07 15:09 . 2012-08-07 15:09 219368 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\reliability\Sqm\Manifest\Sqm27.bin
+ 2012-04-21 16:03 . 2012-04-21 16:03 616024 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll
+ 2012-08-07 15:19 . 2012-04-23 22:33 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll
- 2012-04-11 12:54 . 2012-01-26 23:31 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll
+ 2012-04-21 16:03 . 2012-04-21 16:03 616024 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
- 2012-04-11 12:54 . 2012-01-26 23:33 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-08-07 15:19 . 2012-04-23 22:35 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 616024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-05-11 08:11 . 2012-05-11 08:11 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-05-11 08:11 . 2012-05-11 08:11 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-11 08:11 . 2012-05-11 08:11 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-11 08:11 . 2012-05-11 08:11 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-11 08:11 . 2012-05-11 08:11 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-05-04 04:23 . 2012-08-07 15:36 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-05-04 04:23 . 2012-05-11 08:15 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-05-04 04:23 . 2012-08-07 15:36 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2010-05-04 04:23 . 2012-05-11 08:15 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-05-04 04:23 . 2012-08-07 15:36 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2010-05-04 04:23 . 2012-05-11 08:15 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2010-05-04 04:23 . 2012-08-07 15:36 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2010-05-04 04:23 . 2012-05-11 08:15 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2012-08-07 17:04 . 2012-08-07 17:04 337408 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\08becdcc9bd647c4e4d07ceea7fe4895\WindowsFormsIntegration.ni.dll
+ 2012-08-07 17:03 . 2012-08-07 17:03 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\ca5505a49a075ee7ad2535f89d9ea992\System.ServiceProcess.ni.dll
+ 2012-08-07 17:03 . 2012-08-07 17:03 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\0d8257087be3e57b071d1d5ccd705c2f\System.Messaging.ni.dll
+ 2012-08-07 17:03 . 2012-08-07 17:03 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\52792a7ce63196551c29f5201562c1ae\System.Configuration.Install.ni.dll
+ 2012-08-07 17:00 . 2012-08-07 17:00 422912 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\097137b03ff37196b4b8ba62db34d64a\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-08-07 16:57 . 2012-08-07 16:57 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\44752ffa92ebb7170951a41898d8b9c6\WindowsFormsIntegration.ni.dll
+ 2012-08-07 16:57 . 2012-08-07 16:57 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\5552b27237c3dbe4f21a10e97adf2edc\System.ServiceProcess.ni.dll
+ 2012-08-07 16:57 . 2012-08-07 16:57 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\a730931e386537e3c229e049c9a6d271\System.Messaging.ni.dll
+ 2012-08-07 16:57 . 2012-08-07 16:57 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\c7d60a49e43964b1ae17e9a080376c6d\System.Configuration.Install.ni.dll
+ 2012-08-07 16:56 . 2012-08-07 16:56 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\8cc4dd9babffe370cf375925fba15f84\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-08-07 17:00 . 2012-08-07 17:00 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\127710a11855aaf4817f9ab34a25d99e\WindowsFormsIntegration.ni.dll
+ 2012-08-07 17:00 . 2012-08-07 17:00 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\b945c708d9d3d8468fc2631960729f66\TaskScheduler.ni.dll
+ 2012-08-07 17:00 . 2012-08-07 17:00 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\f23ea30ef7d30fd22839a24bc635dcc1\System.Web.Routing.ni.dll
+ 2012-08-07 17:00 . 2012-08-07 17:00 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\b905eb57b631a30c60caa4d68c186963\System.Web.Entity.ni.dll
+ 2012-08-07 17:00 . 2012-08-07 17:00 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\8204bbe8263075e41000513a405ab784\System.Web.Entity.Design.ni.dll
+ 2012-08-07 17:00 . 2012-08-07 17:00 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\4183c7b14c5b1db05505e20d44cb859a\System.Web.DynamicData.ni.dll
+ 2012-08-07 17:00 . 2012-08-07 17:00 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\ec4ed0bbb05d4e714ca5c14278af1977\System.Web.Abstractions.ni.dll
+ 2012-08-07 15:35 . 2012-08-07 15:35 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\1962f8344f19c367f4e0be9f8f5a7972\System.ServiceProcess.ni.dll
+ 2012-08-07 15:40 . 2012-08-07 15:40 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\21286d6c1657bae9cd56f2f9bf2c3732\System.Messaging.ni.dll
+ 2012-08-07 15:35 . 2012-08-07 15:35 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\a76b760d8b987ce161519e1b8bf18fdd\System.Drawing.Design.ni.dll
+ 2012-08-07 16:59 . 2012-08-07 16:59 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\f0d44ee55e2b59a4790766bd501d60f1\napsnap.ni.dll
+ 2012-08-07 16:59 . 2012-08-07 16:59 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\7820503ca6ed2512fc3e3ce3cc690b01\napinit.ni.dll
+ 2012-08-07 16:58 . 2012-08-07 16:58 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\4b5dccc05af5dfbf4986c6a2d1b2b25f\MMCFxCommon.ni.dll
+ 2012-08-07 16:58 . 2012-08-07 16:58 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\e29cbd30a31d3c8dae19eb17f70c4ec4\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-08-07 16:58 . 2012-08-07 16:58 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\409dae089f2e041343cff71f822cd505\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2012-08-07 16:58 . 2012-08-07 16:58 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\c887a7a1b55269a9d11de4b6591b9bd6\Microsoft.ManagementConsole.ni.dll
+ 2012-08-07 16:58 . 2012-08-07 16:58 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\4ae6ccc32dafb4e3765b9db05585bd48\mcplayerinterop.ni.dll
+ 2012-08-07 16:58 . 2012-08-07 16:58 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\b0db345fd62a84c98fd8b0bf3c72e8bb\mcGlidHostObj.ni.dll
+ 2012-08-07 16:58 . 2012-08-07 16:58 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\7a70dae70a2459270fe34d654fd0a178\EventViewer.ni.dll
+ 2012-08-07 15:40 . 2012-08-07 15:40 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\08c9aa18b306aa47ddc0ae4a63b05d04\ehExtHost.ni.exe
+ 2012-08-07 16:55 . 2012-08-07 16:55 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\95836ab912bfc5d3c747555a7560a646\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-08-07 16:54 . 2012-08-07 16:54 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f928d0ca788be830178453d279dd5ed0\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-08-07 16:54 . 2012-08-07 16:54 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ec1322da7309cd9028c96ce6126bbbee\WindowsLive.Writer.Controls.ni.dll
+ 2012-08-07 16:55 . 2012-08-07 16:55 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ebf3a9ef8dd1000279e2144ed62d894a\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-08-07 16:54 . 2012-08-07 16:54 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e215a72afd565232e0c8abfb1755a6cf\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-08-07 16:54 . 2012-08-07 16:54 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d8ef9a917c6ae2af0629ec779879bd8e\WindowsLive.Writer.Passport.ni.dll
+ 2012-08-07 16:54 . 2012-08-07 16:54 258560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ca7d88bb0ba7c4535653c9a49be437fb\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-08-07 16:55 . 2012-08-07 16:55 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ae7de5bce52289111e50875cd37527f2\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-08-07 16:54 . 2012-08-07 16:54 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\91eaa4412030c5f993ae12cee84c8be9\WindowsLive.Writer.Interop.ni.dll
+ 2012-08-07 16:54 . 2012-08-07 16:54 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\24208f8fac7694960209ea4c66d44851\WindowsLive.Writer.Localization.ni.dll
+ 2012-08-07 16:55 . 2012-08-07 16:55 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\23620e2a124c1f1e35d051d4eaa5bd44\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-08-07 16:54 . 2012-08-07 16:54 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0f8ad334aea37a91359114b604645350\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-08-07 16:55 . 2012-08-07 16:55 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\b77830cad2b699baaba685b94a868b2c\WindowsLive.Client.ni.dll
+ 2012-08-07 16:56 . 2012-08-07 16:56 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\50933f0a7ece72e717ba7d17559df5ef\WindowsFormsIntegration.ni.dll
+ 2012-08-07 16:56 . 2012-08-07 16:56 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\ac7909b6838589158fe3f6a8190018eb\TaskScheduler.ni.dll
+ 2012-08-07 16:56 . 2012-08-07 16:56 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\c7f44adc1a0b2eb2b0636ee4a202419a\System.Web.Routing.ni.dll
+ 2012-08-07 16:56 . 2012-08-07 16:56 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\1d9398c255b8fdb9b9347e463d99a7e3\System.Web.Extensions.Design.ni.dll
+ 2012-08-07 16:56 . 2012-08-07 16:56 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\bc239944bca7cc6b6ddb473259183c7d\System.Web.Entity.ni.dll
+ 2012-08-07 16:56 . 2012-08-07 16:56 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ba3dd9383f752d46e80a33b769dda73d\System.Web.Entity.Design.ni.dll
+ 2012-08-07 16:56 . 2012-08-07 16:56 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b026d4636999893a3c741f1f7e7ccdaf\System.Web.DynamicData.ni.dll
+ 2012-08-07 16:56 . 2012-08-07 16:56 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\24547c0fc525c5e061bb1ae66b965469\System.Web.Abstractions.ni.dll
+ 2012-08-07 15:29 . 2012-08-07 15:29 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\441f16bb7547cc6f2435d43e68002a47\System.ServiceProcess.ni.dll
+ 2012-08-07 16:55 . 2012-08-07 16:55 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\f9a982c40c3d777c1091e3801874acc9\System.Messaging.ni.dll
+ 2012-08-07 15:29 . 2012-08-07 15:29 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\33582b127d761babf8c8cdfe4e43749a\System.Drawing.Design.ni.dll
+ 2012-08-07 16:55 . 2012-08-07 16:55 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\717221d971aeead5d8956225c365ddff\napsnap.ni.dll
+ 2012-08-07 16:55 . 2012-08-07 16:55 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\c22cc9e6e124357491b5a38258973a01\napinit.ni.dll
+ 2012-08-07 16:55 . 2012-08-07 16:55 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\8e2a9204e6166b8b27687560a17f62d9\MMCFxCommon.ni.dll
+ 2012-08-07 16:55 . 2012-08-07 16:55 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\e901c3772777a59b870c0ff1a377f328\Microsoft.ManagementConsole.ni.dll
+ 2012-08-07 16:55 . 2012-08-07 16:55 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\064f94f282dacefe99ee6184ab2f4a1d\EventViewer.ni.dll
+ 2012-08-07 16:55 . 2012-08-07 16:55 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\a6b8eb80cfbdd927b2fa4ecb69fc0209\ehExtHost32.ni.exe
+ 2012-08-07 15:19 . 2012-04-23 22:35 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-04-11 12:54 . 2012-01-26 23:33 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-08-07 15:18 . 2012-06-06 06:02 1133568 c:\windows\system32\cdosys.dll
- 2011-07-01 15:00 . 2010-11-20 13:25 1133568 c:\windows\system32\cdosys.dll
- 2009-07-14 04:45 . 2012-05-11 08:39 7113258 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-08-07 15:58 7113258 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-03-15 18:17 . 2012-03-15 18:17 5029672 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll
+ 2012-03-15 18:17 . 2012-03-15 18:17 5029672 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 5029672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 3825952 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 3825952 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-05-11 08:12 . 2012-05-11 08:12 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-05-11 08:11 . 2012-05-11 08:11 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-05-11 08:11 . 2012-05-11 08:11 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-05-11 08:11 . 2012-05-11 08:11 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-05-11 08:11 . 2012-05-11 08:11 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-08-07 15:38 . 2012-08-07 15:38 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-04-23 03:46 . 2012-04-23 03:46 1187328 c:\windows\Installer\13b5be.msp
+ 2012-06-19 17:54 . 2012-06-19 17:54 2239488 c:\windows\Installer\13b5b4.msp
+ 2012-03-15 19:26 . 2012-03-15 19:26 4212736 c:\windows\Installer\13b5a3.msp
+ 2012-04-05 03:37 . 2012-04-05 03:37 2540544 c:\windows\Installer\13b599.msp
- 2010-05-04 04:23 . 2012-05-11 08:15 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-05-04 04:23 . 2012-08-07 15:36 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-07-27 10:09 . 2011-07-27 10:09 5310848 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\IPEDITOR.DLL
+ 2012-08-07 17:01 . 2012-08-07 17:01 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\e286701acf74012d3aa4a21953f03b6b\WindowsBase.ni.dll
+ 2012-08-07 17:03 . 2012-08-07 17:03 5645824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\950f64ba9fb22ca06c5b2b9cf6f5f4b4\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-08-07 17:03 . 2012-08-07 17:03 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\d2de16284459454472a6875185c64d08\System.Printing.ni.dll
+ 2012-08-07 17:02 . 2012-08-07 17:02 2305024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\1225ef41527a975de83f22328d0a3b93\System.Drawing.ni.dll
+ 2012-08-07 17:02 . 2012-08-07 17:02 2403328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\ad9ff5d55f7ea22e80c39e0ff0240984\System.Deployment.ni.dll
+ 2012-08-07 17:03 . 2012-08-07 17:03 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\707f90689caf41ad429bf3ad373503cb\System.Activities.Presentation.ni.dll
+ 2012-08-07 17:03 . 2012-08-07 17:03 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\16c9569b75a9f47c38b60ba733936e1a\ReachFramework.ni.dll
+ 2012-08-07 17:02 . 2012-08-07 17:02 2056704 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\9c3d6b3ddef66cac069b6ab1fec514f8\PresentationUI.ni.dll
+ 2012-08-07 17:00 . 2012-08-07 17:00 1843712 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\e4d308f69077903e24de92fe4fc06d29\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-08-07 17:00 . 2012-08-07 17:00 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\70e2694fe050bd480b9f61f935ca2da5\Microsoft.VisualBasic.ni.dll
+ 2012-08-07 15:39 . 2012-08-07 15:39 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
+ 2012-08-07 16:57 . 2012-08-07 16:57 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\7f0476e4df01ca2219f7db531408e91c\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-08-07 16:56 . 2012-08-07 16:56 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\f87f8bc0bc9563096150f23f6c220e7b\System.Printing.ni.dll
+ 2012-08-07 15:40 . 2012-08-07 15:40 1666048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
+ 2012-08-07 16:56 . 2012-08-07 16:56 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\e899cda47704280f54949c69b78c55cc\System.Deployment.ni.dll
+ 2012-08-07 16:57 . 2012-08-07 16:57 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\36299fad6b7b591cfb6bd9e50dbd33df\System.Activities.Presentation.ni.dll
+ 2012-08-07 16:57 . 2012-08-07 16:57 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\442af6f7c8b447bdec3ad8d23da89c5a\ReachFramework.ni.dll
+ 2012-08-07 16:56 . 2012-08-07 16:56 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\cf455da9b8fedf66767c1a7ab3eea9c9\PresentationUI.ni.dll
+ 2012-08-07 16:56 . 2012-08-07 16:56 1139712 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\2ed0173a2e75b1a3943bd2d96649a50c\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-08-07 16:56 . 2012-08-07 16:56 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\09c2f8f606e09d85cfe6e0ad89fbe729\Microsoft.VisualBasic.ni.dll
+ 2012-08-07 17:00 . 2012-08-07 17:00 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\e9007661281ebb2076dda1568381ae25\System.WorkflowServices.ni.dll
+ 2012-08-07 15:35 . 2012-08-07 15:35 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\3bdad8116f2d3b81552cc1f8b028aa6e\System.Workflow.ComponentModel.ni.dll
+ 2012-08-07 15:35 . 2012-08-07 15:35 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\ef43c05e15a8efb4ced6445d1ea35c86\System.Workflow.Activities.ni.dll
+ 2012-08-07 17:00 . 2012-08-07 17:00 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\d20ebdf7ee8b54cd324a0bc8d062259d\System.Web.Mobile.ni.dll
+ 2012-08-07 17:00 . 2012-08-07 17:00 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\fe6df807f6b3184c209e371c885694be\System.Web.Extensions.Design.ni.dll
+ 2012-08-07 17:00 . 2012-08-07 17:00 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\9641252211cf6ab01a5bde58c5f7dba1\System.Web.Extensions.ni.dll
+ 2012-08-07 15:34 . 2012-08-07 15:34 1463808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\b964519964d302b4977e1380d8d15f1a\System.Printing.ni.dll
+ 2012-08-07 15:32 . 2012-08-07 15:32 2318848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\222eb8aa336953a6b0216db2b0c4770d\System.Drawing.ni.dll
+ 2012-08-07 15:32 . 2012-08-07 15:32 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\052d9ef010e4ff1dd46772a8671a7dc1\System.Deployment.ni.dll
+ 2012-08-07 15:34 . 2012-08-07 15:34 3116032 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\1f88a3693c8ddd527a130aff49dc58b3\ReachFramework.ni.dll
+ 2012-08-07 15:34 . 2012-08-07 15:34 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\210745b8ab0d0efb287eec496271c7db\PresentationUI.ni.dll
+ 2012-08-07 16:59 . 2012-08-07 16:59 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\6161ff72aad572608d6459db4375921b\Narrator.ni.exe
+ 2012-08-07 16:59 . 2012-08-07 16:59 2327552 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\1c52385da78998a8c3be3cae7a148e65\MMCEx.ni.dll
+ 2012-08-07 16:58 . 2012-08-07 16:58 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\2e77de04de7574b9c1bf56cfcb31af68\MIGUIControls.ni.dll
+ 2012-08-07 16:59 . 2012-08-07 16:59 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\ed3dbcc90dcd37ed6067aa66280e979e\Microsoft.VisualBasic.ni.dll
+ 2012-08-07 16:59 . 2012-08-07 16:59 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\6caa366471176a065a96d77e8ba01eeb\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-08-07 16:59 . 2012-08-07 16:59 5350912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\679baf265ca0c434c5b9b01dbeb3dd49\Microsoft.PowerShell.Editor.ni.dll
+ 2012-08-07 15:41 . 2012-08-07 15:41 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b2afc0af3d89ae00e973b4e6e9db382c\Microsoft.MediaCenter.ni.dll
+ 2012-08-07 16:57 . 2012-08-07 16:57 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\653e1ee01f10d658d52ca42e17e74283\Microsoft.MediaCenter.UI.ni.dll
+ 2012-08-07 16:59 . 2012-08-07 16:59 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\4a0761608a0c0af58bd3b17bc8aba2d8\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-08-07 16:59 . 2012-08-07 16:59 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\1dfd6aa34b61f94f3222d1ac306ee08e\Microsoft.Ink.ni.dll
+ 2012-08-07 16:59 . 2012-08-07 16:59 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\c61d2050ddb9370ec88f7e0a40e6ec83\Microsoft.Build.Tasks.ni.dll
+ 2012-08-07 16:59 . 2012-08-07 16:59 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\0930c9203145895378b3f948ddbd0640\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-08-07 16:57 . 2012-08-07 16:57 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\f5cb40bc7bce93175c5775bed1018c1f\mcstore.ni.dll
+ 2012-08-07 16:54 . 2012-08-07 16:54 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\62576d2c7cf13f472c789326c6eede31\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-08-07 16:54 . 2012-08-07 16:54 6394368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3e976d57ebe9a56883a1a60399244a09\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-08-07 16:54 . 2012-08-07 16:54 1105408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3869496315c69074176f6970175b8357\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-08-07 16:56 . 2012-08-07 16:56 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a23e8a64ca21224f2bea9ca3c3a5a005\System.WorkflowServices.ni.dll
+ 2012-08-07 15:36 . 2012-08-07 15:36 4516352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\0efbc299207e35df9199ca98c7209051\System.Workflow.ComponentModel.ni.dll
+ 2012-08-07 15:35 . 2012-08-07 15:35 2994688 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\12f7432045de0943f05f83ba21ae2795\System.Workflow.Activities.ni.dll
+ 2012-08-07 16:56 . 2012-08-07 16:56 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\238c801e0bbe9ca6b49241e96c9002a0\System.Web.Mobile.ni.dll
+ 2012-08-07 16:56 . 2012-08-07 16:56 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f21d509212c31d51f71b3f750052e9fb\System.Web.Extensions.ni.dll
+ 2012-08-07 15:28 . 2012-08-07 15:28 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\991dbe40be5b114ed705bb5b48e6b330\System.Printing.ni.dll
+ 2012-08-07 15:25 . 2012-08-07 15:25 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
+ 2012-08-07 15:24 . 2012-08-07 15:24 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f5e4446864b34e38af0467fcef6f4283\System.Deployment.ni.dll
+ 2012-08-07 15:28 . 2012-08-07 15:28 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\87f73de6e080d37be93adfc7d5c31d7a\ReachFramework.ni.dll
+ 2012-08-07 15:27 . 2012-08-07 15:27 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\81aacc474fa8eab0acc6e4be332c1bc7\PresentationUI.ni.dll
+ 2012-08-07 16:55 . 2012-08-07 16:55 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\5a1931b757da881a84c3a4a5477a7c20\Narrator.ni.exe
+ 2012-08-07 16:55 . 2012-08-07 16:55 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\1c088fce4f92cbe43503d584fa51af1d\MMCEx.ni.dll
+ 2012-08-07 16:55 . 2012-08-07 16:55 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\8706f5d47b38dac04d0cd230baee4c0d\MIGUIControls.ni.dll
+ 2012-08-07 16:55 . 2012-08-07 16:55 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\ca751192bea68826694e690f3a6b5481\Microsoft.VisualBasic.ni.dll
+ 2012-08-07 16:55 . 2012-08-07 16:55 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\99ae5f32cd1dc3618659bc3c77f2b2a9\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-08-07 16:55 . 2012-08-07 16:55 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4edc9ecb13c33924ae73febac2d41b35\Microsoft.PowerShell.Editor.ni.dll
+ 2012-08-07 16:55 . 2012-08-07 16:55 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\8ce1d10f94b40f054017865757552f2d\Microsoft.MediaCenter.UI.ni.dll
+ 2012-08-07 16:55 . 2012-08-07 16:55 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\7fab1ec8f5ed6a55a8a73b2c590bd7cd\Microsoft.MediaCenter.ni.dll
+ 2012-08-07 16:55 . 2012-08-07 16:55 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\915ffe12bb261ba8ee009f379ba7d086\Microsoft.Ink.ni.dll
+ 2012-08-07 16:55 . 2012-08-07 16:55 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\38ca1e4f14366981e2fb9ef6d977c966\Microsoft.Build.Tasks.ni.dll
+ 2012-08-07 16:55 . 2012-08-07 16:55 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\121a206f90a50c110c3aa561aac4cab1\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-08-07 16:55 . 2012-08-07 16:55 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\2ffc241a384334f2f12a89f318d3a82c\mcstore.ni.dll
- 2009-07-14 02:34 . 2012-05-11 08:32 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-08-07 15:47 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-08-07 17:03 . 2012-08-07 17:03 17355264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\e883d90a0210bf99ca88f3b4ade53a24\System.Windows.Forms.ni.dll
+ 2012-08-07 17:02 . 2012-08-07 17:02 24407552 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\a3c3789d54894008501ce5891f1eeb40\PresentationFramework.ni.dll
+ 2012-08-07 17:01 . 2012-08-07 17:01 15908864 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\9d69a7a407bbc43a1bcb2da603af5840\PresentationCore.ni.dll
+ 2012-08-07 15:40 . 2012-08-07 15:40 13198336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
+ 2012-08-07 15:40 . 2012-08-07 15:40 18000896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
+ 2012-08-07 15:39 . 2012-08-07 15:39 11451904 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
+ 2012-08-07 15:33 . 2012-08-07 15:33 17379840 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\f0d2181352f262008abe7593454194d8\System.Windows.Forms.ni.dll
+ 2012-08-07 15:34 . 2012-08-07 15:34 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\25d1a444d4ec79a2facc05adf9cd43c1\System.Web.ni.dll
+ 2012-08-07 15:34 . 2012-08-07 15:34 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\15c75736fbf675454ba78309edeb01ee\System.Design.ni.dll
+ 2012-08-07 15:34 . 2012-08-07 15:34 19198464 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\47054c4d5b7e522c21a9d57797410302\PresentationFramework.ni.dll
+ 2012-08-07 15:32 . 2012-08-07 15:32 16543232 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\3a9d13514a8c4c710fa5ce8e9b5393fe\PresentationCore.ni.dll
+ 2012-08-07 16:58 . 2012-08-07 16:58 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\0c1f96a4136efe532bbb8eb91d3de300\ehshell.ni.dll
+ 2012-08-07 15:25 . 2012-08-07 15:25 12433408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\697251a50a103e3d047178c2ab710593\System.Windows.Forms.ni.dll
+ 2012-08-07 15:28 . 2012-08-07 15:28 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\2b07e726c1c19bb8440d82b200fb603b\System.Web.ni.dll
+ 2012-08-07 15:29 . 2012-08-07 15:29 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\bd50eea0424b0f1e4c8b3f5cd79494d1\System.Design.ni.dll
+ 2012-08-07 15:27 . 2012-08-07 15:27 14340608 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
+ 2012-08-07 15:24 . 2012-08-07 15:24 12237824 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}]
2011-10-25 03:01 832680 ----a-w- c:\progra~2\REBATE~1\RebateI.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2010-03-26 563744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 136176]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-03-25 226624]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-08-26 20792]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232]
R3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\DRIVERS\firehk.sys [2008-10-17 56648]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 136176]
R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2010-06-15 138904]
R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2010-06-15 45424]
R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2010-06-15 40152]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-19 100520]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-09 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-06-15 1498224]
R4 hips;McAfee HIPSCore Service;c:\program files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2010-06-15 39840]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-19 281416]
S1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);c:\windows\system32\Drivers\NEOFLTR_650_15991.SYS [2010-06-08 100472]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-04-19 156248]
S3 FirehkMP;FirehkMP;c:\windows\system32\DRIVERS\firehk.sys [2008-10-17 56648]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 19:38]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 19:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80273&lng=en
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=17360910a116p0455v115r4582s216
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: agencyanywhere.agency.ni.nwie.net
Trusted Zone: skilldialogue.com
Trusted Zone: skillport.com
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - c:\progra~2\REBATE~1\RebateI.dll
DPF: {9916D178-71C8-4764-969C-95B9B67A1F76} - hxxps://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
Completion time: 2012-08-08 10:26:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-08 15:26
ComboFix2.txt 2012-08-07 14:56
ComboFix3.txt 2012-08-07 13:45
ComboFix4.txt 2012-08-02 04:45
.
Pre-Run: 422,211,252,224 bytes free
Post-Run: 421,905,850,368 bytes free
.
- - End Of File - - 3D316B788D4208635134D87D77C22533

#18
screen317

Posted 08 August 2012 - 01:07 PM

MBAM Sentinel

Moderators
19,465 posts

Gender:Male
Location:New Haven, CT

Hi,

Run TFC by OldTimer to clear temporary files:

Please download TFC from here and save it to your desktop.
Close any open programs and Internet browsers.
Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
Execute the file TDSSKiller.exe by double-clicking on it.
Wait for the scan and disinfection process to be over.
When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).
The log is like UtilityName.Version_Date_Time_log.txt.
for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Export the threats found (if any), and post them here.

Next, download my Security Check from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Chris Fistonich
Research Team

#19
el_jack

Posted 08 August 2012 - 03:05 PM

New Member

Members
32 posts

here are the reports

13:57:05.0131 0980 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
13:57:05.0692 0980 ============================================================
13:57:05.0692 0980 Current date / time: 2012/08/08 13:57:05.0692
13:57:05.0692 0980 SystemInfo:
13:57:05.0692 0980
13:57:05.0692 0980 OS Version: 6.1.7601 ServicePack: 1.0
13:57:05.0692 0980 Product type: Workstation
13:57:05.0692 0980 ComputerName: RECEPTIONIST-PC
13:57:05.0692 0980 UserName: Receptionist
13:57:05.0692 0980 Windows directory: C:\Windows
13:57:05.0692 0980 System windows directory: C:\Windows
13:57:05.0692 0980 Running under WOW64
13:57:05.0692 0980 Processor architecture: Intel x64
13:57:05.0692 0980 Number of processors: 1
13:57:05.0692 0980 Page size: 0x1000
13:57:05.0692 0980 Boot type: Safe boot with network
13:57:05.0692 0980 ============================================================
13:57:06.0566 0980 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:57:06.0566 0980 Drive \Device\Harddisk6\DR6 - Size: 0x7B00000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:57:06.0566 0980 ============================================================
13:57:06.0566 0980 \Device\Harddisk0\DR0:
13:57:06.0566 0980 MBR partitions:
13:57:06.0566 0980 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2600800, BlocksNum 0x32000
13:57:06.0566 0980 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2632800, BlocksNum 0x37D53000
13:57:06.0566 0980 \Device\Harddisk6\DR6:
13:57:06.0566 0980 MBR partitions:
13:57:06.0566 0980 \Device\Harddisk6\DR6\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x3D7C1
13:57:06.0566 0980 ============================================================
13:57:06.0597 0980 C: <-> \Device\Harddisk0\DR0\Partition1
13:57:06.0597 0980 ============================================================
13:57:06.0597 0980 Initialize success
13:57:06.0597 0980 ============================================================
13:57:18.0422 1176 ============================================================
13:57:18.0422 1176 Scan started
13:57:18.0422 1176 Mode: Manual;
13:57:18.0422 1176 ============================================================
13:57:19.0171 1176 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:57:19.0171 1176 1394ohci - ok
13:57:19.0202 1176 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:57:19.0218 1176 ACPI - ok
13:57:19.0249 1176 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:57:19.0249 1176 AcpiPmi - ok
13:57:19.0296 1176 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:57:19.0311 1176 adp94xx - ok
13:57:19.0327 1176 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:57:19.0342 1176 adpahci - ok
13:57:19.0358 1176 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:57:19.0374 1176 adpu320 - ok
13:57:19.0405 1176 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:57:19.0420 1176 AeLookupSvc - ok
13:57:19.0483 1176 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:57:19.0498 1176 AFD - ok
13:57:19.0530 1176 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:57:19.0530 1176 agp440 - ok
13:57:19.0561 1176 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:57:19.0561 1176 ALG - ok
13:57:19.0576 1176 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:57:19.0576 1176 aliide - ok
13:57:19.0592 1176 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:57:19.0592 1176 amdide - ok
13:57:19.0623 1176 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:57:19.0623 1176 AmdK8 - ok
13:57:19.0639 1176 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:57:19.0639 1176 AmdPPM - ok
13:57:19.0670 1176 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:57:19.0670 1176 amdsata - ok
13:57:19.0686 1176 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:57:19.0686 1176 amdsbs - ok
13:57:19.0717 1176 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:57:19.0717 1176 amdxata - ok
13:57:19.0748 1176 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:57:19.0748 1176 AppID - ok
13:57:19.0779 1176 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:57:19.0779 1176 AppIDSvc - ok
13:57:19.0810 1176 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:57:19.0810 1176 arc - ok
13:57:19.0826 1176 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:57:19.0826 1176 arcsas - ok
13:57:19.0857 1176 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:57:19.0857 1176 AsyncMac - ok
13:57:19.0888 1176 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:57:19.0904 1176 atapi - ok
13:57:19.0966 1176 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:57:19.0982 1176 AudioEndpointBuilder - ok
13:57:19.0998 1176 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:57:19.0998 1176 AudioSrv - ok
13:57:20.0044 1176 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:57:20.0044 1176 b06bdrv - ok
13:57:20.0091 1176 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:57:20.0091 1176 b57nd60a - ok
13:57:20.0138 1176 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:57:20.0138 1176 BDESVC - ok
13:57:20.0138 1176 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:57:20.0138 1176 Beep - ok
13:57:20.0232 1176 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:57:20.0232 1176 BFE - ok
13:57:20.0310 1176 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
13:57:20.0356 1176 BITS - ok
13:57:20.0388 1176 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:57:20.0388 1176 blbdrive - ok
13:57:20.0419 1176 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:57:20.0419 1176 bowser - ok
13:57:20.0450 1176 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:57:20.0450 1176 BrFiltLo - ok
13:57:20.0466 1176 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:57:20.0466 1176 BrFiltUp - ok
13:57:20.0497 1176 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:57:20.0497 1176 BridgeMP - ok
13:57:20.0544 1176 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:57:20.0544 1176 Browser - ok
13:57:20.0575 1176 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:57:20.0575 1176 Brserid - ok
13:57:20.0590 1176 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:57:20.0590 1176 BrSerWdm - ok
13:57:20.0606 1176 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:57:20.0606 1176 BrUsbMdm - ok
13:57:20.0606 1176 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:57:20.0606 1176 BrUsbSer - ok
13:57:20.0637 1176 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:57:20.0637 1176 BTHMODEM - ok
13:57:20.0684 1176 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:57:20.0684 1176 bthserv - ok
13:57:20.0715 1176 catchme - ok
13:57:20.0731 1176 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:57:20.0731 1176 cdfs - ok
13:57:20.0778 1176 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
13:57:20.0778 1176 cdrom - ok
13:57:20.0824 1176 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:57:20.0824 1176 CertPropSvc - ok
13:57:20.0856 1176 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:57:20.0856 1176 circlass - ok
13:57:20.0887 1176 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:57:20.0887 1176 CLFS - ok
13:57:20.0949 1176 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:57:20.0949 1176 clr_optimization_v2.0.50727_32 - ok
13:57:20.0996 1176 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:57:20.0996 1176 clr_optimization_v2.0.50727_64 - ok
13:57:21.0074 1176 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:57:21.0090 1176 clr_optimization_v4.0.30319_32 - ok
13:57:21.0136 1176 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:57:21.0136 1176 clr_optimization_v4.0.30319_64 - ok
13:57:21.0152 1176 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:57:21.0152 1176 CmBatt - ok
13:57:21.0168 1176 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:57:21.0168 1176 cmdide - ok
13:57:21.0214 1176 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:57:21.0230 1176 CNG - ok
13:57:21.0246 1176 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:57:21.0246 1176 Compbatt - ok
13:57:21.0277 1176 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:57:21.0277 1176 CompositeBus - ok
13:57:21.0292 1176 COMSysApp - ok
13:57:21.0308 1176 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:57:21.0308 1176 crcdisk - ok
13:57:21.0355 1176 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:57:21.0355 1176 CryptSvc - ok
13:57:21.0480 1176 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
13:57:21.0495 1176 cvhsvc - ok
13:57:21.0542 1176 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:57:21.0573 1176 DcomLaunch - ok
13:57:21.0620 1176 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:57:21.0620 1176 defragsvc - ok
13:57:21.0682 1176 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:57:21.0682 1176 DfsC - ok
13:57:21.0714 1176 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:57:21.0729 1176 Dhcp - ok
13:57:21.0745 1176 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:57:21.0745 1176 discache - ok
13:57:21.0776 1176 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:57:21.0792 1176 Disk - ok
13:57:21.0823 1176 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:57:21.0823 1176 Dnscache - ok
13:57:21.0870 1176 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:57:21.0870 1176 dot3svc - ok
13:57:21.0885 1176 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:57:21.0901 1176 DPS - ok
13:57:21.0916 1176 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:57:21.0916 1176 drmkaud - ok
13:57:21.0979 1176 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:57:21.0994 1176 DXGKrnl - ok
13:57:22.0026 1176 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:57:22.0026 1176 EapHost - ok
13:57:22.0150 1176 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:57:22.0213 1176 ebdrv - ok
13:57:22.0306 1176 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:57:22.0306 1176 EFS - ok
13:57:22.0369 1176 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:57:22.0384 1176 ehRecvr - ok
13:57:22.0400 1176 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:57:22.0400 1176 ehSched - ok
13:57:22.0572 1176 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:57:22.0587 1176 elxstor - ok
13:57:23.0211 1176 enterceptAgent (c3d8c7e58d6194286a6d3985cabf19e7) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe
13:57:23.0305 1176 enterceptAgent - ok
13:57:23.0398 1176 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:57:23.0398 1176 ErrDev - ok
13:57:23.0461 1176 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:57:23.0476 1176 EventSystem - ok
13:57:23.0508 1176 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:57:23.0523 1176 exfat - ok
13:57:23.0554 1176 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:57:23.0554 1176 fastfat - ok
13:57:23.0617 1176 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:57:23.0632 1176 Fax - ok
13:57:23.0664 1176 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:57:23.0664 1176 fdc - ok
13:57:23.0679 1176 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:57:23.0679 1176 fdPHost - ok
13:57:23.0695 1176 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:57:23.0695 1176 FDResPub - ok
13:57:23.0710 1176 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:57:23.0710 1176 FileInfo - ok
13:57:23.0742 1176 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:57:23.0742 1176 Filetrace - ok
13:57:23.0788 1176 Firehk (04eb7c3063834c50fef94ae77b05cbf9) C:\Windows\system32\DRIVERS\firehk.sys
13:57:23.0788 1176 Firehk - ok
13:57:23.0788 1176 FirehkMP (04eb7c3063834c50fef94ae77b05cbf9) C:\Windows\system32\DRIVERS\firehk.sys
13:57:23.0804 1176 FirehkMP - ok
13:57:23.0835 1176 firelm01 (91c7c2c38d51a1ab25f909189a2c2db9) C:\Windows\system32\drivers\firelm01.sys
13:57:23.0835 1176 firelm01 - ok
13:57:23.0851 1176 FirePM (7a5af3ee86bbb96a5b2c96facbfe124f) C:\Windows\system32\Drivers\FirePM.sys
13:57:23.0866 1176 FirePM - ok
13:57:23.0882 1176 FireTDI (9d0071cb93c9cebfb927f443c75e3251) C:\Windows\system32\Drivers\FireTDI.sys
13:57:23.0882 1176 FireTDI - ok
13:57:23.0913 1176 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:57:23.0913 1176 flpydisk - ok
13:57:23.0960 1176 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:57:23.0976 1176 FltMgr - ok
13:57:24.0022 1176 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:57:24.0022 1176 FontCache3.0.0.0 - ok
13:57:24.0100 1176 ForceWare Intelligent Application Manager (IAM) (52b58a46beefb238c580b69fd051cb5b) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
13:57:24.0132 1176 ForceWare Intelligent Application Manager (IAM) - ok
13:57:24.0147 1176 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:57:24.0147 1176 FsDepends - ok
13:57:24.0178 1176 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:57:24.0178 1176 Fs_Rec - ok
13:57:24.0225 1176 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:57:24.0241 1176 fvevol - ok
13:57:24.0256 1176 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:57:24.0256 1176 gagp30kx - ok
13:57:24.0319 1176 GameConsoleService (6858c318e8daa40e747e6fb9b214e104) C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
13:57:24.0319 1176 GameConsoleService - ok
13:57:24.0381 1176 GoToAssist (409e81656712cef82d9bc4d527bb3a81) C:\Program Files (x86)\Citrix\GoToAssist\705\g2aservice.exe
13:57:24.0381 1176 GoToAssist - ok
13:57:24.0444 1176 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:57:24.0459 1176 gpsvc - ok
13:57:24.0537 1176 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
13:57:24.0553 1176 Greg_Service - ok
13:57:24.0615 1176 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:57:24.0615 1176 gupdate - ok
13:57:24.0646 1176 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:57:24.0646 1176 gupdatem - ok
13:57:24.0678 1176 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:57:24.0678 1176 gusvc - ok
13:57:24.0771 1176 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:57:24.0771 1176 hcw85cir - ok
13:57:24.0834 1176 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:57:24.0849 1176 HdAudAddService - ok
13:57:24.0880 1176 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:57:24.0880 1176 HDAudBus - ok
13:57:24.0896 1176 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:57:24.0896 1176 HidBatt - ok
13:57:24.0912 1176 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:57:24.0912 1176 HidBth - ok
13:57:24.0927 1176 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:57:24.0927 1176 HidIr - ok
13:57:24.0943 1176 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:57:24.0943 1176 hidserv - ok
13:57:24.0974 1176 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
13:57:24.0974 1176 HidUsb - ok
13:57:25.0005 1176 HIPK (a5fa050ff3a5f3630c2598d32e339def) C:\Windows\system32\drivers\HIPK.sys
13:57:25.0021 1176 HIPK - ok
13:57:25.0036 1176 HIPPSK (e8eb147dc272dba6f0eba31d17e752c6) C:\Windows\system32\drivers\HIPPSK.sys
13:57:25.0036 1176 HIPPSK - ok
13:57:25.0052 1176 HIPQK (1f95e665632a39ac57e1c605e49c5816) C:\Windows\system32\drivers\HIPQK.sys
13:57:25.0052 1176 HIPQK - ok
13:57:25.0146 1176 hips (44cd99a1b57827ed9e98851b0baee851) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe
13:57:25.0146 1176 hips - ok
13:57:25.0177 1176 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:57:25.0177 1176 hkmsvc - ok
13:57:25.0224 1176 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:57:25.0224 1176 HomeGroupListener - ok
13:57:25.0255 1176 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:57:25.0255 1176 HomeGroupProvider - ok
13:57:25.0270 1176 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:57:25.0270 1176 HpSAMD - ok
13:57:25.0333 1176 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:57:25.0364 1176 HTTP - ok
13:57:25.0395 1176 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:57:25.0395 1176 hwpolicy - ok
13:57:25.0411 1176 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:57:25.0411 1176 i8042prt - ok
13:57:25.0458 1176 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:57:25.0473 1176 iaStorV - ok
13:57:25.0551 1176 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:57:25.0567 1176 idsvc - ok
13:57:25.0614 1176 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:57:25.0614 1176 iirsp - ok
13:57:25.0676 1176 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:57:25.0692 1176 IKEEXT - ok
13:57:25.0801 1176 IntcAzAudAddService (2e3b99e8c23be2bf32ebe1db5261f275) C:\Windows\system32\drivers\RTKVHD64.sys
13:57:25.0848 1176 IntcAzAudAddService - ok
13:57:25.0926 1176 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:57:25.0926 1176 intelide - ok
13:57:25.0957 1176 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:57:25.0957 1176 intelppm - ok
13:57:25.0988 1176 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:57:26.0004 1176 IpFilterDriver - ok
13:57:26.0035 1176 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:57:26.0050 1176 iphlpsvc - ok
13:57:26.0066 1176 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:57:26.0066 1176 IPMIDRV - ok
13:57:26.0082 1176 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:57:26.0082 1176 IPNAT - ok
13:57:26.0113 1176 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:57:26.0113 1176 IRENUM - ok
13:57:26.0128 1176 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:57:26.0128 1176 isapnp - ok
13:57:26.0160 1176 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:57:26.0160 1176 iScsiPrt - ok
13:57:26.0191 1176 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
13:57:26.0191 1176 kbdclass - ok
13:57:26.0222 1176 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
13:57:26.0222 1176 kbdhid - ok
13:57:26.0253 1176 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:57:26.0253 1176 KeyIso - ok
13:57:26.0269 1176 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:57:26.0269 1176 KSecDD - ok
13:57:26.0316 1176 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:57:26.0316 1176 KSecPkg - ok
13:57:26.0331 1176 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:57:26.0331 1176 ksthunk - ok
13:57:26.0378 1176 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:57:26.0394 1176 KtmRm - ok
13:57:26.0440 1176 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
13:57:26.0456 1176 LanmanServer - ok
13:57:26.0487 1176 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:57:26.0503 1176 LanmanWorkstation - ok
13:57:26.0534 1176 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:57:26.0534 1176 lltdio - ok
13:57:26.0581 1176 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:57:26.0581 1176 lltdsvc - ok
13:57:26.0612 1176 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:57:26.0612 1176 lmhosts - ok
13:57:26.0643 1176 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:57:26.0643 1176 LSI_FC - ok
13:57:26.0674 1176 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:57:26.0674 1176 LSI_SAS - ok
13:57:26.0690 1176 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:57:26.0690 1176 LSI_SAS2 - ok
13:57:26.0690 1176 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:57:26.0706 1176 LSI_SCSI - ok
13:57:26.0721 1176 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:57:26.0737 1176 luafv - ok
13:57:26.0815 1176 McAfee SiteAdvisor Enterprise Service (20f77f14fe972aa028454047632b2ac8) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
13:57:26.0815 1176 McAfee SiteAdvisor Enterprise Service - ok
13:57:26.0877 1176 McAfeeEngineService (5d992ca633358dd0e7a16d88829da087) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
13:57:26.0877 1176 McAfeeEngineService - ok
13:57:26.0924 1176 McAfeeFramework (062d80f13d762f7bc2f38430d60f5048) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
13:57:26.0924 1176 McAfeeFramework - ok
13:57:26.0955 1176 McShield (40e2dab104501594c8f93fa7bdfd3596) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
13:57:26.0955 1176 McShield - ok
13:57:26.0986 1176 McTaskManager (3077feefa81b025390092f7fbf2b51c5) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
13:57:26.0986 1176 McTaskManager - ok
13:57:27.0033 1176 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:57:27.0033 1176 Mcx2Svc - ok
13:57:27.0064 1176 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:57:27.0064 1176 megasas - ok
13:57:27.0080 1176 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:57:27.0080 1176 MegaSR - ok
13:57:27.0127 1176 mfeapfk (648ec36615abf5ae20e4ef61fedb6b9c) C:\Windows\system32\drivers\mfeapfk.sys
13:57:27.0127 1176 mfeapfk - ok
13:57:27.0174 1176 mfeavfk (93e8625f4f7eb387091557696390a1fc) C:\Windows\system32\drivers\mfeavfk.sys
13:57:27.0189 1176 mfeavfk - ok
13:57:27.0220 1176 mfehidk (dc8c7417254a4f8febdd1257db351147) C:\Windows\system32\drivers\mfehidk.sys
13:57:27.0236 1176 mfehidk - ok
13:57:27.0267 1176 mferkdet (1ee3c78d14024ca7adaa0af53a0037cd) C:\Windows\system32\drivers\mferkdet.sys
13:57:27.0267 1176 mferkdet - ok
13:57:27.0283 1176 mfetdik (b6170fad509317a963be6d4c2e104d2f) C:\Windows\system32\drivers\mfetdik.sys
13:57:27.0283 1176 mfetdik - ok
13:57:27.0330 1176 mfevtp (e1e2edc7753f6a264e0ab77c9ee873d0) C:\Windows\system32\mfevtps.exe
13:57:27.0330 1176 mfevtp - ok
13:57:27.0361 1176 mfewfpk (c0505a334ca4072fd71e7645910699cb) C:\Windows\system32\drivers\mfewfpk.sys
13:57:27.0376 1176 mfewfpk - ok
13:57:27.0408 1176 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:57:27.0408 1176 MMCSS - ok
13:57:27.0423 1176 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:57:27.0423 1176 Modem - ok
13:57:27.0454 1176 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:57:27.0454 1176 monitor - ok
13:57:27.0501 1176 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
13:57:27.0501 1176 mouclass - ok
13:57:27.0517 1176 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:57:27.0517 1176 mouhid - ok
13:57:27.0564 1176 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:57:27.0564 1176 mountmgr - ok
13:57:27.0595 1176 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:57:27.0595 1176 mpio - ok
13:57:27.0626 1176 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:57:27.0626 1176 mpsdrv - ok
13:57:27.0704 1176 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:57:27.0720 1176 MpsSvc - ok
13:57:27.0751 1176 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:57:27.0766 1176 MRxDAV - ok
13:57:27.0798 1176 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:57:27.0798 1176 mrxsmb - ok
13:57:27.0844 1176 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:57:27.0844 1176 mrxsmb10 - ok
13:57:27.0876 1176 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:57:27.0876 1176 mrxsmb20 - ok
13:57:27.0891 1176 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:57:27.0891 1176 msahci - ok
13:57:27.0938 1176 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:57:27.0938 1176 msdsm - ok
13:57:27.0969 1176 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:57:27.0969 1176 MSDTC - ok
13:57:28.0000 1176 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:57:28.0000 1176 Msfs - ok
13:57:28.0032 1176 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:57:28.0032 1176 mshidkmdf - ok
13:57:28.0063 1176 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:57:28.0063 1176 msisadrv - ok
13:57:28.0094 1176 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:57:28.0094 1176 MSiSCSI - ok
13:57:28.0110 1176 msiserver - ok
13:57:28.0125 1176 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:57:28.0125 1176 MSKSSRV - ok
13:57:28.0172 1176 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:57:28.0172 1176 MSPCLOCK - ok
13:57:28.0172 1176 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:57:28.0172 1176 MSPQM - ok
13:57:28.0219 1176 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:57:28.0234 1176 MsRPC - ok
13:57:28.0266 1176 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:57:28.0266 1176 mssmbios - ok
13:57:28.0266 1176 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:57:28.0281 1176 MSTEE - ok
13:57:28.0281 1176 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:57:28.0281 1176 MTConfig - ok
13:57:28.0312 1176 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:57:28.0312 1176 Mup - ok
13:57:28.0344 1176 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:57:28.0359 1176 napagent - ok
13:57:28.0390 1176 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:57:28.0406 1176 NativeWifiP - ok
13:57:28.0484 1176 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:57:28.0500 1176 NDIS - ok
13:57:28.0515 1176 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:57:28.0515 1176 NdisCap - ok
13:57:28.0531 1176 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:57:28.0531 1176 NdisTapi - ok
13:57:28.0578 1176 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:57:28.0578 1176 Ndisuio - ok
13:57:28.0609 1176 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:57:28.0609 1176 NdisWan - ok
13:57:28.0656 1176 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:57:28.0656 1176 NDProxy - ok
13:57:28.0702 1176 NEOFLTR_650_15991 (85e3df39b5c7f5249efd120907c0e2d2) C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS
13:57:28.0702 1176 NEOFLTR_650_15991 - ok
13:57:28.0812 1176 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
13:57:28.0827 1176 Nero BackItUp Scheduler 4.0 - ok
13:57:28.0858 1176 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:57:28.0858 1176 NetBIOS - ok
13:57:28.0890 1176 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:57:28.0890 1176 NetBT - ok
13:57:28.0936 1176 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:57:28.0936 1176 Netlogon - ok
13:57:28.0983 1176 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:57:28.0983 1176 NetTcpPortSharing - ok
13:57:29.0014 1176 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:57:29.0014 1176 nfrd960 - ok
13:57:29.0061 1176 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:57:29.0061 1176 NlaSvc - ok
13:57:29.0092 1176 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:57:29.0092 1176 Npfs - ok
13:57:29.0139 1176 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:57:29.0139 1176 nsi - ok
13:57:29.0155 1176 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:57:29.0155 1176 nsiproxy - ok
13:57:29.0233 1176 nSvcIp (20e179a7fe78b37a02d30c4d34c870e7) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
13:57:29.0233 1176 nSvcIp - ok
13:57:29.0326 1176 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:57:29.0342 1176 Ntfs - ok
13:57:29.0436 1176 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:57:29.0436 1176 Null - ok
13:57:29.0467 1176 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
13:57:29.0467 1176 NVENETFD - ok
13:57:29.0872 1176 nvlddmkm (4628fa8f0cc0d509bc14a223e99d36f3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:57:30.0075 1176 nvlddmkm - ok
13:57:30.0153 1176 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
13:57:30.0153 1176 NVNET - ok
13:57:30.0200 1176 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:57:30.0200 1176 nvraid - ok
13:57:30.0247 1176 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:57:30.0247 1176 nvstor - ok
13:57:30.0262 1176 nvsvc (703f996312202d84663f7c8584acaf55) C:\Windows\system32\nvvsvc.exe
13:57:30.0278 1176 nvsvc - ok
13:57:30.0294 1176 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:57:30.0309 1176 nv_agp - ok
13:57:30.0387 1176 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:57:30.0403 1176 odserv - ok
13:57:30.0434 1176 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:57:30.0434 1176 ohci1394 - ok
13:57:30.0465 1176 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:57:30.0465 1176 ose - ok
13:57:30.0684 1176 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:57:30.0762 1176 osppsvc - ok
13:57:30.0840 1176 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:57:30.0871 1176 p2pimsvc - ok
13:57:30.0902 1176 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:57:30.0902 1176 p2psvc - ok
13:57:30.0949 1176 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:57:30.0949 1176 Parport - ok
13:57:30.0980 1176 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
13:57:30.0980 1176 partmgr - ok
13:57:30.0996 1176 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:57:31.0011 1176 PcaSvc - ok
13:57:31.0042 1176 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:57:31.0042 1176 pci - ok
13:57:31.0058 1176 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:57:31.0058 1176 pciide - ok
13:57:31.0089 1176 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:57:31.0105 1176 pcmcia - ok
13:57:31.0120 1176 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:57:31.0120 1176 pcw - ok
13:57:31.0167 1176 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:57:31.0167 1176 PEAUTH - ok
13:57:31.0245 1176 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:57:31.0261 1176 PerfHost - ok
13:57:31.0354 1176 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:57:31.0370 1176 pla - ok
13:57:31.0448 1176 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:57:31.0464 1176 PlugPlay - ok
13:57:31.0495 1176 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:57:31.0495 1176 PNRPAutoReg - ok
13:57:31.0557 1176 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:57:31.0573 1176 PolicyAgent - ok
13:57:31.0604 1176 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:57:31.0604 1176 Power - ok
13:57:31.0666 1176 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:57:31.0666 1176 PptpMiniport - ok
13:57:31.0698 1176 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:57:31.0698 1176 Processor - ok
13:57:31.0729 1176 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:57:31.0729 1176 ProfSvc - ok
13:57:31.0760 1176 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:57:31.0760 1176 ProtectedStorage - ok
13:57:31.0807 1176 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:57:31.0807 1176 Psched - ok
13:57:31.0885 1176 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:57:31.0900 1176 ql2300 - ok
13:57:31.0963 1176 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:57:31.0963 1176 ql40xx - ok
13:57:31.0994 1176 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:57:31.0994 1176 QWAVEdrv - ok
13:57:31.0994 1176 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:57:31.0994 1176 RasAcd - ok
13:57:32.0025 1176 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:57:32.0025 1176 RasAgileVpn - ok
13:57:32.0041 1176 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:57:32.0056 1176 RasAuto - ok
13:57:32.0072 1176 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:57:32.0072 1176 Rasl2tp - ok
13:57:32.0119 1176 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:57:32.0119 1176 RasPppoe - ok
13:57:32.0134 1176 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:57:32.0134 1176 RasSstp - ok
13:57:32.0181 1176 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:57:32.0181 1176 rdbss - ok
13:57:32.0197 1176 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:57:32.0212 1176 rdpbus - ok
13:57:32.0228 1176 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:57:32.0228 1176 RDPCDD - ok
13:57:32.0244 1176 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:57:32.0244 1176 RDPENCDD - ok
13:57:32.0259 1176 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:57:32.0259 1176 RDPREFMP - ok
13:57:32.0306 1176 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
13:57:32.0306 1176 RDPWD - ok
13:57:32.0337 1176 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:57:32.0337 1176 rdyboost - ok
13:57:32.0384 1176 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:57:32.0384 1176 RemoteAccess - ok
13:57:32.0400 1176 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:57:32.0400 1176 RemoteRegistry - ok
13:57:32.0462 1176 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:57:32.0462 1176 RpcEptMapper - ok
13:57:32.0493 1176 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:57:32.0493 1176 RpcLocator - ok
13:57:32.0540 1176 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
13:57:32.0540 1176 RpcSs - ok
13:57:32.0556 1176 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:57:32.0556 1176 rspndr - ok
13:57:32.0602 1176 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:57:32.0602 1176 SamSs - ok
13:57:32.0634 1176 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:57:32.0634 1176 sbp2port - ok
13:57:32.0665 1176 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:57:32.0665 1176 SCardSvr - ok
13:57:32.0696 1176 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:57:32.0696 1176 scfilter - ok
13:57:32.0774 1176 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:57:32.0790 1176 Schedule - ok
13:57:32.0836 1176 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:57:32.0836 1176 SCPolicySvc - ok
13:57:32.0852 1176 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:57:32.0868 1176 SDRSVC - ok
13:57:32.0899 1176 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:57:32.0914 1176 secdrv - ok
13:57:32.0961 1176 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:57:32.0961 1176 seclogon - ok
13:57:32.0992 1176 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:57:32.0992 1176 Serenum - ok
13:57:33.0008 1176 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:57:33.0008 1176 Serial - ok
13:57:33.0055 1176 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:57:33.0055 1176 sermouse - ok
13:57:33.0102 1176 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:57:33.0102 1176 sffdisk - ok
13:57:33.0117 1176 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:57:33.0117 1176 sffp_mmc - ok
13:57:33.0133 1176 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:57:33.0133 1176 sffp_sd - ok
13:57:33.0133 1176 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:57:33.0133 1176 sfloppy - ok
13:57:33.0211 1176 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
13:57:33.0226 1176 Sftfs - ok
13:57:33.0336 1176 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
13:57:33.0336 1176 sftlist - ok
13:57:33.0367 1176 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
13:57:33.0382 1176 Sftplay - ok
13:57:33.0398 1176 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
13:57:33.0398 1176 Sftredir - ok
13:57:33.0414 1176 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
13:57:33.0414 1176 Sftvol - ok
13:57:33.0429 1176 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
13:57:33.0445 1176 sftvsa - ok
13:57:33.0476 1176 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:57:33.0476 1176 SharedAccess - ok
13:57:33.0523 1176 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:57:33.0523 1176 ShellHWDetection - ok
13:57:33.0570 1176 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:57:33.0570 1176 SiSRaid2 - ok
13:57:33.0570 1176 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:57:33.0585 1176 SiSRaid4 - ok
13:57:33.0601 1176 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:57:33.0601 1176 Smb - ok
13:57:33.0632 1176 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:57:33.0632 1176 SNMPTRAP - ok
13:57:33.0648 1176 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:57:33.0648 1176 spldr - ok
13:57:33.0694 1176 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:57:33.0710 1176 Spooler - ok
13:57:33.0866 1176 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:57:33.0913 1176 sppsvc - ok
13:57:34.0038 1176 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:57:34.0053 1176 srv - ok
13:57:34.0084 1176 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:57:34.0084 1176 srv2 - ok
13:57:34.0100 1176 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:57:34.0116 1176 srvnet - ok
13:57:34.0147 1176 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:57:34.0162 1176 SSDPSRV - ok
13:57:34.0178 1176 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:57:34.0178 1176 SstpSvc - ok
13:57:34.0209 1176 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:57:34.0209 1176 stexstor - ok
13:57:34.0240 1176 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
13:57:34.0240 1176 StillCam - ok
13:57:34.0303 1176 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:57:34.0318 1176 stisvc - ok
13:57:34.0350 1176 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:57:34.0350 1176 swenum - ok
13:57:34.0396 1176 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:57:34.0412 1176 swprv - ok
13:57:34.0459 1176 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:57:34.0459 1176 TabletInputService - ok
13:57:34.0506 1176 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:57:34.0506 1176 TapiSrv - ok
13:57:34.0521 1176 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:57:34.0537 1176 TBS - ok
13:57:34.0630 1176 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
13:57:34.0662 1176 Tcpip - ok
13:57:34.0818 1176 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
13:57:34.0818 1176 TCPIP6 - ok
13:57:34.0896 1176 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:57:34.0911 1176 tcpipreg - ok
13:57:34.0942 1176 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:57:34.0942 1176 TDPIPE - ok
13:57:34.0974 1176 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:57:34.0974 1176 TDTCP - ok
13:57:35.0020 1176 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:57:35.0020 1176 tdx - ok
13:57:35.0067 1176 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:57:35.0067 1176 TermDD - ok
13:57:35.0114 1176 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:57:35.0114 1176 TermService - ok
13:57:35.0145 1176 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:57:35.0161 1176 Themes - ok
13:57:35.0176 1176 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:57:35.0176 1176 THREADORDER - ok
13:57:35.0192 1176 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:57:35.0192 1176 TrkWks - ok
13:57:35.0239 1176 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:57:35.0239 1176 TrustedInstaller - ok
13:57:35.0286 1176 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:57:35.0286 1176 tssecsrv - ok
13:57:35.0332 1176 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:57:35.0332 1176 TsUsbFlt - ok
13:57:35.0379 1176 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:57:35.0379 1176 tunnel - ok
13:57:35.0395 1176 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:57:35.0395 1176 uagp35 - ok
13:57:35.0442 1176 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:57:35.0442 1176 udfs - ok
13:57:35.0473 1176 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:57:35.0473 1176 UI0Detect - ok
13:57:35.0520 1176 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:57:35.0520 1176 uliagpkx - ok
13:57:35.0566 1176 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:57:35.0566 1176 umbus - ok
13:57:35.0598 1176 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:57:35.0598 1176 UmPass - ok
13:57:35.0676 1176 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
13:57:35.0676 1176 Updater Service - ok
13:57:35.0691 1176 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:57:35.0691 1176 usbccgp - ok
13:57:35.0738 1176 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:57:35.0738 1176 usbcir - ok
13:57:35.0754 1176 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:57:35.0754 1176 usbehci - ok
13:57:35.0785 1176 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:57:35.0800 1176 usbhub - ok
13:57:35.0816 1176 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
13:57:35.0816 1176 usbohci - ok
13:57:35.0847 1176 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:57:35.0847 1176 usbprint - ok
13:57:35.0863 1176 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:57:35.0863 1176 USBSTOR - ok
13:57:35.0894 1176 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:57:35.0894 1176 usbuhci - ok
13:57:35.0925 1176 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:57:35.0925 1176 UxSms - ok
13:57:35.0956 1176 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:57:35.0956 1176 VaultSvc - ok
13:57:36.0003 1176 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:57:36.0003 1176 vdrvroot - ok
13:57:36.0050 1176 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:57:36.0066 1176 vds - ok
13:57:36.0097 1176 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:57:36.0097 1176 vga - ok
13:57:36.0112 1176 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:57:36.0112 1176 VgaSave - ok
13:57:36.0159 1176 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:57:36.0159 1176 vhdmp - ok
13:57:36.0175 1176 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:57:36.0175 1176 viaide - ok
13:57:36.0206 1176 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:57:36.0206 1176 volmgr - ok
13:57:36.0253 1176 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:57:36.0253 1176 volmgrx - ok
13:57:36.0268 1176 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:57:36.0284 1176 volsnap - ok
13:57:36.0315 1176 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:57:36.0315 1176 vsmraid - ok
13:57:36.0409 1176 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:57:36.0440 1176 VSS - ok
13:57:36.0534 1176 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:57:36.0534 1176 vwifibus - ok
13:57:36.0565 1176 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:57:36.0580 1176 W32Time - ok
13:57:36.0596 1176 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:57:36.0612 1176 WacomPen - ok
13:57:36.0643 1176 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:57:36.0658 1176 WANARP - ok
13:57:36.0658 1176 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:57:36.0674 1176 Wanarpv6 - ok
13:57:36.0768 1176 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:57:36.0783 1176 WatAdminSvc - ok
13:57:36.0861 1176 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:57:36.0892 1176 wbengine - ok
13:57:36.0970 1176 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:57:36.0970 1176 WbioSrvc - ok
13:57:36.0986 1176 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:57:36.0986 1176 Wd - ok
13:57:37.0033 1176 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:57:37.0048 1176 Wdf01000 - ok
13:57:37.0064 1176 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:57:37.0064 1176 WdiServiceHost - ok
13:57:37.0080 1176 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:57:37.0080 1176 WdiSystemHost - ok
13:57:37.0111 1176 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:57:37.0111 1176 Wecsvc - ok
13:57:37.0142 1176 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:57:37.0142 1176 wercplsupport - ok
13:57:37.0173 1176 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:57:37.0189 1176 WerSvc - ok
13:57:37.0204 1176 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:57:37.0204 1176 WfpLwf - ok
13:57:37.0220 1176 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:57:37.0220 1176 WIMMount - ok
13:57:37.0267 1176 WinDefend - ok
13:57:37.0298 1176 WinHttpAutoProxySvc - ok
13:57:37.0360 1176 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:57:37.0360 1176 Winmgmt - ok
13:57:37.0470 1176 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:57:37.0485 1176 WinRM - ok
13:57:37.0641 1176 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:57:37.0641 1176 WinUsb - ok
13:57:37.0704 1176 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:57:37.0735 1176 Wlansvc - ok
13:57:37.0766 1176 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:57:37.0766 1176 WmiAcpi - ok
13:57:37.0797 1176 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:57:37.0813 1176 wmiApSrv - ok
13:57:37.0860 1176 WMPNetworkSvc - ok
13:57:37.0860 1176 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:57:37.0860 1176 WPCSvc - ok
13:57:37.0891 1176 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:57:37.0906 1176 ws2ifsl - ok
13:57:37.0922 1176 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
13:57:37.0922 1176 wscsvc - ok
13:57:37.0953 1176 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
13:57:37.0969 1176 WSDPrintDevice - ok
13:57:37.0969 1176 WSearch - ok
13:57:38.0109 1176 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
13:57:38.0156 1176 wuauserv - ok
13:57:38.0265 1176 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:57:38.0265 1176 WudfPf - ok
13:57:38.0296 1176 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:57:38.0296 1176 WUDFRd - ok
13:57:38.0343 1176 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:57:38.0343 1176 wudfsvc - ok
13:57:38.0359 1176 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:57:38.0530 1176 \Device\Harddisk0\DR0 - ok
13:57:38.0546 1176 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk6\DR6
13:57:41.0089 1176 \Device\Harddisk6\DR6 - ok
13:57:41.0089 1176 Boot (0x1200) (d036e113575dfa8ffbb5433056c42f05) \Device\Harddisk0\DR0\Partition0
13:57:41.0089 1176 \Device\Harddisk0\DR0\Partition0 - ok
13:57:41.0104 1176 Boot (0x1200) (746b181eee7ccddee670eeeea38426fd) \Device\Harddisk0\DR0\Partition1
13:57:41.0104 1176 \Device\Harddisk0\DR0\Partition1 - ok
13:57:41.0104 1176 Boot (0x1200) (cb56ba5c445e01e2b446d66c088a6de9) \Device\Harddisk6\DR6\Partition0
13:57:41.0104 1176 \Device\Harddisk6\DR6\Partition0 - ok
13:57:41.0120 1176 ============================================================
13:57:41.0120 1176 Scan finished
13:57:41.0120 1176 ============================================================
13:57:41.0120 0304 Detected object count: 0
13:57:41.0120 0304 Actual detected object count: 0
13:57:55.0581 0972 Deinitialize success

#20
el_jack

Posted 08 August 2012 - 03:06 PM

New Member

Members
32 posts

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
McAfee VirusScan Enterprise
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
McAfee AntiSpyware Enterprise Module
McAfee SiteAdvisor Enterprise Plus
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 29
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Back to Resolved HijackThis Logs · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Malwarebytes

The specified service does not exist as an installed service

#1
el_jack

Posted 31 July 2012 - 10:32 AM

#2
screen317

Posted 31 July 2012 - 10:34 AM

#3
el_jack

Posted 01 August 2012 - 02:22 PM

#4
screen317

Posted 01 August 2012 - 10:59 PM

#5
el_jack

Posted 01 August 2012 - 11:49 PM

#6
screen317

Posted 02 August 2012 - 02:40 PM

#7
el_jack

Posted 02 August 2012 - 02:47 PM

#8
screen317

Posted 02 August 2012 - 03:11 PM

#9
el_jack

Posted 02 August 2012 - 03:36 PM

#10
screen317

Posted 06 August 2012 - 10:43 AM

#11
el_jack

Posted 06 August 2012 - 12:05 PM

#12
el_jack

Posted 06 August 2012 - 12:07 PM

#13
screen317

Posted 07 August 2012 - 11:19 AM

#14
el_jack

Posted 08 August 2012 - 10:08 AM

#15
el_jack

Posted 08 August 2012 - 10:31 AM

#16
el_jack

Posted 08 August 2012 - 10:31 AM

#17
el_jack

Posted 08 August 2012 - 10:32 AM

#18
screen317

Posted 08 August 2012 - 01:07 PM

#19
el_jack

Posted 08 August 2012 - 03:05 PM

#20
el_jack

Posted 08 August 2012 - 03:06 PM

1 user(s) are reading this topic

Products

About

Partners

Follow Us

Malwarebytes

The specified service does not exist as an installed service

#1 el_jack Posted 31 July 2012 - 10:32 AM

#2 screen317 Posted 31 July 2012 - 10:34 AM

#3 el_jack Posted 01 August 2012 - 02:22 PM

#4 screen317 Posted 01 August 2012 - 10:59 PM

#5 el_jack Posted 01 August 2012 - 11:49 PM

#6 screen317 Posted 02 August 2012 - 02:40 PM

#7 el_jack Posted 02 August 2012 - 02:47 PM

#8 screen317 Posted 02 August 2012 - 03:11 PM

#9 el_jack Posted 02 August 2012 - 03:36 PM

#10 screen317 Posted 06 August 2012 - 10:43 AM

#11 el_jack Posted 06 August 2012 - 12:05 PM

#12 el_jack Posted 06 August 2012 - 12:07 PM

#13 screen317 Posted 07 August 2012 - 11:19 AM

#14 el_jack Posted 08 August 2012 - 10:08 AM

#15 el_jack Posted 08 August 2012 - 10:31 AM

#16 el_jack Posted 08 August 2012 - 10:31 AM

#17 el_jack Posted 08 August 2012 - 10:32 AM

#18 screen317 Posted 08 August 2012 - 01:07 PM

#19 el_jack Posted 08 August 2012 - 03:05 PM

#20 el_jack Posted 08 August 2012 - 03:06 PM

1 user(s) are reading this topic

Products

About

Partners

Follow Us

#1
el_jack

Posted 31 July 2012 - 10:32 AM

#2
screen317

Posted 31 July 2012 - 10:34 AM

#3
el_jack

Posted 01 August 2012 - 02:22 PM

#4
screen317

Posted 01 August 2012 - 10:59 PM

#5
el_jack

Posted 01 August 2012 - 11:49 PM

#6
screen317

Posted 02 August 2012 - 02:40 PM

#7
el_jack

Posted 02 August 2012 - 02:47 PM

#8
screen317

Posted 02 August 2012 - 03:11 PM

#9
el_jack

Posted 02 August 2012 - 03:36 PM

#10
screen317

Posted 06 August 2012 - 10:43 AM

#11
el_jack

Posted 06 August 2012 - 12:05 PM

#12
el_jack

Posted 06 August 2012 - 12:07 PM

#13
screen317

Posted 07 August 2012 - 11:19 AM

#14
el_jack

Posted 08 August 2012 - 10:08 AM

#15
el_jack

Posted 08 August 2012 - 10:31 AM

#16
el_jack

Posted 08 August 2012 - 10:31 AM

#17
el_jack

Posted 08 August 2012 - 10:32 AM

#18
screen317

Posted 08 August 2012 - 01:07 PM

#19
el_jack

Posted 08 August 2012 - 03:05 PM

#20
el_jack

Posted 08 August 2012 - 03:06 PM