el_jack

The specified service does not exist as an installed service

26 posts in this topic

The machine in question is a emachine running windows 7. It had viruses on it. It will not allow me to open device manager or any other service. The message box says " The specified service does not exist as an installed service. I ran malwarebytes and removed 4 viruses and how I did that was by taking the hardrive and docking it in a usb stand and scanned it on another pc. I hook the hard drive in the pc it belongs in and it still is doing the same thing. It is not allowing me to access device manager, Malwarebyte or any service. The machine is hard wired to internet but it says not connected. In safe mode with networking I still can not connect to internet but Malwarebyte runs. I ran it again and the machine shows no infections. I tried the device manager but It opened with no icons the window is blank. How can I fix this? I know there is a hidden service running in the background I want to unhide it or delete it.

Thanks

Share this post


Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Transfer any needed tools from a clean computer via flash drive or CD.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Share this post


Link to post
Share on other sites

hello

Here is the malware quick scan and dds

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.03.05

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Receptionist :: RECEPTIONIST-PC [administrator]

8/1/2012 2:17:38 PM

mbam-log-2012-08-01 (14-17-38).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 210422

Time elapsed: 2 minute(s), 13 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Here is the dds scan

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.5.0_17

Run by Receptionist at 13:51:01 on 2012-08-01

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.3384 [GMT -5:00]

.

AV: McAfee VirusScan Enterprise *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Host Intrusion Prevention Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\mfevtps.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80273&lng=en

uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=17360910a116p0455v115r4582s216

uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language

mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=17360910a116p0455v115r4582s216

mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=17360910a116p0455v115r4582s216

uURLSearchHooks: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

BHO: : {ccb69577-088b-4004-9ed8-ff5bcc83a039} - C:\PROGRA~2\REBATE~1\RebateI.dll

BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - C:\PROGRA~2\INBOXT~1\Inbox.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [vchap] rundll32.exe "C:\Users\RECEPT~1\AppData\Local\Temp\vchap.dll",IsConvertImagesDialogShowed

uRun: [PortableMedia] "C:\Users\Receptionist\AppData\Local\Portable\PortableMedia.exe" /b

uRun: [pasfri] rundll32.exe "C:\Users\RECEPT~1\AppData\Local\Temp\pasfri.dll",QuaternionLn

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe

mRun: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

mRun: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"

mRun: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"

mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

Trusted Zone: agencyanywhere.agency.ni.nwie.net

Trusted Zone: skilldialogue.com

Trusted Zone: skillport.com

DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://logic.live.primorisservices.com/systemInfo/ScriptX/smsx.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {9916D178-71C8-4764-969C-95B9B67A1F76} - hxxps://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB

DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx

DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://agents.nationwide.com/dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 10.1.10.1

TCP: Interfaces\{B91B9BA9-4B3F-4729-B204-73F2C2BCEE58} : DhcpNameServer = 10.1.10.1

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll

Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~2\REBATE~1\RebateI.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

BHO-X64: : {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~2\REBATE~1\RebateI.dll

BHO-X64: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

TB-X64: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe

mRun-x64: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

mRun-x64: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"

mRun-x64: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"

mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

mRun-x64: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);\??\C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS --> C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS [?]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R3 FirehkMP;FirehkMP;C:\Windows\system32\DRIVERS\firehk.sys --> C:\Windows\system32\DRIVERS\firehk.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

S2 enterceptAgent;McAfee Host Intrusion Prevention Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-6-15 1498224]

S2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176]

S2 hips;McAfee HIPSCore Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2011-2-7 39840]

S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-3-25 226624]

S2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-8-25 20792]

S2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-1-12 120128]

S2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2011-5-10 183040]

S2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2010-8-25 66880]

S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

S2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-5-3 243232]

S3 Firehk;McAfee NDIS Intermediate Filter;C:\Windows\system32\DRIVERS\firehk.sys --> C:\Windows\system32\DRIVERS\firehk.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176]

S3 HIPK;McAfee Inc. HIPK;C:\Windows\system32\drivers\HIPK.sys --> C:\Windows\system32\drivers\HIPK.sys [?]

S3 HIPPSK;McAfee Inc. HIPPSK;C:\Windows\system32\drivers\HIPPSK.sys --> C:\Windows\system32\drivers\HIPPSK.sys [?]

S3 HIPQK;McAfee Inc. HIPQK;C:\Windows\system32\drivers\HIPQK.sys --> C:\Windows\system32\drivers\HIPQK.sys [?]

S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-05-21 21:28:57 102248 ----a-w- C:\Users\Receptionist\GoToAssistDownloadHelper.exe

.

============= FINISH: 13:51:48.20 ===============

Share this post


Link to post
Share on other sites

here is the combofix txt file and new dds text file

ComboFix 12-07-31.03 - Receptionist 08/01/2012 23:35:07.1.1 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.3375 [GMT -5:00]

Running from: c:\users\Receptionist\Desktop\ComboFix.exe

AV: McAfee VirusScan Enterprise *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Host Intrusion Prevention Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\RECEPT~1\AppData\Local\Temp\pasfri.dll

c:\users\Receptionist\GoToAssistDownloadHelper.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))

.

.

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-03 18:46 . 2011-12-05 20:34 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-11 08:15 . 2010-09-09 18:30 57848688 ----a-w- c:\windows\system32\MRT.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}]

2011-10-25 03:01 832680 ----a-w- c:\progra~2\REBATE~1\RebateI.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2010-03-26 563744]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]

"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]

"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]

"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

R2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 136176]

R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-03-25 226624]

R2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-08-26 20792]

R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

R2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232]

R3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\DRIVERS\firehk.sys [2008-10-17 56648]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 136176]

R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2010-06-15 138904]

R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2010-06-15 45424]

R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2010-06-15 40152]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-19 100520]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-09 1255736]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

R4 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-06-15 1498224]

R4 hips;McAfee HIPSCore Service;c:\program files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2010-06-15 39840]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-19 281416]

S1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);c:\windows\system32\Drivers\NEOFLTR_650_15991.SYS [2010-06-08 100472]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-04-19 156248]

S3 FirehkMP;FirehkMP;c:\windows\system32\DRIVERS\firehk.sys [2008-10-17 56648]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 19:38]

.

2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 19:38]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80273&lng=en

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=17360910a116p0455v115r4582s216

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: agencyanywhere.agency.ni.nwie.net

Trusted Zone: skilldialogue.com

Trusted Zone: skillport.com

TCP: DhcpNameServer = 10.1.10.1

Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - c:\progra~2\REBATE~1\RebateI.dll

DPF: {9916D178-71C8-4764-969C-95B9B67A1F76} - hxxps://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-PortableMedia - c:\users\Receptionist\AppData\Local\Portable\PortableMedia.exe

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Network Associates]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-08-01 23:45:18 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-02 04:45

.

Pre-Run: 420,662,083,584 bytes free

Post-Run: 420,605,194,240 bytes free

.

- - End Of File - - 4A08DEE2E1A07AAA1E23777F6B1BB142

---------dds-------------file

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.5.0_17

Run by Receptionist at 23:46:43 on 2012-08-01

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.3262 [GMT -5:00]

.

AV: McAfee VirusScan Enterprise *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Host Intrusion Prevention Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\mfevtps.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80273&lng=en

mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=17360910a116p0455v115r4582s216

uURLSearchHooks: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

BHO: : {ccb69577-088b-4004-9ed8-ff5bcc83a039} - C:\PROGRA~2\REBATE~1\RebateI.dll

BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - C:\PROGRA~2\INBOXT~1\Inbox.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"

mRun: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"

mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

Trusted Zone: agencyanywhere.agency.ni.nwie.net

Trusted Zone: skilldialogue.com

Trusted Zone: skillport.com

DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://logic.live.primorisservices.com/systemInfo/ScriptX/smsx.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {9916D178-71C8-4764-969C-95B9B67A1F76} - hxxps://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB

DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx

DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://agents.nationwide.com/dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 10.1.10.1

TCP: Interfaces\{B91B9BA9-4B3F-4729-B204-73F2C2BCEE58} : DhcpNameServer = 10.1.10.1

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll

Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~2\REBATE~1\RebateI.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

BHO-X64: : {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~2\REBATE~1\RebateI.dll

BHO-X64: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

TB-X64: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"

mRun-x64: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"

mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

mRun-x64: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);\??\C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS --> C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS [?]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R3 FirehkMP;FirehkMP;C:\Windows\system32\DRIVERS\firehk.sys --> C:\Windows\system32\DRIVERS\firehk.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

S2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176]

S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-3-25 226624]

S2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-8-25 20792]

S2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-1-12 120128]

S2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2011-5-10 183040]

S2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2010-8-25 66880]

S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

S2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-5-3 243232]

S3 Firehk;McAfee NDIS Intermediate Filter;C:\Windows\system32\DRIVERS\firehk.sys --> C:\Windows\system32\DRIVERS\firehk.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176]

S3 HIPK;McAfee Inc. HIPK;C:\Windows\system32\drivers\HIPK.sys --> C:\Windows\system32\drivers\HIPK.sys [?]

S3 HIPPSK;McAfee Inc. HIPPSK;C:\Windows\system32\drivers\HIPPSK.sys --> C:\Windows\system32\drivers\HIPPSK.sys [?]

S3 HIPQK;McAfee Inc. HIPQK;C:\Windows\system32\drivers\HIPQK.sys --> C:\Windows\system32\drivers\HIPQK.sys [?]

S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S4 enterceptAgent;McAfee Host Intrusion Prevention Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-6-15 1498224]

S4 hips;McAfee HIPSCore Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2011-2-7 39840]

.

=============== Created Last 30 ================

.

2012-08-02 04:41:35 -------- d-----w- C:\$RECYCLE.BIN

2012-08-02 04:21:07 98816 ----a-w- C:\Windows\sed.exe

2012-08-02 04:21:07 518144 ----a-w- C:\Windows\SWREG.exe

2012-08-02 04:21:07 256000 ----a-w- C:\Windows\PEV.exe

2012-08-02 04:21:07 208896 ----a-w- C:\Windows\MBR.exe

.

==================== Find3M ====================

.

2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

.

============= FINISH: 23:46:57.04 ===============

Share this post


Link to post
Share on other sites

Hi,

I suggest uninstalling this:

Rebate Informer

Reboot.

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Share this post


Link to post
Share on other sites

hello I reposted again (sorry)and another member suggested roguekill and here are the results from both dds attatch and rogue kill text

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.5.0_17

Run by Receptionist at 13:14:51 on 2012-08-02

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.3410 [GMT -5:00]

.

AV: McAfee VirusScan Enterprise *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Host Intrusion Prevention Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\mfevtps.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80273&lng=en

mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=17360910a116p0455v115r4582s216

uURLSearchHooks: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

BHO: : {ccb69577-088b-4004-9ed8-ff5bcc83a039} - C:\PROGRA~2\REBATE~1\RebateI.dll

BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - C:\PROGRA~2\INBOXT~1\Inbox.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"

mRun: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"

mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

Trusted Zone: agencyanywhere.agency.ni.nwie.net

Trusted Zone: skilldialogue.com

Trusted Zone: skillport.com

DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://logic.live.primorisservices.com/systemInfo/ScriptX/smsx.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {9916D178-71C8-4764-969C-95B9B67A1F76} - hxxps://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB

DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx

DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://agents.nationwide.com/dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 10.1.10.1

TCP: Interfaces\{B91B9BA9-4B3F-4729-B204-73F2C2BCEE58} : DhcpNameServer = 10.1.10.1

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll

Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~2\REBATE~1\RebateI.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

BHO-X64: : {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~2\REBATE~1\RebateI.dll

BHO-X64: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

TB-X64: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"

mRun-x64: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"

mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

mRun-x64: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);\??\C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS --> C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS [?]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R3 FirehkMP;FirehkMP;C:\Windows\system32\DRIVERS\firehk.sys --> C:\Windows\system32\DRIVERS\firehk.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

S2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176]

S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-3-25 226624]

S2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-8-25 20792]

S2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-1-12 120128]

S2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2011-5-10 183040]

S2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2010-8-25 66880]

S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

S2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-5-3 243232]

S3 Firehk;McAfee NDIS Intermediate Filter;C:\Windows\system32\DRIVERS\firehk.sys --> C:\Windows\system32\DRIVERS\firehk.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176]

S3 HIPK;McAfee Inc. HIPK;C:\Windows\system32\drivers\HIPK.sys --> C:\Windows\system32\drivers\HIPK.sys [?]

S3 HIPPSK;McAfee Inc. HIPPSK;C:\Windows\system32\drivers\HIPPSK.sys --> C:\Windows\system32\drivers\HIPPSK.sys [?]

S3 HIPQK;McAfee Inc. HIPQK;C:\Windows\system32\drivers\HIPQK.sys --> C:\Windows\system32\drivers\HIPQK.sys [?]

S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S4 enterceptAgent;McAfee Host Intrusion Prevention Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-6-15 1498224]

S4 hips;McAfee HIPSCore Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2011-2-7 39840]

.

=============== Created Last 30 ================

.

2012-08-02 16:53:00 -------- d-----w- C:\Users\Receptionist\AppData\Roaming\WildTangent

2012-08-02 04:41:35 -------- d-----w- C:\$RECYCLE.BIN

2012-08-02 04:21:07 98816 ----a-w- C:\Windows\sed.exe

2012-08-02 04:21:07 518144 ----a-w- C:\Windows\SWREG.exe

2012-08-02 04:21:07 256000 ----a-w- C:\Windows\PEV.exe

2012-08-02 04:21:07 208896 ----a-w- C:\Windows\MBR.exe

.

==================== Find3M ====================

.

2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

.

============= FINISH: 13:15:47.95 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 9/9/2010 12:55:23 PM

System Uptime: 8/2/2012 1:13:52 PM (0 hours ago)

.

Motherboard: eMachines | | ET1350

Processor: AMD Athlon II 160u Processor | CPU 1 | 1808/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 447 GiB total, 392.849 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP113: 4/26/2012 4:05:30 PM - Scheduled Checkpoint

RP114: 5/4/2012 2:30:15 PM - Scheduled Checkpoint

RP115: 5/10/2012 7:34:04 AM - Windows Update

RP116: 5/11/2012 3:00:12 AM - Windows Update

RP117: 5/22/2012 1:48:14 PM - Scheduled Checkpoint

RP118: 5/30/2012 9:04:40 AM - Scheduled Checkpoint

RP119: 6/11/2012 2:09:39 PM - Scheduled Checkpoint

RP120: 7/3/2012 10:57:09 AM - Scheduled Checkpoint

RP121: 7/11/2012 12:00:05 AM - Scheduled Checkpoint

RP122: 7/20/2012 5:12:43 PM - Scheduled Checkpoint

RP123: 8/2/2012 12:37:59 PM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader 9.4.6 MUI

Advertising Center

AppGraffiti

Bejeweled 2 Deluxe

Blackhawk Striker 2

Bob the Builder Can-Do-Zoo

Brother MFL-Pro Suite MFC-8480DN

Build-a-lot 2

Citrix XenApp Plugin for Hosted Apps

Compatibility Pack for the 2007 Office system

CyberLink PowerDVD 9

eBay Worldwide

eMachines Game Console

eMachines Games

eMachines Recovery Management

eMachines Registration

eMachines ScreenSaver

eMachines Updater

Escape Rosecliff Island

Faerie Solitaire

Google Toolbar for Internet Explorer

Google Update Helper

GoToAssist Corporate

Hotkey Utility

Identity Card

ImagXpress

Inbox Toolbar

Internet TV for Windows Media Center

J2SE Runtime Environment 5.0 Update 17

Java Auto Updater

Java 6 Update 29

Jewel Quest Solitaire 3

Juniper Networks Host Checker

Juniper Networks Secure Application Manager

Juniper Networks Setup Client

Junk Mail filter update

Malwarebytes Anti-Malware version 1.62.0.1300

McAfee Agent

McAfee AntiSpyware Enterprise Module

McAfee Host Intrusion Prevention

McAfee SiteAdvisor Enterprise Plus

McAfee VirusScan Enterprise

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Click-to-Run 2010

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Business 2010 - English

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Monopoly

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery P.I. - Lost in Los Angeles

Nero 9 Essentials

Nero ControlCenter

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero StartSmart

Nero StartSmart Help

Nero StartSmart OEM

NeroExpress

neroxml

NVIDIA ForceWare Network Access Manager

Penguins!

Plants vs. Zombies

Polar Bowler

Polar Golfer

Realtek High Definition Audio Driver

RebateInformer

ScanSoft PaperPort 11

Scrabble Plus

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

System Information Reporter

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Virtual Families

Virtual Villagers - A New Home

Welcome Center

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Media Center Add-in for Flash

Yahoo! BrowserPlus 2.9.8

Yahtzee

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

8/2/2012 12:44:16 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

8/2/2012 12:30:33 PM, Error: Service Control Manager [7024] - The Disk Defragmenter service terminated with service-specific error %%-2147023834.

8/2/2012 11:36:19 AM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.

8/2/2012 11:36:15 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

8/2/2012 11:35:25 AM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

8/2/2012 11:35:21 AM, Error: Service Control Manager [7023] - The seclogon service terminated with the following error: The specified procedure could not be found.

8/2/2012 1:14:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

8/2/2012 1:14:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

8/2/2012 1:14:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/2/2012 1:14:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/2/2012 1:14:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

8/2/2012 1:14:23 PM, Error: Service Control Manager [7023] - The Power service terminated with the following error: The service has not been started.

8/2/2012 1:14:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6

8/2/2012 1:14:19 PM, Error: Service Control Manager [7003] - The Workstation service depends the following service: NSI. This service might not be installed.

8/2/2012 1:14:19 PM, Error: Service Control Manager [7003] - The DNS Client service depends the following service: NSI. This service might not be installed.

8/2/2012 1:14:19 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

8/2/2012 1:14:18 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error The parameter is incorrect..

8/2/2012 1:14:18 PM, Error: Service Control Manager [7003] - The Telephony service depends the following service: PlugPlay. This service might not be installed.

8/2/2012 1:14:18 PM, Error: Service Control Manager [7003] - The Network Location Awareness service depends the following service: NSI. This service might not be installed.

8/2/2012 1:14:18 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: Netman. This service might not be installed.

8/2/2012 1:14:18 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

8/2/2012 1:14:17 PM, Error: Service Control Manager [7003] - The IP Helper service depends the following service: NSI. This service might not be installed.

8/2/2012 1:14:15 PM, Error: Service Control Manager [7003] - The Windows Driver Foundation - User-mode Driver Framework service depends the following service: PlugPlay. This service might not be installed.

8/2/2012 1:14:15 PM, Error: Service Control Manager [7003] - The Windows Audio Endpoint Builder service depends the following service: PlugPlay. This service might not be installed.

8/2/2012 1:14:15 PM, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: NSI. This service might not be installed.

8/2/2012 1:14:15 PM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

8/1/2012 11:41:23 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

8/1/2012 11:40:23 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

8/1/2012 11:39:52 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

8/1/2012 11:33:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

8/1/2012 11:30:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

8/1/2012 1:46:52 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service has not been started.

.

==== End Of File ===========================

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User: Receptionist [Admin rights]

Mode: Scan -- Date: 08/02/2012 13:21:00

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤

[sCRSV] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Users\RECEPT~1\Desktop\dds.scr) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\users\receptionist\appdata\local\{141217f5-01f1-cc55-56ea-e23dae3f84a7}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\receptionist\appdata\local\{141217f5-01f1-cc55-56ea-e23dae3f84a7}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\receptionist\appdata\local\{141217f5-01f1-cc55-56ea-e23dae3f84a7}\L --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] 716b200493e5deeed3a0e18a51753e52

[bSP] ec2b29426b3d17b2394cf4039c4cd572 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 19456 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 39847936 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 40052736 | Size: 457382 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Share this post


Link to post
Share on other sites

I have deleted your other topics. Do not run things I don't ask for please.

Just do what I asked above..

Share this post


Link to post
Share on other sites

I have deleted your other topics. Do not run things I don't ask for please.

Just do what I asked above..

ok, will do

I can't uninstall it.

Share this post


Link to post
Share on other sites

Hi,

Sorry for the delay.

Please take a screenshot of what happens when you try to uninstall it.

Share this post


Link to post
Share on other sites

I can only run in safe mode and trying to delete in safe mode doesn't do anything. I click and click but the machine does not do anything nor give a message

Share this post


Link to post
Share on other sites

Hi,

How do you know this??

Please grab a fresh copy of ComboFix, run it, and post its log. Run DDS again and post its log.

Share this post


Link to post
Share on other sites

Hello Screen317

I now have internet access in normal mode. I ran rogue kill and it posted the infection I have zero access. I will run combofix and dds again

Share this post


Link to post
Share on other sites

here is dds attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 9/9/2010 12:55:23 PM

System Uptime: 8/8/2012 10:21:27 AM (0 hours ago)

.

Motherboard: eMachines | | ET1350

Processor: AMD Athlon II 160u Processor | CPU 1 | 1808/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 447 GiB total, 393.001 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP115: 5/10/2012 7:34:04 AM - Windows Update

RP116: 5/11/2012 3:00:12 AM - Windows Update

RP117: 5/22/2012 1:48:14 PM - Scheduled Checkpoint

RP118: 5/30/2012 9:04:40 AM - Scheduled Checkpoint

RP119: 6/11/2012 2:09:39 PM - Scheduled Checkpoint

RP120: 7/3/2012 10:57:09 AM - Scheduled Checkpoint

RP121: 7/11/2012 12:00:05 AM - Scheduled Checkpoint

RP122: 7/20/2012 5:12:43 PM - Scheduled Checkpoint

RP123: 8/2/2012 12:37:59 PM - Scheduled Checkpoint

RP124: 8/7/2012 10:08:30 AM - Windows Update

RP125: 8/7/2012 10:20:50 AM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader 9.4.6 MUI

Advertising Center

AppGraffiti

Bejeweled 2 Deluxe

Blackhawk Striker 2

Bob the Builder Can-Do-Zoo

Brother MFL-Pro Suite MFC-8480DN

Build-a-lot 2

Citrix XenApp Plugin for Hosted Apps

Compatibility Pack for the 2007 Office system

CyberLink PowerDVD 9

eBay Worldwide

eMachines Game Console

eMachines Games

eMachines Recovery Management

eMachines Registration

eMachines ScreenSaver

eMachines Updater

Escape Rosecliff Island

Faerie Solitaire

Google Toolbar for Internet Explorer

Google Update Helper

GoToAssist Corporate

Hotkey Utility

Identity Card

ImagXpress

Inbox Toolbar

Internet TV for Windows Media Center

J2SE Runtime Environment 5.0 Update 17

Java Auto Updater

Java 6 Update 29

Jewel Quest Solitaire 3

Juniper Networks Host Checker

Juniper Networks Secure Application Manager

Juniper Networks Setup Client

Junk Mail filter update

Malwarebytes Anti-Malware version 1.62.0.1300

McAfee Agent

McAfee AntiSpyware Enterprise Module

McAfee Host Intrusion Prevention

McAfee SiteAdvisor Enterprise Plus

McAfee VirusScan Enterprise

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Click-to-Run 2010

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Business 2010 - English

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Monopoly

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery P.I. - Lost in Los Angeles

Nero 9 Essentials

Nero ControlCenter

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero StartSmart

Nero StartSmart Help

Nero StartSmart OEM

NeroExpress

neroxml

NVIDIA ForceWare Network Access Manager

Penguins!

Plants vs. Zombies

Polar Bowler

Polar Golfer

Realtek High Definition Audio Driver

RebateInformer

ScanSoft PaperPort 11

Scrabble Plus

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

System Information Reporter

Tweaking.com - Windows Repair (All in One)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Virtual Families

Virtual Villagers - A New Home

Welcome Center

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Media Center Add-in for Flash

Yahoo! BrowserPlus 2.9.8

Yahtzee

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

8/8/2012 10:22:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

8/8/2012 10:22:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/8/2012 10:22:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/8/2012 10:22:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

8/8/2012 10:22:22 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6

8/8/2012 10:22:22 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

8/8/2012 10:22:22 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

8/8/2012 10:22:22 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

8/8/2012 10:22:20 AM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: Netman. This service might not be installed.

8/8/2012 10:20:57 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

8/8/2012 10:14:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

8/7/2012 9:57:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

8/7/2012 9:57:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

8/7/2012 8:48:48 AM, Error: Service Control Manager [7023] - The Power service terminated with the following error: The service has not been started.

8/7/2012 8:48:46 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error The parameter is incorrect..

8/7/2012 8:48:46 AM, Error: Service Control Manager [7003] - The Workstation service depends the following service: NSI. This service might not be installed.

8/7/2012 8:48:46 AM, Error: Service Control Manager [7003] - The Telephony service depends the following service: PlugPlay. This service might not be installed.

8/7/2012 8:48:46 AM, Error: Service Control Manager [7003] - The Network Location Awareness service depends the following service: NSI. This service might not be installed.

8/7/2012 8:48:46 AM, Error: Service Control Manager [7003] - The DNS Client service depends the following service: NSI. This service might not be installed.

8/7/2012 8:48:43 AM, Error: Service Control Manager [7003] - The IP Helper service depends the following service: NSI. This service might not be installed.

8/7/2012 8:48:42 AM, Error: Service Control Manager [7003] - The Windows Driver Foundation - User-mode Driver Framework service depends the following service: PlugPlay. This service might not be installed.

8/7/2012 8:48:42 AM, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: NSI. This service might not be installed.

8/7/2012 8:48:41 AM, Error: Service Control Manager [7003] - The Windows Audio Endpoint Builder service depends the following service: PlugPlay. This service might not be installed.

8/7/2012 8:48:41 AM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

8/7/2012 2:19:01 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer EPC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B91B9BA9-4B3F-4729-B204-73F2C2BCEE58}. The master browser is stopping or an election is being forced.

8/7/2012 11:44:47 AM, Error: Service Control Manager [7023] - The Portable Device Enumerator Service service terminated with the following error: The system cannot find the file specified.

8/7/2012 11:44:45 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

8/7/2012 11:43:29 AM, Error: Service Control Manager [7023] - The Remote Access Connection Manager service terminated with the following error: The system cannot find the file specified.

8/7/2012 11:43:14 AM, Error: Service Control Manager [7023] - The seclogon service terminated with the following error: The specified procedure could not be found.

8/7/2012 11:40:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

8/2/2012 3:50:52 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

8/2/2012 3:50:02 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.

8/2/2012 3:50:00 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

8/2/2012 3:49:11 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

8/2/2012 12:30:33 PM, Error: Service Control Manager [7024] - The Disk Defragmenter service terminated with service-specific error %%-2147023834.

8/1/2012 11:39:52 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

8/1/2012 1:46:52 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service has not been started.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

DDS

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.5.0_17

Run by Receptionist at 10:28:45 on 2012-08-08

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.3203 [GMT -5:00]

.

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\mfevtps.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80273&lng=en

mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=17360910a116p0455v115r4582s216

uURLSearchHooks: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

BHO: : {ccb69577-088b-4004-9ed8-ff5bcc83a039} - C:\PROGRA~2\REBATE~1\RebateI.dll

BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - C:\PROGRA~2\INBOXT~1\Inbox.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"

mRun: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"

mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce: [<NO NAME>]

mRunOnce: [GrpConv] grpconv -o

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

Trusted Zone: agencyanywhere.agency.ni.nwie.net

Trusted Zone: skilldialogue.com

Trusted Zone: skillport.com

DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://logic.live.primorisservices.com/systemInfo/ScriptX/smsx.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {9916D178-71C8-4764-969C-95B9B67A1F76} - hxxps://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB

DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx

DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://agents.nationwide.com/dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{B91B9BA9-4B3F-4729-B204-73F2C2BCEE58} : DhcpNameServer = 75.75.76.76 75.75.75.75

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll

Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~2\REBATE~1\RebateI.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

BHO-X64: : {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~2\REBATE~1\RebateI.dll

BHO-X64: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

TB-X64: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"

mRun-x64: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"

mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

mRun-x64: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce-x64: [(Default)]

mRunOnce-x64: [GrpConv] grpconv -o

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);\??\C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS --> C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS [?]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R3 FirehkMP;FirehkMP;C:\Windows\system32\DRIVERS\firehk.sys --> C:\Windows\system32\DRIVERS\firehk.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

S2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176]

S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-3-25 226624]

S2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-8-25 20792]

S2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-1-12 120128]

S2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2011-5-10 183040]

S2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2010-8-25 66880]

S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

S2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-5-3 243232]

S3 Firehk;McAfee NDIS Intermediate Filter;C:\Windows\system32\DRIVERS\firehk.sys --> C:\Windows\system32\DRIVERS\firehk.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176]

S3 HIPK;McAfee Inc. HIPK;C:\Windows\system32\drivers\HIPK.sys --> C:\Windows\system32\drivers\HIPK.sys [?]

S3 HIPPSK;McAfee Inc. HIPPSK;C:\Windows\system32\drivers\HIPPSK.sys --> C:\Windows\system32\drivers\HIPPSK.sys [?]

S3 HIPQK;McAfee Inc. HIPQK;C:\Windows\system32\drivers\HIPQK.sys --> C:\Windows\system32\drivers\HIPQK.sys [?]

S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S4 enterceptAgent;McAfee Host Intrusion Prevention Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-6-15 1498224]

S4 hips;McAfee HIPSCore Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2011-2-7 39840]

.

=============== Created Last 30 ================

.

2012-08-08 15:22:35 -------- d-sh--w- C:\$RECYCLE.BIN

2012-08-07 16:38:10 -------- d-----w- C:\Windows\SysWow64\wbem\Performance

2012-08-07 16:37:01 303616 ----a-w- C:\SetACL.exe

2012-08-07 16:16:40 290304 ----a-w- C:\subinacl.exe

2012-08-07 16:14:42 -------- d-----w- C:\RegBackup

2012-08-07 15:51:56 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs

2012-08-07 15:51:48 -------- d-----w- C:\Program Files (x86)\Tweaking.com

2012-08-07 15:10:10 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-08-07 15:09:10 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-08-07 15:09:10 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-08-07 13:47:36 -------- d-----w- C:\_OTL

2012-08-02 16:53:00 -------- d-----w- C:\Users\Receptionist\AppData\Roaming\WildTangent

2012-08-02 04:21:07 98816 ----a-w- C:\Windows\sed.exe

2012-08-02 04:21:07 518144 ----a-w- C:\Windows\SWREG.exe

2012-08-02 04:21:07 256000 ----a-w- C:\Windows\PEV.exe

2012-08-02 04:21:07 208896 ----a-w- C:\Windows\MBR.exe

.

==================== Find3M ====================

.

2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

.

============= FINISH: 10:28:59.26 ===============

Share this post


Link to post
Share on other sites

Combofix

ComboFix 12-08-07.05 - Receptionist 08/08/2012 10:15:46.4.1 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.3311 [GMT -5:00]

Running from: J:\ComboFix.exe

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))

.

.

2012-08-08 15:20 . 2012-08-08 15:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-07 16:38 . 2012-08-07 16:38 -------- d-----w- c:\windows\SysWow64\wbem\Performance

2012-08-07 16:37 . 2008-05-08 05:03 303616 ----a-w- C:\SetACL.exe

2012-08-07 16:16 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe

2012-08-07 16:14 . 2012-08-07 16:14 -------- d-----w- C:\RegBackup

2012-08-07 15:51 . 2012-08-07 16:40 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs

2012-08-07 15:51 . 2012-08-07 15:51 -------- d-----w- c:\program files (x86)\Tweaking.com

2012-08-07 15:10 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-08-07 15:10 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-08-07 15:10 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-08-07 15:10 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-08-07 15:09 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-08-07 15:09 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-08-07 13:47 . 2012-08-07 13:47 -------- d-----w- C:\_OTL

2012-08-02 16:53 . 2012-08-02 16:53 -------- d-----w- c:\users\Receptionist\AppData\Roaming\WildTangent

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-03 18:46 . 2011-12-05 20:34 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 08:19 . 2010-09-09 18:30 59701280 ----a-w- c:\windows\system32\MRT.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-08-02_04.41.36 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-05-04 04:11 . 2012-08-07 16:46 41466 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-08-07 16:46 42814 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-09-09 17:57 . 2012-08-07 16:46 11304 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-949684801-2628650921-427860460-1000_UserData.bin

- 2010-09-09 16:51 . 2012-07-24 18:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-09-09 16:51 . 2012-08-07 17:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-09-09 16:51 . 2012-07-24 18:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2012-08-07 16:48 . 2012-08-07 17:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-24 18:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-07 17:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:46 . 2012-08-07 16:49 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2012-05-11 08:12 . 2012-05-11 08:12 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2012-05-11 08:12 . 2012-05-11 08:12 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2012-05-11 08:12 . 2012-05-11 08:12 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2012-05-11 08:11 . 2012-05-11 08:11 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2012-05-11 08:11 . 2012-05-11 08:11 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2012-08-07 15:08 . 2012-08-07 15:08 25600 c:\windows\Installer\a28ac.msi

- 2010-05-04 04:23 . 2012-05-11 08:15 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe

+ 2010-05-04 04:23 . 2012-08-07 15:36 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe

+ 2010-05-04 04:23 . 2012-08-07 15:36 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe

- 2010-05-04 04:23 . 2012-05-11 08:15 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe

- 2010-05-04 04:23 . 2012-05-11 08:15 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe

+ 2010-05-04 04:23 . 2012-08-07 15:36 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe

+ 2012-08-07 17:00 . 2012-08-07 17:00 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\7d8e25020591e95326aa6203a4822838\System.Web.DynamicData.Design.ni.dll

+ 2012-08-07 16:54 . 2012-08-07 16:54 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\278b2cc231c33f587e5b4b20939ebd00\WindowsLiveWriter.ni.exe

+ 2012-08-07 16:54 . 2012-08-07 16:54 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8bfdc50805fabbf41f706229e939bd1d\WindowsLive.Writer.Api.ni.dll

+ 2012-08-07 16:56 . 2012-08-07 16:56 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\9c64ecb6b01e37720f4c0bbce38b2aa9\System.Web.DynamicData.Design.ni.dll

- 2012-08-02 04:41 . 2012-08-02 04:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-08 15:22 . 2012-08-08 15:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-08 15:22 . 2012-08-08 15:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-08-02 04:41 . 2012-08-02 04:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-08-07 15:18 . 2012-06-06 05:03 805376 c:\windows\SysWOW64\cdosys.dll

- 2011-07-01 15:00 . 2010-11-20 12:18 805376 c:\windows\SysWOW64\cdosys.dll

+ 2009-07-14 02:36 . 2012-08-08 15:14 624614 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-08-01 18:54 624614 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-08-01 18:54 106732 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-08-08 15:14 106732 c:\windows\system32\perfc009.dat

- 2009-07-14 04:45 . 2012-05-11 08:34 343576 c:\windows\system32\FNTCACHE.DAT

+ 2009-07-14 04:45 . 2012-08-07 16:42 343576 c:\windows\system32\FNTCACHE.DAT

+ 2012-08-07 15:09 . 2012-08-07 15:09 219368 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\reliability\Sqm\Manifest\Sqm27.bin

+ 2012-04-21 16:03 . 2012-04-21 16:03 616024 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll

+ 2012-08-07 15:19 . 2012-04-23 22:33 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll

- 2012-04-11 12:54 . 2012-01-26 23:31 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll

+ 2012-04-21 16:03 . 2012-04-21 16:03 616024 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll

- 2012-04-11 12:54 . 2012-01-26 23:33 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll

+ 2012-08-07 15:19 . 2012-04-23 22:35 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 616024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2012-05-11 08:11 . 2012-05-11 08:11 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2012-05-11 08:11 . 2012-05-11 08:11 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2012-05-11 08:11 . 2012-05-11 08:11 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2012-05-11 08:11 . 2012-05-11 08:11 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2012-05-11 08:11 . 2012-05-11 08:11 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

+ 2010-05-04 04:23 . 2012-08-07 15:36 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe

- 2010-05-04 04:23 . 2012-05-11 08:15 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe

+ 2010-05-04 04:23 . 2012-08-07 15:36 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe

- 2010-05-04 04:23 . 2012-05-11 08:15 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe

+ 2010-05-04 04:23 . 2012-08-07 15:36 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe

- 2010-05-04 04:23 . 2012-05-11 08:15 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe

+ 2010-05-04 04:23 . 2012-08-07 15:36 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe

- 2010-05-04 04:23 . 2012-05-11 08:15 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe

+ 2012-08-07 17:04 . 2012-08-07 17:04 337408 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\08becdcc9bd647c4e4d07ceea7fe4895\WindowsFormsIntegration.ni.dll

+ 2012-08-07 17:03 . 2012-08-07 17:03 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\ca5505a49a075ee7ad2535f89d9ea992\System.ServiceProcess.ni.dll

+ 2012-08-07 17:03 . 2012-08-07 17:03 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\0d8257087be3e57b071d1d5ccd705c2f\System.Messaging.ni.dll

+ 2012-08-07 17:03 . 2012-08-07 17:03 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\52792a7ce63196551c29f5201562c1ae\System.Configuration.Install.ni.dll

+ 2012-08-07 17:00 . 2012-08-07 17:00 422912 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\097137b03ff37196b4b8ba62db34d64a\Microsoft.VisualBasic.Compatibility.Data.ni.dll

+ 2012-08-07 16:57 . 2012-08-07 16:57 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\44752ffa92ebb7170951a41898d8b9c6\WindowsFormsIntegration.ni.dll

+ 2012-08-07 16:57 . 2012-08-07 16:57 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\5552b27237c3dbe4f21a10e97adf2edc\System.ServiceProcess.ni.dll

+ 2012-08-07 16:57 . 2012-08-07 16:57 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\a730931e386537e3c229e049c9a6d271\System.Messaging.ni.dll

+ 2012-08-07 16:57 . 2012-08-07 16:57 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\c7d60a49e43964b1ae17e9a080376c6d\System.Configuration.Install.ni.dll

+ 2012-08-07 16:56 . 2012-08-07 16:56 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\8cc4dd9babffe370cf375925fba15f84\Microsoft.VisualBasic.Compatibility.Data.ni.dll

+ 2012-08-07 17:00 . 2012-08-07 17:00 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\127710a11855aaf4817f9ab34a25d99e\WindowsFormsIntegration.ni.dll

+ 2012-08-07 17:00 . 2012-08-07 17:00 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\b945c708d9d3d8468fc2631960729f66\TaskScheduler.ni.dll

+ 2012-08-07 17:00 . 2012-08-07 17:00 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\f23ea30ef7d30fd22839a24bc635dcc1\System.Web.Routing.ni.dll

+ 2012-08-07 17:00 . 2012-08-07 17:00 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\b905eb57b631a30c60caa4d68c186963\System.Web.Entity.ni.dll

+ 2012-08-07 17:00 . 2012-08-07 17:00 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\8204bbe8263075e41000513a405ab784\System.Web.Entity.Design.ni.dll

+ 2012-08-07 17:00 . 2012-08-07 17:00 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\4183c7b14c5b1db05505e20d44cb859a\System.Web.DynamicData.ni.dll

+ 2012-08-07 17:00 . 2012-08-07 17:00 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\ec4ed0bbb05d4e714ca5c14278af1977\System.Web.Abstractions.ni.dll

+ 2012-08-07 15:35 . 2012-08-07 15:35 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\1962f8344f19c367f4e0be9f8f5a7972\System.ServiceProcess.ni.dll

+ 2012-08-07 15:40 . 2012-08-07 15:40 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\21286d6c1657bae9cd56f2f9bf2c3732\System.Messaging.ni.dll

+ 2012-08-07 15:35 . 2012-08-07 15:35 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\a76b760d8b987ce161519e1b8bf18fdd\System.Drawing.Design.ni.dll

+ 2012-08-07 16:59 . 2012-08-07 16:59 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\f0d44ee55e2b59a4790766bd501d60f1\napsnap.ni.dll

+ 2012-08-07 16:59 . 2012-08-07 16:59 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\7820503ca6ed2512fc3e3ce3cc690b01\napinit.ni.dll

+ 2012-08-07 16:58 . 2012-08-07 16:58 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\4b5dccc05af5dfbf4986c6a2d1b2b25f\MMCFxCommon.ni.dll

+ 2012-08-07 16:58 . 2012-08-07 16:58 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\e29cbd30a31d3c8dae19eb17f70c4ec4\Microsoft.MediaCenter.iTv.ni.dll

+ 2012-08-07 16:58 . 2012-08-07 16:58 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\409dae089f2e041343cff71f822cd505\Microsoft.MediaCenter.ITVVM.ni.dll

+ 2012-08-07 16:58 . 2012-08-07 16:58 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\c887a7a1b55269a9d11de4b6591b9bd6\Microsoft.ManagementConsole.ni.dll

+ 2012-08-07 16:58 . 2012-08-07 16:58 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\4ae6ccc32dafb4e3765b9db05585bd48\mcplayerinterop.ni.dll

+ 2012-08-07 16:58 . 2012-08-07 16:58 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\b0db345fd62a84c98fd8b0bf3c72e8bb\mcGlidHostObj.ni.dll

+ 2012-08-07 16:58 . 2012-08-07 16:58 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\7a70dae70a2459270fe34d654fd0a178\EventViewer.ni.dll

+ 2012-08-07 15:40 . 2012-08-07 15:40 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\08c9aa18b306aa47ddc0ae4a63b05d04\ehExtHost.ni.exe

+ 2012-08-07 16:55 . 2012-08-07 16:55 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\95836ab912bfc5d3c747555a7560a646\WindowsLiveLocal.WriterPlugin.ni.dll

+ 2012-08-07 16:54 . 2012-08-07 16:54 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f928d0ca788be830178453d279dd5ed0\WindowsLive.Writer.BlogClient.ni.dll

+ 2012-08-07 16:54 . 2012-08-07 16:54 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ec1322da7309cd9028c96ce6126bbbee\WindowsLive.Writer.Controls.ni.dll

+ 2012-08-07 16:55 . 2012-08-07 16:55 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ebf3a9ef8dd1000279e2144ed62d894a\WindowsLive.Writer.SpellChecker.ni.dll

+ 2012-08-07 16:54 . 2012-08-07 16:54 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e215a72afd565232e0c8abfb1755a6cf\WindowsLive.Writer.BrowserControl.ni.dll

+ 2012-08-07 16:54 . 2012-08-07 16:54 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d8ef9a917c6ae2af0629ec779879bd8e\WindowsLive.Writer.Passport.ni.dll

+ 2012-08-07 16:54 . 2012-08-07 16:54 258560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ca7d88bb0ba7c4535653c9a49be437fb\WindowsLive.Writer.Mshtml.ni.dll

+ 2012-08-07 16:55 . 2012-08-07 16:55 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ae7de5bce52289111e50875cd37527f2\WindowsLive.Writer.HtmlEditor.ni.dll

+ 2012-08-07 16:54 . 2012-08-07 16:54 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\91eaa4412030c5f993ae12cee84c8be9\WindowsLive.Writer.Interop.ni.dll

+ 2012-08-07 16:54 . 2012-08-07 16:54 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\24208f8fac7694960209ea4c66d44851\WindowsLive.Writer.Localization.ni.dll

+ 2012-08-07 16:55 . 2012-08-07 16:55 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\23620e2a124c1f1e35d051d4eaa5bd44\WindowsLive.Writer.FileDestinations.ni.dll

+ 2012-08-07 16:54 . 2012-08-07 16:54 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0f8ad334aea37a91359114b604645350\WindowsLive.Writer.Extensibility.ni.dll

+ 2012-08-07 16:55 . 2012-08-07 16:55 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\b77830cad2b699baaba685b94a868b2c\WindowsLive.Client.ni.dll

+ 2012-08-07 16:56 . 2012-08-07 16:56 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\50933f0a7ece72e717ba7d17559df5ef\WindowsFormsIntegration.ni.dll

+ 2012-08-07 16:56 . 2012-08-07 16:56 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\ac7909b6838589158fe3f6a8190018eb\TaskScheduler.ni.dll

+ 2012-08-07 16:56 . 2012-08-07 16:56 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\c7f44adc1a0b2eb2b0636ee4a202419a\System.Web.Routing.ni.dll

+ 2012-08-07 16:56 . 2012-08-07 16:56 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\1d9398c255b8fdb9b9347e463d99a7e3\System.Web.Extensions.Design.ni.dll

+ 2012-08-07 16:56 . 2012-08-07 16:56 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\bc239944bca7cc6b6ddb473259183c7d\System.Web.Entity.ni.dll

+ 2012-08-07 16:56 . 2012-08-07 16:56 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ba3dd9383f752d46e80a33b769dda73d\System.Web.Entity.Design.ni.dll

+ 2012-08-07 16:56 . 2012-08-07 16:56 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b026d4636999893a3c741f1f7e7ccdaf\System.Web.DynamicData.ni.dll

+ 2012-08-07 16:56 . 2012-08-07 16:56 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\24547c0fc525c5e061bb1ae66b965469\System.Web.Abstractions.ni.dll

+ 2012-08-07 15:29 . 2012-08-07 15:29 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\441f16bb7547cc6f2435d43e68002a47\System.ServiceProcess.ni.dll

+ 2012-08-07 16:55 . 2012-08-07 16:55 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\f9a982c40c3d777c1091e3801874acc9\System.Messaging.ni.dll

+ 2012-08-07 15:29 . 2012-08-07 15:29 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\33582b127d761babf8c8cdfe4e43749a\System.Drawing.Design.ni.dll

+ 2012-08-07 16:55 . 2012-08-07 16:55 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\717221d971aeead5d8956225c365ddff\napsnap.ni.dll

+ 2012-08-07 16:55 . 2012-08-07 16:55 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\c22cc9e6e124357491b5a38258973a01\napinit.ni.dll

+ 2012-08-07 16:55 . 2012-08-07 16:55 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\8e2a9204e6166b8b27687560a17f62d9\MMCFxCommon.ni.dll

+ 2012-08-07 16:55 . 2012-08-07 16:55 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\e901c3772777a59b870c0ff1a377f328\Microsoft.ManagementConsole.ni.dll

+ 2012-08-07 16:55 . 2012-08-07 16:55 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\064f94f282dacefe99ee6184ab2f4a1d\EventViewer.ni.dll

+ 2012-08-07 16:55 . 2012-08-07 16:55 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\a6b8eb80cfbdd927b2fa4ecb69fc0209\ehExtHost32.ni.exe

+ 2012-08-07 15:19 . 2012-04-23 22:35 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2012-04-11 12:54 . 2012-01-26 23:33 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2012-08-07 15:18 . 2012-06-06 06:02 1133568 c:\windows\system32\cdosys.dll

- 2011-07-01 15:00 . 2010-11-20 13:25 1133568 c:\windows\system32\cdosys.dll

- 2009-07-14 04:45 . 2012-05-11 08:39 7113258 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2009-07-14 04:45 . 2012-08-07 15:58 7113258 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2012-03-15 18:17 . 2012-03-15 18:17 5029672 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll

+ 2012-03-15 18:17 . 2012-03-15 18:17 5029672 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 5029672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 3825952 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 3825952 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll

- 2012-05-11 08:12 . 2012-05-11 08:12 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll

- 2012-05-11 08:11 . 2012-05-11 08:11 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll

- 2012-05-11 08:11 . 2012-05-11 08:11 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll

- 2012-05-11 08:11 . 2012-05-11 08:11 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll

- 2012-05-11 08:11 . 2012-05-11 08:11 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll

+ 2012-08-07 15:38 . 2012-08-07 15:38 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll

+ 2012-04-23 03:46 . 2012-04-23 03:46 1187328 c:\windows\Installer\13b5be.msp

+ 2012-06-19 17:54 . 2012-06-19 17:54 2239488 c:\windows\Installer\13b5b4.msp

+ 2012-03-15 19:26 . 2012-03-15 19:26 4212736 c:\windows\Installer\13b5a3.msp

+ 2012-04-05 03:37 . 2012-04-05 03:37 2540544 c:\windows\Installer\13b599.msp

- 2010-05-04 04:23 . 2012-05-11 08:15 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe

+ 2010-05-04 04:23 . 2012-08-07 15:36 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe

+ 2011-07-27 10:09 . 2011-07-27 10:09 5310848 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\IPEDITOR.DLL

+ 2012-08-07 17:01 . 2012-08-07 17:01 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\e286701acf74012d3aa4a21953f03b6b\WindowsBase.ni.dll

+ 2012-08-07 17:03 . 2012-08-07 17:03 5645824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\950f64ba9fb22ca06c5b2b9cf6f5f4b4\System.Windows.Forms.DataVisualization.ni.dll

+ 2012-08-07 17:03 . 2012-08-07 17:03 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\d2de16284459454472a6875185c64d08\System.Printing.ni.dll

+ 2012-08-07 17:02 . 2012-08-07 17:02 2305024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\1225ef41527a975de83f22328d0a3b93\System.Drawing.ni.dll

+ 2012-08-07 17:02 . 2012-08-07 17:02 2403328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\ad9ff5d55f7ea22e80c39e0ff0240984\System.Deployment.ni.dll

+ 2012-08-07 17:03 . 2012-08-07 17:03 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\707f90689caf41ad429bf3ad373503cb\System.Activities.Presentation.ni.dll

+ 2012-08-07 17:03 . 2012-08-07 17:03 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\16c9569b75a9f47c38b60ba733936e1a\ReachFramework.ni.dll

+ 2012-08-07 17:02 . 2012-08-07 17:02 2056704 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\9c3d6b3ddef66cac069b6ab1fec514f8\PresentationUI.ni.dll

+ 2012-08-07 17:00 . 2012-08-07 17:00 1843712 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\e4d308f69077903e24de92fe4fc06d29\Microsoft.VisualBasic.Compatibility.ni.dll

+ 2012-08-07 17:00 . 2012-08-07 17:00 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\70e2694fe050bd480b9f61f935ca2da5\Microsoft.VisualBasic.ni.dll

+ 2012-08-07 15:39 . 2012-08-07 15:39 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll

+ 2012-08-07 16:57 . 2012-08-07 16:57 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\7f0476e4df01ca2219f7db531408e91c\System.Windows.Forms.DataVisualization.ni.dll

+ 2012-08-07 16:56 . 2012-08-07 16:56 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\f87f8bc0bc9563096150f23f6c220e7b\System.Printing.ni.dll

+ 2012-08-07 15:40 . 2012-08-07 15:40 1666048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll

+ 2012-08-07 16:56 . 2012-08-07 16:56 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\e899cda47704280f54949c69b78c55cc\System.Deployment.ni.dll

+ 2012-08-07 16:57 . 2012-08-07 16:57 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\36299fad6b7b591cfb6bd9e50dbd33df\System.Activities.Presentation.ni.dll

+ 2012-08-07 16:57 . 2012-08-07 16:57 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\442af6f7c8b447bdec3ad8d23da89c5a\ReachFramework.ni.dll

+ 2012-08-07 16:56 . 2012-08-07 16:56 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\cf455da9b8fedf66767c1a7ab3eea9c9\PresentationUI.ni.dll

+ 2012-08-07 16:56 . 2012-08-07 16:56 1139712 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\2ed0173a2e75b1a3943bd2d96649a50c\Microsoft.VisualBasic.Compatibility.ni.dll

+ 2012-08-07 16:56 . 2012-08-07 16:56 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\09c2f8f606e09d85cfe6e0ad89fbe729\Microsoft.VisualBasic.ni.dll

+ 2012-08-07 17:00 . 2012-08-07 17:00 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\e9007661281ebb2076dda1568381ae25\System.WorkflowServices.ni.dll

+ 2012-08-07 15:35 . 2012-08-07 15:35 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\3bdad8116f2d3b81552cc1f8b028aa6e\System.Workflow.ComponentModel.ni.dll

+ 2012-08-07 15:35 . 2012-08-07 15:35 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\ef43c05e15a8efb4ced6445d1ea35c86\System.Workflow.Activities.ni.dll

+ 2012-08-07 17:00 . 2012-08-07 17:00 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\d20ebdf7ee8b54cd324a0bc8d062259d\System.Web.Mobile.ni.dll

+ 2012-08-07 17:00 . 2012-08-07 17:00 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\fe6df807f6b3184c209e371c885694be\System.Web.Extensions.Design.ni.dll

+ 2012-08-07 17:00 . 2012-08-07 17:00 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\9641252211cf6ab01a5bde58c5f7dba1\System.Web.Extensions.ni.dll

+ 2012-08-07 15:34 . 2012-08-07 15:34 1463808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\b964519964d302b4977e1380d8d15f1a\System.Printing.ni.dll

+ 2012-08-07 15:32 . 2012-08-07 15:32 2318848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\222eb8aa336953a6b0216db2b0c4770d\System.Drawing.ni.dll

+ 2012-08-07 15:32 . 2012-08-07 15:32 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\052d9ef010e4ff1dd46772a8671a7dc1\System.Deployment.ni.dll

+ 2012-08-07 15:34 . 2012-08-07 15:34 3116032 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\1f88a3693c8ddd527a130aff49dc58b3\ReachFramework.ni.dll

+ 2012-08-07 15:34 . 2012-08-07 15:34 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\210745b8ab0d0efb287eec496271c7db\PresentationUI.ni.dll

+ 2012-08-07 16:59 . 2012-08-07 16:59 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\6161ff72aad572608d6459db4375921b\Narrator.ni.exe

+ 2012-08-07 16:59 . 2012-08-07 16:59 2327552 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\1c52385da78998a8c3be3cae7a148e65\MMCEx.ni.dll

+ 2012-08-07 16:58 . 2012-08-07 16:58 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\2e77de04de7574b9c1bf56cfcb31af68\MIGUIControls.ni.dll

+ 2012-08-07 16:59 . 2012-08-07 16:59 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\ed3dbcc90dcd37ed6067aa66280e979e\Microsoft.VisualBasic.ni.dll

+ 2012-08-07 16:59 . 2012-08-07 16:59 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\6caa366471176a065a96d77e8ba01eeb\Microsoft.PowerShell.Commands.Utility.ni.dll

+ 2012-08-07 16:59 . 2012-08-07 16:59 5350912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\679baf265ca0c434c5b9b01dbeb3dd49\Microsoft.PowerShell.Editor.ni.dll

+ 2012-08-07 15:41 . 2012-08-07 15:41 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b2afc0af3d89ae00e973b4e6e9db382c\Microsoft.MediaCenter.ni.dll

+ 2012-08-07 16:57 . 2012-08-07 16:57 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\653e1ee01f10d658d52ca42e17e74283\Microsoft.MediaCenter.UI.ni.dll

+ 2012-08-07 16:59 . 2012-08-07 16:59 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\4a0761608a0c0af58bd3b17bc8aba2d8\Microsoft.MediaCenter.Bml.ni.dll

+ 2012-08-07 16:59 . 2012-08-07 16:59 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\1dfd6aa34b61f94f3222d1ac306ee08e\Microsoft.Ink.ni.dll

+ 2012-08-07 16:59 . 2012-08-07 16:59 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\c61d2050ddb9370ec88f7e0a40e6ec83\Microsoft.Build.Tasks.ni.dll

+ 2012-08-07 16:59 . 2012-08-07 16:59 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\0930c9203145895378b3f948ddbd0640\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2012-08-07 16:57 . 2012-08-07 16:57 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\f5cb40bc7bce93175c5775bed1018c1f\mcstore.ni.dll

+ 2012-08-07 16:54 . 2012-08-07 16:54 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\62576d2c7cf13f472c789326c6eede31\WindowsLive.Writer.CoreServices.ni.dll

+ 2012-08-07 16:54 . 2012-08-07 16:54 6394368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3e976d57ebe9a56883a1a60399244a09\WindowsLive.Writer.PostEditor.ni.dll

+ 2012-08-07 16:54 . 2012-08-07 16:54 1105408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3869496315c69074176f6970175b8357\WindowsLive.Writer.ApplicationFramework.ni.dll

+ 2012-08-07 16:56 . 2012-08-07 16:56 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a23e8a64ca21224f2bea9ca3c3a5a005\System.WorkflowServices.ni.dll

+ 2012-08-07 15:36 . 2012-08-07 15:36 4516352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\0efbc299207e35df9199ca98c7209051\System.Workflow.ComponentModel.ni.dll

+ 2012-08-07 15:35 . 2012-08-07 15:35 2994688 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\12f7432045de0943f05f83ba21ae2795\System.Workflow.Activities.ni.dll

+ 2012-08-07 16:56 . 2012-08-07 16:56 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\238c801e0bbe9ca6b49241e96c9002a0\System.Web.Mobile.ni.dll

+ 2012-08-07 16:56 . 2012-08-07 16:56 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f21d509212c31d51f71b3f750052e9fb\System.Web.Extensions.ni.dll

+ 2012-08-07 15:28 . 2012-08-07 15:28 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\991dbe40be5b114ed705bb5b48e6b330\System.Printing.ni.dll

+ 2012-08-07 15:25 . 2012-08-07 15:25 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

+ 2012-08-07 15:24 . 2012-08-07 15:24 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f5e4446864b34e38af0467fcef6f4283\System.Deployment.ni.dll

+ 2012-08-07 15:28 . 2012-08-07 15:28 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\87f73de6e080d37be93adfc7d5c31d7a\ReachFramework.ni.dll

+ 2012-08-07 15:27 . 2012-08-07 15:27 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\81aacc474fa8eab0acc6e4be332c1bc7\PresentationUI.ni.dll

+ 2012-08-07 16:55 . 2012-08-07 16:55 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\5a1931b757da881a84c3a4a5477a7c20\Narrator.ni.exe

+ 2012-08-07 16:55 . 2012-08-07 16:55 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\1c088fce4f92cbe43503d584fa51af1d\MMCEx.ni.dll

+ 2012-08-07 16:55 . 2012-08-07 16:55 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\8706f5d47b38dac04d0cd230baee4c0d\MIGUIControls.ni.dll

+ 2012-08-07 16:55 . 2012-08-07 16:55 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\ca751192bea68826694e690f3a6b5481\Microsoft.VisualBasic.ni.dll

+ 2012-08-07 16:55 . 2012-08-07 16:55 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\99ae5f32cd1dc3618659bc3c77f2b2a9\Microsoft.PowerShell.Commands.Utility.ni.dll

+ 2012-08-07 16:55 . 2012-08-07 16:55 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4edc9ecb13c33924ae73febac2d41b35\Microsoft.PowerShell.Editor.ni.dll

+ 2012-08-07 16:55 . 2012-08-07 16:55 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\8ce1d10f94b40f054017865757552f2d\Microsoft.MediaCenter.UI.ni.dll

+ 2012-08-07 16:55 . 2012-08-07 16:55 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\7fab1ec8f5ed6a55a8a73b2c590bd7cd\Microsoft.MediaCenter.ni.dll

+ 2012-08-07 16:55 . 2012-08-07 16:55 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\915ffe12bb261ba8ee009f379ba7d086\Microsoft.Ink.ni.dll

+ 2012-08-07 16:55 . 2012-08-07 16:55 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\38ca1e4f14366981e2fb9ef6d977c966\Microsoft.Build.Tasks.ni.dll

+ 2012-08-07 16:55 . 2012-08-07 16:55 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\121a206f90a50c110c3aa561aac4cab1\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2012-08-07 16:55 . 2012-08-07 16:55 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\2ffc241a384334f2f12a89f318d3a82c\mcstore.ni.dll

- 2009-07-14 02:34 . 2012-05-11 08:32 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2009-07-14 02:34 . 2012-08-07 15:47 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2012-08-07 17:03 . 2012-08-07 17:03 17355264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\e883d90a0210bf99ca88f3b4ade53a24\System.Windows.Forms.ni.dll

+ 2012-08-07 17:02 . 2012-08-07 17:02 24407552 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\a3c3789d54894008501ce5891f1eeb40\PresentationFramework.ni.dll

+ 2012-08-07 17:01 . 2012-08-07 17:01 15908864 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\9d69a7a407bbc43a1bcb2da603af5840\PresentationCore.ni.dll

+ 2012-08-07 15:40 . 2012-08-07 15:40 13198336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll

+ 2012-08-07 15:40 . 2012-08-07 15:40 18000896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll

+ 2012-08-07 15:39 . 2012-08-07 15:39 11451904 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll

+ 2012-08-07 15:33 . 2012-08-07 15:33 17379840 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\f0d2181352f262008abe7593454194d8\System.Windows.Forms.ni.dll

+ 2012-08-07 15:34 . 2012-08-07 15:34 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\25d1a444d4ec79a2facc05adf9cd43c1\System.Web.ni.dll

+ 2012-08-07 15:34 . 2012-08-07 15:34 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\15c75736fbf675454ba78309edeb01ee\System.Design.ni.dll

+ 2012-08-07 15:34 . 2012-08-07 15:34 19198464 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\47054c4d5b7e522c21a9d57797410302\PresentationFramework.ni.dll

+ 2012-08-07 15:32 . 2012-08-07 15:32 16543232 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\3a9d13514a8c4c710fa5ce8e9b5393fe\PresentationCore.ni.dll

+ 2012-08-07 16:58 . 2012-08-07 16:58 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\0c1f96a4136efe532bbb8eb91d3de300\ehshell.ni.dll

+ 2012-08-07 15:25 . 2012-08-07 15:25 12433408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\697251a50a103e3d047178c2ab710593\System.Windows.Forms.ni.dll

+ 2012-08-07 15:28 . 2012-08-07 15:28 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\2b07e726c1c19bb8440d82b200fb603b\System.Web.ni.dll

+ 2012-08-07 15:29 . 2012-08-07 15:29 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\bd50eea0424b0f1e4c8b3f5cd79494d1\System.Design.ni.dll

+ 2012-08-07 15:27 . 2012-08-07 15:27 14340608 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll

+ 2012-08-07 15:24 . 2012-08-07 15:24 12237824 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}]

2011-10-25 03:01 832680 ----a-w- c:\progra~2\REBATE~1\RebateI.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2010-03-26 563744]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]

"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]

"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]

"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

R2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 136176]

R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-03-25 226624]

R2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-08-26 20792]

R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

R2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232]

R3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\DRIVERS\firehk.sys [2008-10-17 56648]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 136176]

R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2010-06-15 138904]

R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2010-06-15 45424]

R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2010-06-15 40152]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-19 100520]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-09 1255736]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

R4 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-06-15 1498224]

R4 hips;McAfee HIPSCore Service;c:\program files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2010-06-15 39840]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-19 281416]

S1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);c:\windows\system32\Drivers\NEOFLTR_650_15991.SYS [2010-06-08 100472]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-04-19 156248]

S3 FirehkMP;FirehkMP;c:\windows\system32\DRIVERS\firehk.sys [2008-10-17 56648]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 19:38]

.

2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 19:38]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80273&lng=en

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=17360910a116p0455v115r4582s216

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: agencyanywhere.agency.ni.nwie.net

Trusted Zone: skilldialogue.com

Trusted Zone: skillport.com

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - c:\progra~2\REBATE~1\RebateI.dll

DPF: {9916D178-71C8-4764-969C-95B9B67A1F76} - hxxps://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Network Associates]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

Completion time: 2012-08-08 10:26:35 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-08 15:26

ComboFix2.txt 2012-08-07 14:56

ComboFix3.txt 2012-08-07 13:45

ComboFix4.txt 2012-08-02 04:45

.

Pre-Run: 422,211,252,224 bytes free

Post-Run: 421,905,850,368 bytes free

.

- - End Of File - - 3D316B788D4208635134D87D77C22533

Share this post


Link to post
Share on other sites

Hi,

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Export the threats found (if any), and post them here.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Share this post


Link to post
Share on other sites

here are the reports

13:57:05.0131 0980 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

13:57:05.0692 0980 ============================================================

13:57:05.0692 0980 Current date / time: 2012/08/08 13:57:05.0692

13:57:05.0692 0980 SystemInfo:

13:57:05.0692 0980

13:57:05.0692 0980 OS Version: 6.1.7601 ServicePack: 1.0

13:57:05.0692 0980 Product type: Workstation

13:57:05.0692 0980 ComputerName: RECEPTIONIST-PC

13:57:05.0692 0980 UserName: Receptionist

13:57:05.0692 0980 Windows directory: C:\Windows

13:57:05.0692 0980 System windows directory: C:\Windows

13:57:05.0692 0980 Running under WOW64

13:57:05.0692 0980 Processor architecture: Intel x64

13:57:05.0692 0980 Number of processors: 1

13:57:05.0692 0980 Page size: 0x1000

13:57:05.0692 0980 Boot type: Safe boot with network

13:57:05.0692 0980 ============================================================

13:57:06.0566 0980 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:57:06.0566 0980 Drive \Device\Harddisk6\DR6 - Size: 0x7B00000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

13:57:06.0566 0980 ============================================================

13:57:06.0566 0980 \Device\Harddisk0\DR0:

13:57:06.0566 0980 MBR partitions:

13:57:06.0566 0980 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2600800, BlocksNum 0x32000

13:57:06.0566 0980 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2632800, BlocksNum 0x37D53000

13:57:06.0566 0980 \Device\Harddisk6\DR6:

13:57:06.0566 0980 MBR partitions:

13:57:06.0566 0980 \Device\Harddisk6\DR6\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x3D7C1

13:57:06.0566 0980 ============================================================

13:57:06.0597 0980 C: <-> \Device\Harddisk0\DR0\Partition1

13:57:06.0597 0980 ============================================================

13:57:06.0597 0980 Initialize success

13:57:06.0597 0980 ============================================================

13:57:18.0422 1176 ============================================================

13:57:18.0422 1176 Scan started

13:57:18.0422 1176 Mode: Manual;

13:57:18.0422 1176 ============================================================

13:57:19.0171 1176 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

13:57:19.0171 1176 1394ohci - ok

13:57:19.0202 1176 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

13:57:19.0218 1176 ACPI - ok

13:57:19.0249 1176 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

13:57:19.0249 1176 AcpiPmi - ok

13:57:19.0296 1176 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

13:57:19.0311 1176 adp94xx - ok

13:57:19.0327 1176 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

13:57:19.0342 1176 adpahci - ok

13:57:19.0358 1176 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

13:57:19.0374 1176 adpu320 - ok

13:57:19.0405 1176 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

13:57:19.0420 1176 AeLookupSvc - ok

13:57:19.0483 1176 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

13:57:19.0498 1176 AFD - ok

13:57:19.0530 1176 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

13:57:19.0530 1176 agp440 - ok

13:57:19.0561 1176 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

13:57:19.0561 1176 ALG - ok

13:57:19.0576 1176 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

13:57:19.0576 1176 aliide - ok

13:57:19.0592 1176 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

13:57:19.0592 1176 amdide - ok

13:57:19.0623 1176 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

13:57:19.0623 1176 AmdK8 - ok

13:57:19.0639 1176 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

13:57:19.0639 1176 AmdPPM - ok

13:57:19.0670 1176 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

13:57:19.0670 1176 amdsata - ok

13:57:19.0686 1176 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

13:57:19.0686 1176 amdsbs - ok

13:57:19.0717 1176 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

13:57:19.0717 1176 amdxata - ok

13:57:19.0748 1176 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

13:57:19.0748 1176 AppID - ok

13:57:19.0779 1176 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

13:57:19.0779 1176 AppIDSvc - ok

13:57:19.0810 1176 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

13:57:19.0810 1176 arc - ok

13:57:19.0826 1176 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

13:57:19.0826 1176 arcsas - ok

13:57:19.0857 1176 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

13:57:19.0857 1176 AsyncMac - ok

13:57:19.0888 1176 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

13:57:19.0904 1176 atapi - ok

13:57:19.0966 1176 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

13:57:19.0982 1176 AudioEndpointBuilder - ok

13:57:19.0998 1176 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

13:57:19.0998 1176 AudioSrv - ok

13:57:20.0044 1176 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

13:57:20.0044 1176 b06bdrv - ok

13:57:20.0091 1176 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

13:57:20.0091 1176 b57nd60a - ok

13:57:20.0138 1176 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

13:57:20.0138 1176 BDESVC - ok

13:57:20.0138 1176 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

13:57:20.0138 1176 Beep - ok

13:57:20.0232 1176 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

13:57:20.0232 1176 BFE - ok

13:57:20.0310 1176 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

13:57:20.0356 1176 BITS - ok

13:57:20.0388 1176 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

13:57:20.0388 1176 blbdrive - ok

13:57:20.0419 1176 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

13:57:20.0419 1176 bowser - ok

13:57:20.0450 1176 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

13:57:20.0450 1176 BrFiltLo - ok

13:57:20.0466 1176 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

13:57:20.0466 1176 BrFiltUp - ok

13:57:20.0497 1176 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

13:57:20.0497 1176 BridgeMP - ok

13:57:20.0544 1176 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

13:57:20.0544 1176 Browser - ok

13:57:20.0575 1176 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

13:57:20.0575 1176 Brserid - ok

13:57:20.0590 1176 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

13:57:20.0590 1176 BrSerWdm - ok

13:57:20.0606 1176 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

13:57:20.0606 1176 BrUsbMdm - ok

13:57:20.0606 1176 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

13:57:20.0606 1176 BrUsbSer - ok

13:57:20.0637 1176 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

13:57:20.0637 1176 BTHMODEM - ok

13:57:20.0684 1176 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

13:57:20.0684 1176 bthserv - ok

13:57:20.0715 1176 catchme - ok

13:57:20.0731 1176 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

13:57:20.0731 1176 cdfs - ok

13:57:20.0778 1176 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

13:57:20.0778 1176 cdrom - ok

13:57:20.0824 1176 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

13:57:20.0824 1176 CertPropSvc - ok

13:57:20.0856 1176 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

13:57:20.0856 1176 circlass - ok

13:57:20.0887 1176 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

13:57:20.0887 1176 CLFS - ok

13:57:20.0949 1176 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:57:20.0949 1176 clr_optimization_v2.0.50727_32 - ok

13:57:20.0996 1176 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

13:57:20.0996 1176 clr_optimization_v2.0.50727_64 - ok

13:57:21.0074 1176 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:57:21.0090 1176 clr_optimization_v4.0.30319_32 - ok

13:57:21.0136 1176 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

13:57:21.0136 1176 clr_optimization_v4.0.30319_64 - ok

13:57:21.0152 1176 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

13:57:21.0152 1176 CmBatt - ok

13:57:21.0168 1176 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

13:57:21.0168 1176 cmdide - ok

13:57:21.0214 1176 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

13:57:21.0230 1176 CNG - ok

13:57:21.0246 1176 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

13:57:21.0246 1176 Compbatt - ok

13:57:21.0277 1176 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

13:57:21.0277 1176 CompositeBus - ok

13:57:21.0292 1176 COMSysApp - ok

13:57:21.0308 1176 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

13:57:21.0308 1176 crcdisk - ok

13:57:21.0355 1176 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

13:57:21.0355 1176 CryptSvc - ok

13:57:21.0480 1176 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

13:57:21.0495 1176 cvhsvc - ok

13:57:21.0542 1176 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

13:57:21.0573 1176 DcomLaunch - ok

13:57:21.0620 1176 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

13:57:21.0620 1176 defragsvc - ok

13:57:21.0682 1176 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

13:57:21.0682 1176 DfsC - ok

13:57:21.0714 1176 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

13:57:21.0729 1176 Dhcp - ok

13:57:21.0745 1176 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

13:57:21.0745 1176 discache - ok

13:57:21.0776 1176 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

13:57:21.0792 1176 Disk - ok

13:57:21.0823 1176 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

13:57:21.0823 1176 Dnscache - ok

13:57:21.0870 1176 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

13:57:21.0870 1176 dot3svc - ok

13:57:21.0885 1176 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

13:57:21.0901 1176 DPS - ok

13:57:21.0916 1176 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

13:57:21.0916 1176 drmkaud - ok

13:57:21.0979 1176 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

13:57:21.0994 1176 DXGKrnl - ok

13:57:22.0026 1176 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

13:57:22.0026 1176 EapHost - ok

13:57:22.0150 1176 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

13:57:22.0213 1176 ebdrv - ok

13:57:22.0306 1176 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

13:57:22.0306 1176 EFS - ok

13:57:22.0369 1176 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

13:57:22.0384 1176 ehRecvr - ok

13:57:22.0400 1176 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

13:57:22.0400 1176 ehSched - ok

13:57:22.0572 1176 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

13:57:22.0587 1176 elxstor - ok

13:57:23.0211 1176 enterceptAgent (c3d8c7e58d6194286a6d3985cabf19e7) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe

13:57:23.0305 1176 enterceptAgent - ok

13:57:23.0398 1176 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

13:57:23.0398 1176 ErrDev - ok

13:57:23.0461 1176 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

13:57:23.0476 1176 EventSystem - ok

13:57:23.0508 1176 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

13:57:23.0523 1176 exfat - ok

13:57:23.0554 1176 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

13:57:23.0554 1176 fastfat - ok

13:57:23.0617 1176 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

13:57:23.0632 1176 Fax - ok

13:57:23.0664 1176 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

13:57:23.0664 1176 fdc - ok

13:57:23.0679 1176 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

13:57:23.0679 1176 fdPHost - ok

13:57:23.0695 1176 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

13:57:23.0695 1176 FDResPub - ok

13:57:23.0710 1176 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

13:57:23.0710 1176 FileInfo - ok

13:57:23.0742 1176 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

13:57:23.0742 1176 Filetrace - ok

13:57:23.0788 1176 Firehk (04eb7c3063834c50fef94ae77b05cbf9) C:\Windows\system32\DRIVERS\firehk.sys

13:57:23.0788 1176 Firehk - ok

13:57:23.0788 1176 FirehkMP (04eb7c3063834c50fef94ae77b05cbf9) C:\Windows\system32\DRIVERS\firehk.sys

13:57:23.0804 1176 FirehkMP - ok

13:57:23.0835 1176 firelm01 (91c7c2c38d51a1ab25f909189a2c2db9) C:\Windows\system32\drivers\firelm01.sys

13:57:23.0835 1176 firelm01 - ok

13:57:23.0851 1176 FirePM (7a5af3ee86bbb96a5b2c96facbfe124f) C:\Windows\system32\Drivers\FirePM.sys

13:57:23.0866 1176 FirePM - ok

13:57:23.0882 1176 FireTDI (9d0071cb93c9cebfb927f443c75e3251) C:\Windows\system32\Drivers\FireTDI.sys

13:57:23.0882 1176 FireTDI - ok

13:57:23.0913 1176 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

13:57:23.0913 1176 flpydisk - ok

13:57:23.0960 1176 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

13:57:23.0976 1176 FltMgr - ok

13:57:24.0022 1176 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

13:57:24.0022 1176 FontCache3.0.0.0 - ok

13:57:24.0100 1176 ForceWare Intelligent Application Manager (IAM) (52b58a46beefb238c580b69fd051cb5b) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

13:57:24.0132 1176 ForceWare Intelligent Application Manager (IAM) - ok

13:57:24.0147 1176 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

13:57:24.0147 1176 FsDepends - ok

13:57:24.0178 1176 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

13:57:24.0178 1176 Fs_Rec - ok

13:57:24.0225 1176 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

13:57:24.0241 1176 fvevol - ok

13:57:24.0256 1176 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

13:57:24.0256 1176 gagp30kx - ok

13:57:24.0319 1176 GameConsoleService (6858c318e8daa40e747e6fb9b214e104) C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe

13:57:24.0319 1176 GameConsoleService - ok

13:57:24.0381 1176 GoToAssist (409e81656712cef82d9bc4d527bb3a81) C:\Program Files (x86)\Citrix\GoToAssist\705\g2aservice.exe

13:57:24.0381 1176 GoToAssist - ok

13:57:24.0444 1176 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

13:57:24.0459 1176 gpsvc - ok

13:57:24.0537 1176 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe

13:57:24.0553 1176 Greg_Service - ok

13:57:24.0615 1176 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

13:57:24.0615 1176 gupdate - ok

13:57:24.0646 1176 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

13:57:24.0646 1176 gupdatem - ok

13:57:24.0678 1176 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

13:57:24.0678 1176 gusvc - ok

13:57:24.0771 1176 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

13:57:24.0771 1176 hcw85cir - ok

13:57:24.0834 1176 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

13:57:24.0849 1176 HdAudAddService - ok

13:57:24.0880 1176 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

13:57:24.0880 1176 HDAudBus - ok

13:57:24.0896 1176 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

13:57:24.0896 1176 HidBatt - ok

13:57:24.0912 1176 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

13:57:24.0912 1176 HidBth - ok

13:57:24.0927 1176 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

13:57:24.0927 1176 HidIr - ok

13:57:24.0943 1176 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

13:57:24.0943 1176 hidserv - ok

13:57:24.0974 1176 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

13:57:24.0974 1176 HidUsb - ok

13:57:25.0005 1176 HIPK (a5fa050ff3a5f3630c2598d32e339def) C:\Windows\system32\drivers\HIPK.sys

13:57:25.0021 1176 HIPK - ok

13:57:25.0036 1176 HIPPSK (e8eb147dc272dba6f0eba31d17e752c6) C:\Windows\system32\drivers\HIPPSK.sys

13:57:25.0036 1176 HIPPSK - ok

13:57:25.0052 1176 HIPQK (1f95e665632a39ac57e1c605e49c5816) C:\Windows\system32\drivers\HIPQK.sys

13:57:25.0052 1176 HIPQK - ok

13:57:25.0146 1176 hips (44cd99a1b57827ed9e98851b0baee851) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe

13:57:25.0146 1176 hips - ok

13:57:25.0177 1176 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

13:57:25.0177 1176 hkmsvc - ok

13:57:25.0224 1176 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

13:57:25.0224 1176 HomeGroupListener - ok

13:57:25.0255 1176 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

13:57:25.0255 1176 HomeGroupProvider - ok

13:57:25.0270 1176 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

13:57:25.0270 1176 HpSAMD - ok

13:57:25.0333 1176 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

13:57:25.0364 1176 HTTP - ok

13:57:25.0395 1176 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

13:57:25.0395 1176 hwpolicy - ok

13:57:25.0411 1176 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

13:57:25.0411 1176 i8042prt - ok

13:57:25.0458 1176 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

13:57:25.0473 1176 iaStorV - ok

13:57:25.0551 1176 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

13:57:25.0567 1176 idsvc - ok

13:57:25.0614 1176 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

13:57:25.0614 1176 iirsp - ok

13:57:25.0676 1176 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

13:57:25.0692 1176 IKEEXT - ok

13:57:25.0801 1176 IntcAzAudAddService (2e3b99e8c23be2bf32ebe1db5261f275) C:\Windows\system32\drivers\RTKVHD64.sys

13:57:25.0848 1176 IntcAzAudAddService - ok

13:57:25.0926 1176 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

13:57:25.0926 1176 intelide - ok

13:57:25.0957 1176 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

13:57:25.0957 1176 intelppm - ok

13:57:25.0988 1176 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:57:26.0004 1176 IpFilterDriver - ok

13:57:26.0035 1176 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

13:57:26.0050 1176 iphlpsvc - ok

13:57:26.0066 1176 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

13:57:26.0066 1176 IPMIDRV - ok

13:57:26.0082 1176 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

13:57:26.0082 1176 IPNAT - ok

13:57:26.0113 1176 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

13:57:26.0113 1176 IRENUM - ok

13:57:26.0128 1176 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

13:57:26.0128 1176 isapnp - ok

13:57:26.0160 1176 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

13:57:26.0160 1176 iScsiPrt - ok

13:57:26.0191 1176 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

13:57:26.0191 1176 kbdclass - ok

13:57:26.0222 1176 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

13:57:26.0222 1176 kbdhid - ok

13:57:26.0253 1176 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:57:26.0253 1176 KeyIso - ok

13:57:26.0269 1176 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

13:57:26.0269 1176 KSecDD - ok

13:57:26.0316 1176 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

13:57:26.0316 1176 KSecPkg - ok

13:57:26.0331 1176 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

13:57:26.0331 1176 ksthunk - ok

13:57:26.0378 1176 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

13:57:26.0394 1176 KtmRm - ok

13:57:26.0440 1176 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

13:57:26.0456 1176 LanmanServer - ok

13:57:26.0487 1176 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

13:57:26.0503 1176 LanmanWorkstation - ok

13:57:26.0534 1176 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

13:57:26.0534 1176 lltdio - ok

13:57:26.0581 1176 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

13:57:26.0581 1176 lltdsvc - ok

13:57:26.0612 1176 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

13:57:26.0612 1176 lmhosts - ok

13:57:26.0643 1176 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

13:57:26.0643 1176 LSI_FC - ok

13:57:26.0674 1176 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

13:57:26.0674 1176 LSI_SAS - ok

13:57:26.0690 1176 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

13:57:26.0690 1176 LSI_SAS2 - ok

13:57:26.0690 1176 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

13:57:26.0706 1176 LSI_SCSI - ok

13:57:26.0721 1176 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

13:57:26.0737 1176 luafv - ok

13:57:26.0815 1176 McAfee SiteAdvisor Enterprise Service (20f77f14fe972aa028454047632b2ac8) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe

13:57:26.0815 1176 McAfee SiteAdvisor Enterprise Service - ok

13:57:26.0877 1176 McAfeeEngineService (5d992ca633358dd0e7a16d88829da087) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe

13:57:26.0877 1176 McAfeeEngineService - ok

13:57:26.0924 1176 McAfeeFramework (062d80f13d762f7bc2f38430d60f5048) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

13:57:26.0924 1176 McAfeeFramework - ok

13:57:26.0955 1176 McShield (40e2dab104501594c8f93fa7bdfd3596) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe

13:57:26.0955 1176 McShield - ok

13:57:26.0986 1176 McTaskManager (3077feefa81b025390092f7fbf2b51c5) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe

13:57:26.0986 1176 McTaskManager - ok

13:57:27.0033 1176 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

13:57:27.0033 1176 Mcx2Svc - ok

13:57:27.0064 1176 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

13:57:27.0064 1176 megasas - ok

13:57:27.0080 1176 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

13:57:27.0080 1176 MegaSR - ok

13:57:27.0127 1176 mfeapfk (648ec36615abf5ae20e4ef61fedb6b9c) C:\Windows\system32\drivers\mfeapfk.sys

13:57:27.0127 1176 mfeapfk - ok

13:57:27.0174 1176 mfeavfk (93e8625f4f7eb387091557696390a1fc) C:\Windows\system32\drivers\mfeavfk.sys

13:57:27.0189 1176 mfeavfk - ok

13:57:27.0220 1176 mfehidk (dc8c7417254a4f8febdd1257db351147) C:\Windows\system32\drivers\mfehidk.sys

13:57:27.0236 1176 mfehidk - ok

13:57:27.0267 1176 mferkdet (1ee3c78d14024ca7adaa0af53a0037cd) C:\Windows\system32\drivers\mferkdet.sys

13:57:27.0267 1176 mferkdet - ok

13:57:27.0283 1176 mfetdik (b6170fad509317a963be6d4c2e104d2f) C:\Windows\system32\drivers\mfetdik.sys

13:57:27.0283 1176 mfetdik - ok

13:57:27.0330 1176 mfevtp (e1e2edc7753f6a264e0ab77c9ee873d0) C:\Windows\system32\mfevtps.exe

13:57:27.0330 1176 mfevtp - ok

13:57:27.0361 1176 mfewfpk (c0505a334ca4072fd71e7645910699cb) C:\Windows\system32\drivers\mfewfpk.sys

13:57:27.0376 1176 mfewfpk - ok

13:57:27.0408 1176 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

13:57:27.0408 1176 MMCSS - ok

13:57:27.0423 1176 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

13:57:27.0423 1176 Modem - ok

13:57:27.0454 1176 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

13:57:27.0454 1176 monitor - ok

13:57:27.0501 1176 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

13:57:27.0501 1176 mouclass - ok

13:57:27.0517 1176 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

13:57:27.0517 1176 mouhid - ok

13:57:27.0564 1176 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

13:57:27.0564 1176 mountmgr - ok

13:57:27.0595 1176 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

13:57:27.0595 1176 mpio - ok

13:57:27.0626 1176 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

13:57:27.0626 1176 mpsdrv - ok

13:57:27.0704 1176 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

13:57:27.0720 1176 MpsSvc - ok

13:57:27.0751 1176 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

13:57:27.0766 1176 MRxDAV - ok

13:57:27.0798 1176 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:57:27.0798 1176 mrxsmb - ok

13:57:27.0844 1176 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:57:27.0844 1176 mrxsmb10 - ok

13:57:27.0876 1176 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:57:27.0876 1176 mrxsmb20 - ok

13:57:27.0891 1176 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

13:57:27.0891 1176 msahci - ok

13:57:27.0938 1176 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

13:57:27.0938 1176 msdsm - ok

13:57:27.0969 1176 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

13:57:27.0969 1176 MSDTC - ok

13:57:28.0000 1176 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

13:57:28.0000 1176 Msfs - ok

13:57:28.0032 1176 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

13:57:28.0032 1176 mshidkmdf - ok

13:57:28.0063 1176 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

13:57:28.0063 1176 msisadrv - ok

13:57:28.0094 1176 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

13:57:28.0094 1176 MSiSCSI - ok

13:57:28.0110 1176 msiserver - ok

13:57:28.0125 1176 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

13:57:28.0125 1176 MSKSSRV - ok

13:57:28.0172 1176 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

13:57:28.0172 1176 MSPCLOCK - ok

13:57:28.0172 1176 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

13:57:28.0172 1176 MSPQM - ok

13:57:28.0219 1176 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

13:57:28.0234 1176 MsRPC - ok

13:57:28.0266 1176 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

13:57:28.0266 1176 mssmbios - ok

13:57:28.0266 1176 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

13:57:28.0281 1176 MSTEE - ok

13:57:28.0281 1176 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

13:57:28.0281 1176 MTConfig - ok

13:57:28.0312 1176 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

13:57:28.0312 1176 Mup - ok

13:57:28.0344 1176 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

13:57:28.0359 1176 napagent - ok

13:57:28.0390 1176 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

13:57:28.0406 1176 NativeWifiP - ok

13:57:28.0484 1176 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

13:57:28.0500 1176 NDIS - ok

13:57:28.0515 1176 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

13:57:28.0515 1176 NdisCap - ok

13:57:28.0531 1176 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

13:57:28.0531 1176 NdisTapi - ok

13:57:28.0578 1176 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

13:57:28.0578 1176 Ndisuio - ok

13:57:28.0609 1176 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

13:57:28.0609 1176 NdisWan - ok

13:57:28.0656 1176 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

13:57:28.0656 1176 NDProxy - ok

13:57:28.0702 1176 NEOFLTR_650_15991 (85e3df39b5c7f5249efd120907c0e2d2) C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS

13:57:28.0702 1176 NEOFLTR_650_15991 - ok

13:57:28.0812 1176 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

13:57:28.0827 1176 Nero BackItUp Scheduler 4.0 - ok

13:57:28.0858 1176 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

13:57:28.0858 1176 NetBIOS - ok

13:57:28.0890 1176 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

13:57:28.0890 1176 NetBT - ok

13:57:28.0936 1176 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:57:28.0936 1176 Netlogon - ok

13:57:28.0983 1176 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:57:28.0983 1176 NetTcpPortSharing - ok

13:57:29.0014 1176 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

13:57:29.0014 1176 nfrd960 - ok

13:57:29.0061 1176 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

13:57:29.0061 1176 NlaSvc - ok

13:57:29.0092 1176 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

13:57:29.0092 1176 Npfs - ok

13:57:29.0139 1176 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

13:57:29.0139 1176 nsi - ok

13:57:29.0155 1176 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

13:57:29.0155 1176 nsiproxy - ok

13:57:29.0233 1176 nSvcIp (20e179a7fe78b37a02d30c4d34c870e7) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

13:57:29.0233 1176 nSvcIp - ok

13:57:29.0326 1176 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

13:57:29.0342 1176 Ntfs - ok

13:57:29.0436 1176 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

13:57:29.0436 1176 Null - ok

13:57:29.0467 1176 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

13:57:29.0467 1176 NVENETFD - ok

13:57:29.0872 1176 nvlddmkm (4628fa8f0cc0d509bc14a223e99d36f3) C:\Windows\system32\DRIVERS\nvlddmkm.sys

13:57:30.0075 1176 nvlddmkm - ok

13:57:30.0153 1176 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys

13:57:30.0153 1176 NVNET - ok

13:57:30.0200 1176 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

13:57:30.0200 1176 nvraid - ok

13:57:30.0247 1176 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

13:57:30.0247 1176 nvstor - ok

13:57:30.0262 1176 nvsvc (703f996312202d84663f7c8584acaf55) C:\Windows\system32\nvvsvc.exe

13:57:30.0278 1176 nvsvc - ok

13:57:30.0294 1176 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

13:57:30.0309 1176 nv_agp - ok

13:57:30.0387 1176 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

13:57:30.0403 1176 odserv - ok

13:57:30.0434 1176 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

13:57:30.0434 1176 ohci1394 - ok

13:57:30.0465 1176 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:57:30.0465 1176 ose - ok

13:57:30.0684 1176 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

13:57:30.0762 1176 osppsvc - ok

13:57:30.0840 1176 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

13:57:30.0871 1176 p2pimsvc - ok

13:57:30.0902 1176 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

13:57:30.0902 1176 p2psvc - ok

13:57:30.0949 1176 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

13:57:30.0949 1176 Parport - ok

13:57:30.0980 1176 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

13:57:30.0980 1176 partmgr - ok

13:57:30.0996 1176 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

13:57:31.0011 1176 PcaSvc - ok

13:57:31.0042 1176 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

13:57:31.0042 1176 pci - ok

13:57:31.0058 1176 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

13:57:31.0058 1176 pciide - ok

13:57:31.0089 1176 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

13:57:31.0105 1176 pcmcia - ok

13:57:31.0120 1176 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

13:57:31.0120 1176 pcw - ok

13:57:31.0167 1176 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

13:57:31.0167 1176 PEAUTH - ok

13:57:31.0245 1176 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

13:57:31.0261 1176 PerfHost - ok

13:57:31.0354 1176 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

13:57:31.0370 1176 pla - ok

13:57:31.0448 1176 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

13:57:31.0464 1176 PlugPlay - ok

13:57:31.0495 1176 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

13:57:31.0495 1176 PNRPAutoReg - ok

13:57:31.0557 1176 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

13:57:31.0573 1176 PolicyAgent - ok

13:57:31.0604 1176 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

13:57:31.0604 1176 Power - ok

13:57:31.0666 1176 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

13:57:31.0666 1176 PptpMiniport - ok

13:57:31.0698 1176 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

13:57:31.0698 1176 Processor - ok

13:57:31.0729 1176 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

13:57:31.0729 1176 ProfSvc - ok

13:57:31.0760 1176 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:57:31.0760 1176 ProtectedStorage - ok

13:57:31.0807 1176 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

13:57:31.0807 1176 Psched - ok

13:57:31.0885 1176 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

13:57:31.0900 1176 ql2300 - ok

13:57:31.0963 1176 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

13:57:31.0963 1176 ql40xx - ok

13:57:31.0994 1176 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

13:57:31.0994 1176 QWAVEdrv - ok

13:57:31.0994 1176 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

13:57:31.0994 1176 RasAcd - ok

13:57:32.0025 1176 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

13:57:32.0025 1176 RasAgileVpn - ok

13:57:32.0041 1176 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

13:57:32.0056 1176 RasAuto - ok

13:57:32.0072 1176 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:57:32.0072 1176 Rasl2tp - ok

13:57:32.0119 1176 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

13:57:32.0119 1176 RasPppoe - ok

13:57:32.0134 1176 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

13:57:32.0134 1176 RasSstp - ok

13:57:32.0181 1176 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

13:57:32.0181 1176 rdbss - ok

13:57:32.0197 1176 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

13:57:32.0212 1176 rdpbus - ok

13:57:32.0228 1176 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:57:32.0228 1176 RDPCDD - ok

13:57:32.0244 1176 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

13:57:32.0244 1176 RDPENCDD - ok

13:57:32.0259 1176 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

13:57:32.0259 1176 RDPREFMP - ok

13:57:32.0306 1176 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

13:57:32.0306 1176 RDPWD - ok

13:57:32.0337 1176 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

13:57:32.0337 1176 rdyboost - ok

13:57:32.0384 1176 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

13:57:32.0384 1176 RemoteAccess - ok

13:57:32.0400 1176 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

13:57:32.0400 1176 RemoteRegistry - ok

13:57:32.0462 1176 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

13:57:32.0462 1176 RpcEptMapper - ok

13:57:32.0493 1176 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

13:57:32.0493 1176 RpcLocator - ok

13:57:32.0540 1176 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll

13:57:32.0540 1176 RpcSs - ok

13:57:32.0556 1176 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

13:57:32.0556 1176 rspndr - ok

13:57:32.0602 1176 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:57:32.0602 1176 SamSs - ok

13:57:32.0634 1176 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

13:57:32.0634 1176 sbp2port - ok

13:57:32.0665 1176 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

13:57:32.0665 1176 SCardSvr - ok

13:57:32.0696 1176 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

13:57:32.0696 1176 scfilter - ok

13:57:32.0774 1176 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

13:57:32.0790 1176 Schedule - ok

13:57:32.0836 1176 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

13:57:32.0836 1176 SCPolicySvc - ok

13:57:32.0852 1176 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

13:57:32.0868 1176 SDRSVC - ok

13:57:32.0899 1176 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

13:57:32.0914 1176 secdrv - ok

13:57:32.0961 1176 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

13:57:32.0961 1176 seclogon - ok

13:57:32.0992 1176 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

13:57:32.0992 1176 Serenum - ok

13:57:33.0008 1176 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

13:57:33.0008 1176 Serial - ok

13:57:33.0055 1176 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

13:57:33.0055 1176 sermouse - ok

13:57:33.0102 1176 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

13:57:33.0102 1176 sffdisk - ok

13:57:33.0117 1176 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

13:57:33.0117 1176 sffp_mmc - ok

13:57:33.0133 1176 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

13:57:33.0133 1176 sffp_sd - ok

13:57:33.0133 1176 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

13:57:33.0133 1176 sfloppy - ok

13:57:33.0211 1176 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

13:57:33.0226 1176 Sftfs - ok

13:57:33.0336 1176 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

13:57:33.0336 1176 sftlist - ok

13:57:33.0367 1176 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

13:57:33.0382 1176 Sftplay - ok

13:57:33.0398 1176 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

13:57:33.0398 1176 Sftredir - ok

13:57:33.0414 1176 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

13:57:33.0414 1176 Sftvol - ok

13:57:33.0429 1176 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

13:57:33.0445 1176 sftvsa - ok

13:57:33.0476 1176 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

13:57:33.0476 1176 SharedAccess - ok

13:57:33.0523 1176 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

13:57:33.0523 1176 ShellHWDetection - ok

13:57:33.0570 1176 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

13:57:33.0570 1176 SiSRaid2 - ok

13:57:33.0570 1176 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

13:57:33.0585 1176 SiSRaid4 - ok

13:57:33.0601 1176 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

13:57:33.0601 1176 Smb - ok

13:57:33.0632 1176 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

13:57:33.0632 1176 SNMPTRAP - ok

13:57:33.0648 1176 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

13:57:33.0648 1176 spldr - ok

13:57:33.0694 1176 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

13:57:33.0710 1176 Spooler - ok

13:57:33.0866 1176 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

13:57:33.0913 1176 sppsvc - ok

13:57:34.0038 1176 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

13:57:34.0053 1176 srv - ok

13:57:34.0084 1176 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

13:57:34.0084 1176 srv2 - ok

13:57:34.0100 1176 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

13:57:34.0116 1176 srvnet - ok

13:57:34.0147 1176 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

13:57:34.0162 1176 SSDPSRV - ok

13:57:34.0178 1176 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

13:57:34.0178 1176 SstpSvc - ok

13:57:34.0209 1176 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

13:57:34.0209 1176 stexstor - ok

13:57:34.0240 1176 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys

13:57:34.0240 1176 StillCam - ok

13:57:34.0303 1176 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

13:57:34.0318 1176 stisvc - ok

13:57:34.0350 1176 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

13:57:34.0350 1176 swenum - ok

13:57:34.0396 1176 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

13:57:34.0412 1176 swprv - ok

13:57:34.0459 1176 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

13:57:34.0459 1176 TabletInputService - ok

13:57:34.0506 1176 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

13:57:34.0506 1176 TapiSrv - ok

13:57:34.0521 1176 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

13:57:34.0537 1176 TBS - ok

13:57:34.0630 1176 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

13:57:34.0662 1176 Tcpip - ok

13:57:34.0818 1176 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

13:57:34.0818 1176 TCPIP6 - ok

13:57:34.0896 1176 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

13:57:34.0911 1176 tcpipreg - ok

13:57:34.0942 1176 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

13:57:34.0942 1176 TDPIPE - ok

13:57:34.0974 1176 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

13:57:34.0974 1176 TDTCP - ok

13:57:35.0020 1176 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

13:57:35.0020 1176 tdx - ok

13:57:35.0067 1176 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

13:57:35.0067 1176 TermDD - ok

13:57:35.0114 1176 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

13:57:35.0114 1176 TermService - ok

13:57:35.0145 1176 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

13:57:35.0161 1176 Themes - ok

13:57:35.0176 1176 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

13:57:35.0176 1176 THREADORDER - ok

13:57:35.0192 1176 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

13:57:35.0192 1176 TrkWks - ok

13:57:35.0239 1176 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

13:57:35.0239 1176 TrustedInstaller - ok

13:57:35.0286 1176 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:57:35.0286 1176 tssecsrv - ok

13:57:35.0332 1176 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

13:57:35.0332 1176 TsUsbFlt - ok

13:57:35.0379 1176 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

13:57:35.0379 1176 tunnel - ok

13:57:35.0395 1176 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

13:57:35.0395 1176 uagp35 - ok

13:57:35.0442 1176 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

13:57:35.0442 1176 udfs - ok

13:57:35.0473 1176 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

13:57:35.0473 1176 UI0Detect - ok

13:57:35.0520 1176 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

13:57:35.0520 1176 uliagpkx - ok

13:57:35.0566 1176 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

13:57:35.0566 1176 umbus - ok

13:57:35.0598 1176 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

13:57:35.0598 1176 UmPass - ok

13:57:35.0676 1176 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

13:57:35.0676 1176 Updater Service - ok

13:57:35.0691 1176 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

13:57:35.0691 1176 usbccgp - ok

13:57:35.0738 1176 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

13:57:35.0738 1176 usbcir - ok

13:57:35.0754 1176 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

13:57:35.0754 1176 usbehci - ok

13:57:35.0785 1176 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

13:57:35.0800 1176 usbhub - ok

13:57:35.0816 1176 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

13:57:35.0816 1176 usbohci - ok

13:57:35.0847 1176 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

13:57:35.0847 1176 usbprint - ok

13:57:35.0863 1176 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:57:35.0863 1176 USBSTOR - ok

13:57:35.0894 1176 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

13:57:35.0894 1176 usbuhci - ok

13:57:35.0925 1176 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

13:57:35.0925 1176 UxSms - ok

13:57:35.0956 1176 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:57:35.0956 1176 VaultSvc - ok

13:57:36.0003 1176 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

13:57:36.0003 1176 vdrvroot - ok

13:57:36.0050 1176 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

13:57:36.0066 1176 vds - ok

13:57:36.0097 1176 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

13:57:36.0097 1176 vga - ok

13:57:36.0112 1176 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

13:57:36.0112 1176 VgaSave - ok

13:57:36.0159 1176 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

13:57:36.0159 1176 vhdmp - ok

13:57:36.0175 1176 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

13:57:36.0175 1176 viaide - ok

13:57:36.0206 1176 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

13:57:36.0206 1176 volmgr - ok

13:57:36.0253 1176 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

13:57:36.0253 1176 volmgrx - ok

13:57:36.0268 1176 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

13:57:36.0284 1176 volsnap - ok

13:57:36.0315 1176 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

13:57:36.0315 1176 vsmraid - ok

13:57:36.0409 1176 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

13:57:36.0440 1176 VSS - ok

13:57:36.0534 1176 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

13:57:36.0534 1176 vwifibus - ok

13:57:36.0565 1176 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

13:57:36.0580 1176 W32Time - ok

13:57:36.0596 1176 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

13:57:36.0612 1176 WacomPen - ok

13:57:36.0643 1176 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

13:57:36.0658 1176 WANARP - ok

13:57:36.0658 1176 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

13:57:36.0674 1176 Wanarpv6 - ok

13:57:36.0768 1176 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

13:57:36.0783 1176 WatAdminSvc - ok

13:57:36.0861 1176 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

13:57:36.0892 1176 wbengine - ok

13:57:36.0970 1176 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

13:57:36.0970 1176 WbioSrvc - ok

13:57:36.0986 1176 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

13:57:36.0986 1176 Wd - ok

13:57:37.0033 1176 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

13:57:37.0048 1176 Wdf01000 - ok

13:57:37.0064 1176 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

13:57:37.0064 1176 WdiServiceHost - ok

13:57:37.0080 1176 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

13:57:37.0080 1176 WdiSystemHost - ok

13:57:37.0111 1176 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

13:57:37.0111 1176 Wecsvc - ok

13:57:37.0142 1176 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

13:57:37.0142 1176 wercplsupport - ok

13:57:37.0173 1176 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

13:57:37.0189 1176 WerSvc - ok

13:57:37.0204 1176 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

13:57:37.0204 1176 WfpLwf - ok

13:57:37.0220 1176 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

13:57:37.0220 1176 WIMMount - ok

13:57:37.0267 1176 WinDefend - ok

13:57:37.0298 1176 WinHttpAutoProxySvc - ok

13:57:37.0360 1176 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

13:57:37.0360 1176 Winmgmt - ok

13:57:37.0470 1176 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

13:57:37.0485 1176 WinRM - ok

13:57:37.0641 1176 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

13:57:37.0641 1176 WinUsb - ok

13:57:37.0704 1176 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

13:57:37.0735 1176 Wlansvc - ok

13:57:37.0766 1176 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

13:57:37.0766 1176 WmiAcpi - ok

13:57:37.0797 1176 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

13:57:37.0813 1176 wmiApSrv - ok

13:57:37.0860 1176 WMPNetworkSvc - ok

13:57:37.0860 1176 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

13:57:37.0860 1176 WPCSvc - ok

13:57:37.0891 1176 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

13:57:37.0906 1176 ws2ifsl - ok

13:57:37.0922 1176 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

13:57:37.0922 1176 wscsvc - ok

13:57:37.0953 1176 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys

13:57:37.0969 1176 WSDPrintDevice - ok

13:57:37.0969 1176 WSearch - ok

13:57:38.0109 1176 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

13:57:38.0156 1176 wuauserv - ok

13:57:38.0265 1176 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

13:57:38.0265 1176 WudfPf - ok

13:57:38.0296 1176 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:57:38.0296 1176 WUDFRd - ok

13:57:38.0343 1176 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

13:57:38.0343 1176 wudfsvc - ok

13:57:38.0359 1176 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

13:57:38.0530 1176 \Device\Harddisk0\DR0 - ok

13:57:38.0546 1176 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk6\DR6

13:57:41.0089 1176 \Device\Harddisk6\DR6 - ok

13:57:41.0089 1176 Boot (0x1200) (d036e113575dfa8ffbb5433056c42f05) \Device\Harddisk0\DR0\Partition0

13:57:41.0089 1176 \Device\Harddisk0\DR0\Partition0 - ok

13:57:41.0104 1176 Boot (0x1200) (746b181eee7ccddee670eeeea38426fd) \Device\Harddisk0\DR0\Partition1

13:57:41.0104 1176 \Device\Harddisk0\DR0\Partition1 - ok

13:57:41.0104 1176 Boot (0x1200) (cb56ba5c445e01e2b446d66c088a6de9) \Device\Harddisk6\DR6\Partition0

13:57:41.0104 1176 \Device\Harddisk6\DR6\Partition0 - ok

13:57:41.0120 1176 ============================================================

13:57:41.0120 1176 Scan finished

13:57:41.0120 1176 ============================================================

13:57:41.0120 0304 Detected object count: 0

13:57:41.0120 0304 Actual detected object count: 0

13:57:55.0581 0972 Deinitialize success

Share this post


Link to post
Share on other sites

Results of screen317's Security Check version 0.99.43

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Disabled!

McAfee VirusScan Enterprise

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

McAfee AntiSpyware Enterprise Module

McAfee SiteAdvisor Enterprise Plus

Malwarebytes Anti-Malware version 1.62.0.1300

Java 6 Update 29

Java version out of Date!

Adobe Reader 9 Adobe Reader out of Date!

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:

````````````````````End of Log``````````````````````

Share this post


Link to post
Share on other sites

The machine is still not functioning. I think the registry is messed up. It may be the reason why no programs or windows apps will run in normal mode. How can I fix it without reinstall

Share this post


Link to post
Share on other sites

Hi.

You need to be more specific. Give a brief list of the issues currently being faced.

Share this post


Link to post
Share on other sites

"The specified service does not exist as an installed service" message comes up when trying to launch malwarebytes, user accts and device manager.

Share this post


Link to post
Share on other sites

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.