Jump to content

el_jack

Honorary Members
  • Posts

    28
  • Joined

  • Last visited

Reputation

0 Neutral
  1. "The specified service does not exist as an installed service" message comes up when trying to launch malwarebytes, user accts and device manager.
  2. The machine is still not functioning. I think the registry is messed up. It may be the reason why no programs or windows apps will run in normal mode. How can I fix it without reinstall
  3. Results of screen317's Security Check version 0.99.43 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Disabled! McAfee VirusScan Enterprise Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` McAfee AntiSpyware Enterprise Module McAfee SiteAdvisor Enterprise Plus Malwarebytes Anti-Malware version 1.62.0.1300 Java 6 Update 29 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````
  4. here are the reports 13:57:05.0131 0980 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 13:57:05.0692 0980 ============================================================ 13:57:05.0692 0980 Current date / time: 2012/08/08 13:57:05.0692 13:57:05.0692 0980 SystemInfo: 13:57:05.0692 0980 13:57:05.0692 0980 OS Version: 6.1.7601 ServicePack: 1.0 13:57:05.0692 0980 Product type: Workstation 13:57:05.0692 0980 ComputerName: RECEPTIONIST-PC 13:57:05.0692 0980 UserName: Receptionist 13:57:05.0692 0980 Windows directory: C:\Windows 13:57:05.0692 0980 System windows directory: C:\Windows 13:57:05.0692 0980 Running under WOW64 13:57:05.0692 0980 Processor architecture: Intel x64 13:57:05.0692 0980 Number of processors: 1 13:57:05.0692 0980 Page size: 0x1000 13:57:05.0692 0980 Boot type: Safe boot with network 13:57:05.0692 0980 ============================================================ 13:57:06.0566 0980 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 13:57:06.0566 0980 Drive \Device\Harddisk6\DR6 - Size: 0x7B00000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 13:57:06.0566 0980 ============================================================ 13:57:06.0566 0980 \Device\Harddisk0\DR0: 13:57:06.0566 0980 MBR partitions: 13:57:06.0566 0980 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2600800, BlocksNum 0x32000 13:57:06.0566 0980 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2632800, BlocksNum 0x37D53000 13:57:06.0566 0980 \Device\Harddisk6\DR6: 13:57:06.0566 0980 MBR partitions: 13:57:06.0566 0980 \Device\Harddisk6\DR6\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x3D7C1 13:57:06.0566 0980 ============================================================ 13:57:06.0597 0980 C: <-> \Device\Harddisk0\DR0\Partition1 13:57:06.0597 0980 ============================================================ 13:57:06.0597 0980 Initialize success 13:57:06.0597 0980 ============================================================ 13:57:18.0422 1176 ============================================================ 13:57:18.0422 1176 Scan started 13:57:18.0422 1176 Mode: Manual; 13:57:18.0422 1176 ============================================================ 13:57:19.0171 1176 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 13:57:19.0171 1176 1394ohci - ok 13:57:19.0202 1176 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 13:57:19.0218 1176 ACPI - ok 13:57:19.0249 1176 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 13:57:19.0249 1176 AcpiPmi - ok 13:57:19.0296 1176 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 13:57:19.0311 1176 adp94xx - ok 13:57:19.0327 1176 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 13:57:19.0342 1176 adpahci - ok 13:57:19.0358 1176 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 13:57:19.0374 1176 adpu320 - ok 13:57:19.0405 1176 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 13:57:19.0420 1176 AeLookupSvc - ok 13:57:19.0483 1176 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 13:57:19.0498 1176 AFD - ok 13:57:19.0530 1176 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 13:57:19.0530 1176 agp440 - ok 13:57:19.0561 1176 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 13:57:19.0561 1176 ALG - ok 13:57:19.0576 1176 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 13:57:19.0576 1176 aliide - ok 13:57:19.0592 1176 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 13:57:19.0592 1176 amdide - ok 13:57:19.0623 1176 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 13:57:19.0623 1176 AmdK8 - ok 13:57:19.0639 1176 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 13:57:19.0639 1176 AmdPPM - ok 13:57:19.0670 1176 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 13:57:19.0670 1176 amdsata - ok 13:57:19.0686 1176 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 13:57:19.0686 1176 amdsbs - ok 13:57:19.0717 1176 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 13:57:19.0717 1176 amdxata - ok 13:57:19.0748 1176 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 13:57:19.0748 1176 AppID - ok 13:57:19.0779 1176 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 13:57:19.0779 1176 AppIDSvc - ok 13:57:19.0810 1176 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 13:57:19.0810 1176 arc - ok 13:57:19.0826 1176 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 13:57:19.0826 1176 arcsas - ok 13:57:19.0857 1176 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 13:57:19.0857 1176 AsyncMac - ok 13:57:19.0888 1176 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 13:57:19.0904 1176 atapi - ok 13:57:19.0966 1176 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 13:57:19.0982 1176 AudioEndpointBuilder - ok 13:57:19.0998 1176 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 13:57:19.0998 1176 AudioSrv - ok 13:57:20.0044 1176 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 13:57:20.0044 1176 b06bdrv - ok 13:57:20.0091 1176 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 13:57:20.0091 1176 b57nd60a - ok 13:57:20.0138 1176 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 13:57:20.0138 1176 BDESVC - ok 13:57:20.0138 1176 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 13:57:20.0138 1176 Beep - ok 13:57:20.0232 1176 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 13:57:20.0232 1176 BFE - ok 13:57:20.0310 1176 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll 13:57:20.0356 1176 BITS - ok 13:57:20.0388 1176 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 13:57:20.0388 1176 blbdrive - ok 13:57:20.0419 1176 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 13:57:20.0419 1176 bowser - ok 13:57:20.0450 1176 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 13:57:20.0450 1176 BrFiltLo - ok 13:57:20.0466 1176 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 13:57:20.0466 1176 BrFiltUp - ok 13:57:20.0497 1176 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 13:57:20.0497 1176 BridgeMP - ok 13:57:20.0544 1176 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 13:57:20.0544 1176 Browser - ok 13:57:20.0575 1176 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 13:57:20.0575 1176 Brserid - ok 13:57:20.0590 1176 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 13:57:20.0590 1176 BrSerWdm - ok 13:57:20.0606 1176 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 13:57:20.0606 1176 BrUsbMdm - ok 13:57:20.0606 1176 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 13:57:20.0606 1176 BrUsbSer - ok 13:57:20.0637 1176 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 13:57:20.0637 1176 BTHMODEM - ok 13:57:20.0684 1176 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 13:57:20.0684 1176 bthserv - ok 13:57:20.0715 1176 catchme - ok 13:57:20.0731 1176 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 13:57:20.0731 1176 cdfs - ok 13:57:20.0778 1176 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 13:57:20.0778 1176 cdrom - ok 13:57:20.0824 1176 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 13:57:20.0824 1176 CertPropSvc - ok 13:57:20.0856 1176 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 13:57:20.0856 1176 circlass - ok 13:57:20.0887 1176 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 13:57:20.0887 1176 CLFS - ok 13:57:20.0949 1176 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:57:20.0949 1176 clr_optimization_v2.0.50727_32 - ok 13:57:20.0996 1176 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 13:57:20.0996 1176 clr_optimization_v2.0.50727_64 - ok 13:57:21.0074 1176 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 13:57:21.0090 1176 clr_optimization_v4.0.30319_32 - ok 13:57:21.0136 1176 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 13:57:21.0136 1176 clr_optimization_v4.0.30319_64 - ok 13:57:21.0152 1176 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 13:57:21.0152 1176 CmBatt - ok 13:57:21.0168 1176 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 13:57:21.0168 1176 cmdide - ok 13:57:21.0214 1176 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 13:57:21.0230 1176 CNG - ok 13:57:21.0246 1176 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 13:57:21.0246 1176 Compbatt - ok 13:57:21.0277 1176 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 13:57:21.0277 1176 CompositeBus - ok 13:57:21.0292 1176 COMSysApp - ok 13:57:21.0308 1176 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 13:57:21.0308 1176 crcdisk - ok 13:57:21.0355 1176 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 13:57:21.0355 1176 CryptSvc - ok 13:57:21.0480 1176 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 13:57:21.0495 1176 cvhsvc - ok 13:57:21.0542 1176 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 13:57:21.0573 1176 DcomLaunch - ok 13:57:21.0620 1176 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 13:57:21.0620 1176 defragsvc - ok 13:57:21.0682 1176 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 13:57:21.0682 1176 DfsC - ok 13:57:21.0714 1176 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 13:57:21.0729 1176 Dhcp - ok 13:57:21.0745 1176 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 13:57:21.0745 1176 discache - ok 13:57:21.0776 1176 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 13:57:21.0792 1176 Disk - ok 13:57:21.0823 1176 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 13:57:21.0823 1176 Dnscache - ok 13:57:21.0870 1176 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 13:57:21.0870 1176 dot3svc - ok 13:57:21.0885 1176 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 13:57:21.0901 1176 DPS - ok 13:57:21.0916 1176 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 13:57:21.0916 1176 drmkaud - ok 13:57:21.0979 1176 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 13:57:21.0994 1176 DXGKrnl - ok 13:57:22.0026 1176 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 13:57:22.0026 1176 EapHost - ok 13:57:22.0150 1176 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 13:57:22.0213 1176 ebdrv - ok 13:57:22.0306 1176 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 13:57:22.0306 1176 EFS - ok 13:57:22.0369 1176 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 13:57:22.0384 1176 ehRecvr - ok 13:57:22.0400 1176 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 13:57:22.0400 1176 ehSched - ok 13:57:22.0572 1176 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 13:57:22.0587 1176 elxstor - ok 13:57:23.0211 1176 enterceptAgent (c3d8c7e58d6194286a6d3985cabf19e7) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe 13:57:23.0305 1176 enterceptAgent - ok 13:57:23.0398 1176 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 13:57:23.0398 1176 ErrDev - ok 13:57:23.0461 1176 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 13:57:23.0476 1176 EventSystem - ok 13:57:23.0508 1176 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 13:57:23.0523 1176 exfat - ok 13:57:23.0554 1176 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 13:57:23.0554 1176 fastfat - ok 13:57:23.0617 1176 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 13:57:23.0632 1176 Fax - ok 13:57:23.0664 1176 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 13:57:23.0664 1176 fdc - ok 13:57:23.0679 1176 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 13:57:23.0679 1176 fdPHost - ok 13:57:23.0695 1176 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 13:57:23.0695 1176 FDResPub - ok 13:57:23.0710 1176 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 13:57:23.0710 1176 FileInfo - ok 13:57:23.0742 1176 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 13:57:23.0742 1176 Filetrace - ok 13:57:23.0788 1176 Firehk (04eb7c3063834c50fef94ae77b05cbf9) C:\Windows\system32\DRIVERS\firehk.sys 13:57:23.0788 1176 Firehk - ok 13:57:23.0788 1176 FirehkMP (04eb7c3063834c50fef94ae77b05cbf9) C:\Windows\system32\DRIVERS\firehk.sys 13:57:23.0804 1176 FirehkMP - ok 13:57:23.0835 1176 firelm01 (91c7c2c38d51a1ab25f909189a2c2db9) C:\Windows\system32\drivers\firelm01.sys 13:57:23.0835 1176 firelm01 - ok 13:57:23.0851 1176 FirePM (7a5af3ee86bbb96a5b2c96facbfe124f) C:\Windows\system32\Drivers\FirePM.sys 13:57:23.0866 1176 FirePM - ok 13:57:23.0882 1176 FireTDI (9d0071cb93c9cebfb927f443c75e3251) C:\Windows\system32\Drivers\FireTDI.sys 13:57:23.0882 1176 FireTDI - ok 13:57:23.0913 1176 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 13:57:23.0913 1176 flpydisk - ok 13:57:23.0960 1176 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 13:57:23.0976 1176 FltMgr - ok 13:57:24.0022 1176 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 13:57:24.0022 1176 FontCache3.0.0.0 - ok 13:57:24.0100 1176 ForceWare Intelligent Application Manager (IAM) (52b58a46beefb238c580b69fd051cb5b) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe 13:57:24.0132 1176 ForceWare Intelligent Application Manager (IAM) - ok 13:57:24.0147 1176 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 13:57:24.0147 1176 FsDepends - ok 13:57:24.0178 1176 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 13:57:24.0178 1176 Fs_Rec - ok 13:57:24.0225 1176 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 13:57:24.0241 1176 fvevol - ok 13:57:24.0256 1176 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 13:57:24.0256 1176 gagp30kx - ok 13:57:24.0319 1176 GameConsoleService (6858c318e8daa40e747e6fb9b214e104) C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe 13:57:24.0319 1176 GameConsoleService - ok 13:57:24.0381 1176 GoToAssist (409e81656712cef82d9bc4d527bb3a81) C:\Program Files (x86)\Citrix\GoToAssist\705\g2aservice.exe 13:57:24.0381 1176 GoToAssist - ok 13:57:24.0444 1176 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 13:57:24.0459 1176 gpsvc - ok 13:57:24.0537 1176 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe 13:57:24.0553 1176 Greg_Service - ok 13:57:24.0615 1176 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 13:57:24.0615 1176 gupdate - ok 13:57:24.0646 1176 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 13:57:24.0646 1176 gupdatem - ok 13:57:24.0678 1176 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 13:57:24.0678 1176 gusvc - ok 13:57:24.0771 1176 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 13:57:24.0771 1176 hcw85cir - ok 13:57:24.0834 1176 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 13:57:24.0849 1176 HdAudAddService - ok 13:57:24.0880 1176 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 13:57:24.0880 1176 HDAudBus - ok 13:57:24.0896 1176 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 13:57:24.0896 1176 HidBatt - ok 13:57:24.0912 1176 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 13:57:24.0912 1176 HidBth - ok 13:57:24.0927 1176 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 13:57:24.0927 1176 HidIr - ok 13:57:24.0943 1176 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 13:57:24.0943 1176 hidserv - ok 13:57:24.0974 1176 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 13:57:24.0974 1176 HidUsb - ok 13:57:25.0005 1176 HIPK (a5fa050ff3a5f3630c2598d32e339def) C:\Windows\system32\drivers\HIPK.sys 13:57:25.0021 1176 HIPK - ok 13:57:25.0036 1176 HIPPSK (e8eb147dc272dba6f0eba31d17e752c6) C:\Windows\system32\drivers\HIPPSK.sys 13:57:25.0036 1176 HIPPSK - ok 13:57:25.0052 1176 HIPQK (1f95e665632a39ac57e1c605e49c5816) C:\Windows\system32\drivers\HIPQK.sys 13:57:25.0052 1176 HIPQK - ok 13:57:25.0146 1176 hips (44cd99a1b57827ed9e98851b0baee851) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe 13:57:25.0146 1176 hips - ok 13:57:25.0177 1176 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 13:57:25.0177 1176 hkmsvc - ok 13:57:25.0224 1176 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 13:57:25.0224 1176 HomeGroupListener - ok 13:57:25.0255 1176 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 13:57:25.0255 1176 HomeGroupProvider - ok 13:57:25.0270 1176 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 13:57:25.0270 1176 HpSAMD - ok 13:57:25.0333 1176 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 13:57:25.0364 1176 HTTP - ok 13:57:25.0395 1176 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 13:57:25.0395 1176 hwpolicy - ok 13:57:25.0411 1176 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 13:57:25.0411 1176 i8042prt - ok 13:57:25.0458 1176 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 13:57:25.0473 1176 iaStorV - ok 13:57:25.0551 1176 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 13:57:25.0567 1176 idsvc - ok 13:57:25.0614 1176 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 13:57:25.0614 1176 iirsp - ok 13:57:25.0676 1176 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 13:57:25.0692 1176 IKEEXT - ok 13:57:25.0801 1176 IntcAzAudAddService (2e3b99e8c23be2bf32ebe1db5261f275) C:\Windows\system32\drivers\RTKVHD64.sys 13:57:25.0848 1176 IntcAzAudAddService - ok 13:57:25.0926 1176 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 13:57:25.0926 1176 intelide - ok 13:57:25.0957 1176 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 13:57:25.0957 1176 intelppm - ok 13:57:25.0988 1176 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 13:57:26.0004 1176 IpFilterDriver - ok 13:57:26.0035 1176 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 13:57:26.0050 1176 iphlpsvc - ok 13:57:26.0066 1176 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 13:57:26.0066 1176 IPMIDRV - ok 13:57:26.0082 1176 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 13:57:26.0082 1176 IPNAT - ok 13:57:26.0113 1176 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 13:57:26.0113 1176 IRENUM - ok 13:57:26.0128 1176 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 13:57:26.0128 1176 isapnp - ok 13:57:26.0160 1176 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 13:57:26.0160 1176 iScsiPrt - ok 13:57:26.0191 1176 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 13:57:26.0191 1176 kbdclass - ok 13:57:26.0222 1176 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 13:57:26.0222 1176 kbdhid - ok 13:57:26.0253 1176 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 13:57:26.0253 1176 KeyIso - ok 13:57:26.0269 1176 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 13:57:26.0269 1176 KSecDD - ok 13:57:26.0316 1176 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 13:57:26.0316 1176 KSecPkg - ok 13:57:26.0331 1176 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 13:57:26.0331 1176 ksthunk - ok 13:57:26.0378 1176 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 13:57:26.0394 1176 KtmRm - ok 13:57:26.0440 1176 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 13:57:26.0456 1176 LanmanServer - ok 13:57:26.0487 1176 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 13:57:26.0503 1176 LanmanWorkstation - ok 13:57:26.0534 1176 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 13:57:26.0534 1176 lltdio - ok 13:57:26.0581 1176 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 13:57:26.0581 1176 lltdsvc - ok 13:57:26.0612 1176 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 13:57:26.0612 1176 lmhosts - ok 13:57:26.0643 1176 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 13:57:26.0643 1176 LSI_FC - ok 13:57:26.0674 1176 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 13:57:26.0674 1176 LSI_SAS - ok 13:57:26.0690 1176 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 13:57:26.0690 1176 LSI_SAS2 - ok 13:57:26.0690 1176 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 13:57:26.0706 1176 LSI_SCSI - ok 13:57:26.0721 1176 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 13:57:26.0737 1176 luafv - ok 13:57:26.0815 1176 McAfee SiteAdvisor Enterprise Service (20f77f14fe972aa028454047632b2ac8) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe 13:57:26.0815 1176 McAfee SiteAdvisor Enterprise Service - ok 13:57:26.0877 1176 McAfeeEngineService (5d992ca633358dd0e7a16d88829da087) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe 13:57:26.0877 1176 McAfeeEngineService - ok 13:57:26.0924 1176 McAfeeFramework (062d80f13d762f7bc2f38430d60f5048) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe 13:57:26.0924 1176 McAfeeFramework - ok 13:57:26.0955 1176 McShield (40e2dab104501594c8f93fa7bdfd3596) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe 13:57:26.0955 1176 McShield - ok 13:57:26.0986 1176 McTaskManager (3077feefa81b025390092f7fbf2b51c5) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe 13:57:26.0986 1176 McTaskManager - ok 13:57:27.0033 1176 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 13:57:27.0033 1176 Mcx2Svc - ok 13:57:27.0064 1176 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 13:57:27.0064 1176 megasas - ok 13:57:27.0080 1176 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 13:57:27.0080 1176 MegaSR - ok 13:57:27.0127 1176 mfeapfk (648ec36615abf5ae20e4ef61fedb6b9c) C:\Windows\system32\drivers\mfeapfk.sys 13:57:27.0127 1176 mfeapfk - ok 13:57:27.0174 1176 mfeavfk (93e8625f4f7eb387091557696390a1fc) C:\Windows\system32\drivers\mfeavfk.sys 13:57:27.0189 1176 mfeavfk - ok 13:57:27.0220 1176 mfehidk (dc8c7417254a4f8febdd1257db351147) C:\Windows\system32\drivers\mfehidk.sys 13:57:27.0236 1176 mfehidk - ok 13:57:27.0267 1176 mferkdet (1ee3c78d14024ca7adaa0af53a0037cd) C:\Windows\system32\drivers\mferkdet.sys 13:57:27.0267 1176 mferkdet - ok 13:57:27.0283 1176 mfetdik (b6170fad509317a963be6d4c2e104d2f) C:\Windows\system32\drivers\mfetdik.sys 13:57:27.0283 1176 mfetdik - ok 13:57:27.0330 1176 mfevtp (e1e2edc7753f6a264e0ab77c9ee873d0) C:\Windows\system32\mfevtps.exe 13:57:27.0330 1176 mfevtp - ok 13:57:27.0361 1176 mfewfpk (c0505a334ca4072fd71e7645910699cb) C:\Windows\system32\drivers\mfewfpk.sys 13:57:27.0376 1176 mfewfpk - ok 13:57:27.0408 1176 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 13:57:27.0408 1176 MMCSS - ok 13:57:27.0423 1176 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 13:57:27.0423 1176 Modem - ok 13:57:27.0454 1176 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 13:57:27.0454 1176 monitor - ok 13:57:27.0501 1176 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 13:57:27.0501 1176 mouclass - ok 13:57:27.0517 1176 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 13:57:27.0517 1176 mouhid - ok 13:57:27.0564 1176 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 13:57:27.0564 1176 mountmgr - ok 13:57:27.0595 1176 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 13:57:27.0595 1176 mpio - ok 13:57:27.0626 1176 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 13:57:27.0626 1176 mpsdrv - ok 13:57:27.0704 1176 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 13:57:27.0720 1176 MpsSvc - ok 13:57:27.0751 1176 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 13:57:27.0766 1176 MRxDAV - ok 13:57:27.0798 1176 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 13:57:27.0798 1176 mrxsmb - ok 13:57:27.0844 1176 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 13:57:27.0844 1176 mrxsmb10 - ok 13:57:27.0876 1176 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 13:57:27.0876 1176 mrxsmb20 - ok 13:57:27.0891 1176 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 13:57:27.0891 1176 msahci - ok 13:57:27.0938 1176 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 13:57:27.0938 1176 msdsm - ok 13:57:27.0969 1176 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 13:57:27.0969 1176 MSDTC - ok 13:57:28.0000 1176 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 13:57:28.0000 1176 Msfs - ok 13:57:28.0032 1176 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 13:57:28.0032 1176 mshidkmdf - ok 13:57:28.0063 1176 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 13:57:28.0063 1176 msisadrv - ok 13:57:28.0094 1176 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 13:57:28.0094 1176 MSiSCSI - ok 13:57:28.0110 1176 msiserver - ok 13:57:28.0125 1176 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 13:57:28.0125 1176 MSKSSRV - ok 13:57:28.0172 1176 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 13:57:28.0172 1176 MSPCLOCK - ok 13:57:28.0172 1176 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 13:57:28.0172 1176 MSPQM - ok 13:57:28.0219 1176 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 13:57:28.0234 1176 MsRPC - ok 13:57:28.0266 1176 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 13:57:28.0266 1176 mssmbios - ok 13:57:28.0266 1176 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 13:57:28.0281 1176 MSTEE - ok 13:57:28.0281 1176 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 13:57:28.0281 1176 MTConfig - ok 13:57:28.0312 1176 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 13:57:28.0312 1176 Mup - ok 13:57:28.0344 1176 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 13:57:28.0359 1176 napagent - ok 13:57:28.0390 1176 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 13:57:28.0406 1176 NativeWifiP - ok 13:57:28.0484 1176 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 13:57:28.0500 1176 NDIS - ok 13:57:28.0515 1176 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 13:57:28.0515 1176 NdisCap - ok 13:57:28.0531 1176 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 13:57:28.0531 1176 NdisTapi - ok 13:57:28.0578 1176 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 13:57:28.0578 1176 Ndisuio - ok 13:57:28.0609 1176 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 13:57:28.0609 1176 NdisWan - ok 13:57:28.0656 1176 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 13:57:28.0656 1176 NDProxy - ok 13:57:28.0702 1176 NEOFLTR_650_15991 (85e3df39b5c7f5249efd120907c0e2d2) C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS 13:57:28.0702 1176 NEOFLTR_650_15991 - ok 13:57:28.0812 1176 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe 13:57:28.0827 1176 Nero BackItUp Scheduler 4.0 - ok 13:57:28.0858 1176 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 13:57:28.0858 1176 NetBIOS - ok 13:57:28.0890 1176 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 13:57:28.0890 1176 NetBT - ok 13:57:28.0936 1176 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 13:57:28.0936 1176 Netlogon - ok 13:57:28.0983 1176 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 13:57:28.0983 1176 NetTcpPortSharing - ok 13:57:29.0014 1176 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 13:57:29.0014 1176 nfrd960 - ok 13:57:29.0061 1176 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 13:57:29.0061 1176 NlaSvc - ok 13:57:29.0092 1176 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 13:57:29.0092 1176 Npfs - ok 13:57:29.0139 1176 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 13:57:29.0139 1176 nsi - ok 13:57:29.0155 1176 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 13:57:29.0155 1176 nsiproxy - ok 13:57:29.0233 1176 nSvcIp (20e179a7fe78b37a02d30c4d34c870e7) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe 13:57:29.0233 1176 nSvcIp - ok 13:57:29.0326 1176 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 13:57:29.0342 1176 Ntfs - ok 13:57:29.0436 1176 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 13:57:29.0436 1176 Null - ok 13:57:29.0467 1176 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys 13:57:29.0467 1176 NVENETFD - ok 13:57:29.0872 1176 nvlddmkm (4628fa8f0cc0d509bc14a223e99d36f3) C:\Windows\system32\DRIVERS\nvlddmkm.sys 13:57:30.0075 1176 nvlddmkm - ok 13:57:30.0153 1176 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys 13:57:30.0153 1176 NVNET - ok 13:57:30.0200 1176 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 13:57:30.0200 1176 nvraid - ok 13:57:30.0247 1176 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 13:57:30.0247 1176 nvstor - ok 13:57:30.0262 1176 nvsvc (703f996312202d84663f7c8584acaf55) C:\Windows\system32\nvvsvc.exe 13:57:30.0278 1176 nvsvc - ok 13:57:30.0294 1176 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 13:57:30.0309 1176 nv_agp - ok 13:57:30.0387 1176 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 13:57:30.0403 1176 odserv - ok 13:57:30.0434 1176 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 13:57:30.0434 1176 ohci1394 - ok 13:57:30.0465 1176 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 13:57:30.0465 1176 ose - ok 13:57:30.0684 1176 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 13:57:30.0762 1176 osppsvc - ok 13:57:30.0840 1176 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 13:57:30.0871 1176 p2pimsvc - ok 13:57:30.0902 1176 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 13:57:30.0902 1176 p2psvc - ok 13:57:30.0949 1176 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 13:57:30.0949 1176 Parport - ok 13:57:30.0980 1176 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 13:57:30.0980 1176 partmgr - ok 13:57:30.0996 1176 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 13:57:31.0011 1176 PcaSvc - ok 13:57:31.0042 1176 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 13:57:31.0042 1176 pci - ok 13:57:31.0058 1176 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 13:57:31.0058 1176 pciide - ok 13:57:31.0089 1176 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 13:57:31.0105 1176 pcmcia - ok 13:57:31.0120 1176 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 13:57:31.0120 1176 pcw - ok 13:57:31.0167 1176 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 13:57:31.0167 1176 PEAUTH - ok 13:57:31.0245 1176 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 13:57:31.0261 1176 PerfHost - ok 13:57:31.0354 1176 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 13:57:31.0370 1176 pla - ok 13:57:31.0448 1176 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 13:57:31.0464 1176 PlugPlay - ok 13:57:31.0495 1176 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 13:57:31.0495 1176 PNRPAutoReg - ok 13:57:31.0557 1176 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 13:57:31.0573 1176 PolicyAgent - ok 13:57:31.0604 1176 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 13:57:31.0604 1176 Power - ok 13:57:31.0666 1176 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 13:57:31.0666 1176 PptpMiniport - ok 13:57:31.0698 1176 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 13:57:31.0698 1176 Processor - ok 13:57:31.0729 1176 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 13:57:31.0729 1176 ProfSvc - ok 13:57:31.0760 1176 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 13:57:31.0760 1176 ProtectedStorage - ok 13:57:31.0807 1176 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 13:57:31.0807 1176 Psched - ok 13:57:31.0885 1176 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 13:57:31.0900 1176 ql2300 - ok 13:57:31.0963 1176 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 13:57:31.0963 1176 ql40xx - ok 13:57:31.0994 1176 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 13:57:31.0994 1176 QWAVEdrv - ok 13:57:31.0994 1176 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 13:57:31.0994 1176 RasAcd - ok 13:57:32.0025 1176 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 13:57:32.0025 1176 RasAgileVpn - ok 13:57:32.0041 1176 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 13:57:32.0056 1176 RasAuto - ok 13:57:32.0072 1176 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 13:57:32.0072 1176 Rasl2tp - ok 13:57:32.0119 1176 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 13:57:32.0119 1176 RasPppoe - ok 13:57:32.0134 1176 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 13:57:32.0134 1176 RasSstp - ok 13:57:32.0181 1176 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 13:57:32.0181 1176 rdbss - ok 13:57:32.0197 1176 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 13:57:32.0212 1176 rdpbus - ok 13:57:32.0228 1176 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 13:57:32.0228 1176 RDPCDD - ok 13:57:32.0244 1176 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 13:57:32.0244 1176 RDPENCDD - ok 13:57:32.0259 1176 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 13:57:32.0259 1176 RDPREFMP - ok 13:57:32.0306 1176 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 13:57:32.0306 1176 RDPWD - ok 13:57:32.0337 1176 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 13:57:32.0337 1176 rdyboost - ok 13:57:32.0384 1176 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 13:57:32.0384 1176 RemoteAccess - ok 13:57:32.0400 1176 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 13:57:32.0400 1176 RemoteRegistry - ok 13:57:32.0462 1176 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 13:57:32.0462 1176 RpcEptMapper - ok 13:57:32.0493 1176 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 13:57:32.0493 1176 RpcLocator - ok 13:57:32.0540 1176 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll 13:57:32.0540 1176 RpcSs - ok 13:57:32.0556 1176 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 13:57:32.0556 1176 rspndr - ok 13:57:32.0602 1176 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 13:57:32.0602 1176 SamSs - ok 13:57:32.0634 1176 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 13:57:32.0634 1176 sbp2port - ok 13:57:32.0665 1176 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 13:57:32.0665 1176 SCardSvr - ok 13:57:32.0696 1176 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 13:57:32.0696 1176 scfilter - ok 13:57:32.0774 1176 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 13:57:32.0790 1176 Schedule - ok 13:57:32.0836 1176 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 13:57:32.0836 1176 SCPolicySvc - ok 13:57:32.0852 1176 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 13:57:32.0868 1176 SDRSVC - ok 13:57:32.0899 1176 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 13:57:32.0914 1176 secdrv - ok 13:57:32.0961 1176 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 13:57:32.0961 1176 seclogon - ok 13:57:32.0992 1176 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 13:57:32.0992 1176 Serenum - ok 13:57:33.0008 1176 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 13:57:33.0008 1176 Serial - ok 13:57:33.0055 1176 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 13:57:33.0055 1176 sermouse - ok 13:57:33.0102 1176 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 13:57:33.0102 1176 sffdisk - ok 13:57:33.0117 1176 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 13:57:33.0117 1176 sffp_mmc - ok 13:57:33.0133 1176 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 13:57:33.0133 1176 sffp_sd - ok 13:57:33.0133 1176 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 13:57:33.0133 1176 sfloppy - ok 13:57:33.0211 1176 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys 13:57:33.0226 1176 Sftfs - ok 13:57:33.0336 1176 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 13:57:33.0336 1176 sftlist - ok 13:57:33.0367 1176 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys 13:57:33.0382 1176 Sftplay - ok 13:57:33.0398 1176 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys 13:57:33.0398 1176 Sftredir - ok 13:57:33.0414 1176 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys 13:57:33.0414 1176 Sftvol - ok 13:57:33.0429 1176 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 13:57:33.0445 1176 sftvsa - ok 13:57:33.0476 1176 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 13:57:33.0476 1176 SharedAccess - ok 13:57:33.0523 1176 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 13:57:33.0523 1176 ShellHWDetection - ok 13:57:33.0570 1176 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 13:57:33.0570 1176 SiSRaid2 - ok 13:57:33.0570 1176 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 13:57:33.0585 1176 SiSRaid4 - ok 13:57:33.0601 1176 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 13:57:33.0601 1176 Smb - ok 13:57:33.0632 1176 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 13:57:33.0632 1176 SNMPTRAP - ok 13:57:33.0648 1176 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 13:57:33.0648 1176 spldr - ok 13:57:33.0694 1176 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 13:57:33.0710 1176 Spooler - ok 13:57:33.0866 1176 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 13:57:33.0913 1176 sppsvc - ok 13:57:34.0038 1176 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 13:57:34.0053 1176 srv - ok 13:57:34.0084 1176 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 13:57:34.0084 1176 srv2 - ok 13:57:34.0100 1176 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 13:57:34.0116 1176 srvnet - ok 13:57:34.0147 1176 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 13:57:34.0162 1176 SSDPSRV - ok 13:57:34.0178 1176 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 13:57:34.0178 1176 SstpSvc - ok 13:57:34.0209 1176 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 13:57:34.0209 1176 stexstor - ok 13:57:34.0240 1176 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys 13:57:34.0240 1176 StillCam - ok 13:57:34.0303 1176 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 13:57:34.0318 1176 stisvc - ok 13:57:34.0350 1176 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 13:57:34.0350 1176 swenum - ok 13:57:34.0396 1176 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 13:57:34.0412 1176 swprv - ok 13:57:34.0459 1176 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 13:57:34.0459 1176 TabletInputService - ok 13:57:34.0506 1176 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 13:57:34.0506 1176 TapiSrv - ok 13:57:34.0521 1176 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 13:57:34.0537 1176 TBS - ok 13:57:34.0630 1176 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 13:57:34.0662 1176 Tcpip - ok 13:57:34.0818 1176 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 13:57:34.0818 1176 TCPIP6 - ok 13:57:34.0896 1176 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 13:57:34.0911 1176 tcpipreg - ok 13:57:34.0942 1176 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 13:57:34.0942 1176 TDPIPE - ok 13:57:34.0974 1176 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 13:57:34.0974 1176 TDTCP - ok 13:57:35.0020 1176 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 13:57:35.0020 1176 tdx - ok 13:57:35.0067 1176 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 13:57:35.0067 1176 TermDD - ok 13:57:35.0114 1176 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 13:57:35.0114 1176 TermService - ok 13:57:35.0145 1176 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 13:57:35.0161 1176 Themes - ok 13:57:35.0176 1176 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 13:57:35.0176 1176 THREADORDER - ok 13:57:35.0192 1176 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 13:57:35.0192 1176 TrkWks - ok 13:57:35.0239 1176 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 13:57:35.0239 1176 TrustedInstaller - ok 13:57:35.0286 1176 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 13:57:35.0286 1176 tssecsrv - ok 13:57:35.0332 1176 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 13:57:35.0332 1176 TsUsbFlt - ok 13:57:35.0379 1176 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 13:57:35.0379 1176 tunnel - ok 13:57:35.0395 1176 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 13:57:35.0395 1176 uagp35 - ok 13:57:35.0442 1176 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 13:57:35.0442 1176 udfs - ok 13:57:35.0473 1176 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 13:57:35.0473 1176 UI0Detect - ok 13:57:35.0520 1176 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 13:57:35.0520 1176 uliagpkx - ok 13:57:35.0566 1176 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 13:57:35.0566 1176 umbus - ok 13:57:35.0598 1176 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 13:57:35.0598 1176 UmPass - ok 13:57:35.0676 1176 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe 13:57:35.0676 1176 Updater Service - ok 13:57:35.0691 1176 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 13:57:35.0691 1176 usbccgp - ok 13:57:35.0738 1176 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 13:57:35.0738 1176 usbcir - ok 13:57:35.0754 1176 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 13:57:35.0754 1176 usbehci - ok 13:57:35.0785 1176 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 13:57:35.0800 1176 usbhub - ok 13:57:35.0816 1176 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 13:57:35.0816 1176 usbohci - ok 13:57:35.0847 1176 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 13:57:35.0847 1176 usbprint - ok 13:57:35.0863 1176 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 13:57:35.0863 1176 USBSTOR - ok 13:57:35.0894 1176 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 13:57:35.0894 1176 usbuhci - ok 13:57:35.0925 1176 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 13:57:35.0925 1176 UxSms - ok 13:57:35.0956 1176 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 13:57:35.0956 1176 VaultSvc - ok 13:57:36.0003 1176 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 13:57:36.0003 1176 vdrvroot - ok 13:57:36.0050 1176 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 13:57:36.0066 1176 vds - ok 13:57:36.0097 1176 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 13:57:36.0097 1176 vga - ok 13:57:36.0112 1176 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 13:57:36.0112 1176 VgaSave - ok 13:57:36.0159 1176 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 13:57:36.0159 1176 vhdmp - ok 13:57:36.0175 1176 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 13:57:36.0175 1176 viaide - ok 13:57:36.0206 1176 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 13:57:36.0206 1176 volmgr - ok 13:57:36.0253 1176 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 13:57:36.0253 1176 volmgrx - ok 13:57:36.0268 1176 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 13:57:36.0284 1176 volsnap - ok 13:57:36.0315 1176 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 13:57:36.0315 1176 vsmraid - ok 13:57:36.0409 1176 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 13:57:36.0440 1176 VSS - ok 13:57:36.0534 1176 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 13:57:36.0534 1176 vwifibus - ok 13:57:36.0565 1176 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 13:57:36.0580 1176 W32Time - ok 13:57:36.0596 1176 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 13:57:36.0612 1176 WacomPen - ok 13:57:36.0643 1176 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 13:57:36.0658 1176 WANARP - ok 13:57:36.0658 1176 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 13:57:36.0674 1176 Wanarpv6 - ok 13:57:36.0768 1176 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 13:57:36.0783 1176 WatAdminSvc - ok 13:57:36.0861 1176 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 13:57:36.0892 1176 wbengine - ok 13:57:36.0970 1176 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 13:57:36.0970 1176 WbioSrvc - ok 13:57:36.0986 1176 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 13:57:36.0986 1176 Wd - ok 13:57:37.0033 1176 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 13:57:37.0048 1176 Wdf01000 - ok 13:57:37.0064 1176 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 13:57:37.0064 1176 WdiServiceHost - ok 13:57:37.0080 1176 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 13:57:37.0080 1176 WdiSystemHost - ok 13:57:37.0111 1176 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 13:57:37.0111 1176 Wecsvc - ok 13:57:37.0142 1176 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 13:57:37.0142 1176 wercplsupport - ok 13:57:37.0173 1176 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 13:57:37.0189 1176 WerSvc - ok 13:57:37.0204 1176 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 13:57:37.0204 1176 WfpLwf - ok 13:57:37.0220 1176 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 13:57:37.0220 1176 WIMMount - ok 13:57:37.0267 1176 WinDefend - ok 13:57:37.0298 1176 WinHttpAutoProxySvc - ok 13:57:37.0360 1176 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 13:57:37.0360 1176 Winmgmt - ok 13:57:37.0470 1176 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 13:57:37.0485 1176 WinRM - ok 13:57:37.0641 1176 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 13:57:37.0641 1176 WinUsb - ok 13:57:37.0704 1176 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 13:57:37.0735 1176 Wlansvc - ok 13:57:37.0766 1176 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 13:57:37.0766 1176 WmiAcpi - ok 13:57:37.0797 1176 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 13:57:37.0813 1176 wmiApSrv - ok 13:57:37.0860 1176 WMPNetworkSvc - ok 13:57:37.0860 1176 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 13:57:37.0860 1176 WPCSvc - ok 13:57:37.0891 1176 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 13:57:37.0906 1176 ws2ifsl - ok 13:57:37.0922 1176 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 13:57:37.0922 1176 wscsvc - ok 13:57:37.0953 1176 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys 13:57:37.0969 1176 WSDPrintDevice - ok 13:57:37.0969 1176 WSearch - ok 13:57:38.0109 1176 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 13:57:38.0156 1176 wuauserv - ok 13:57:38.0265 1176 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 13:57:38.0265 1176 WudfPf - ok 13:57:38.0296 1176 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 13:57:38.0296 1176 WUDFRd - ok 13:57:38.0343 1176 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 13:57:38.0343 1176 wudfsvc - ok 13:57:38.0359 1176 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 13:57:38.0530 1176 \Device\Harddisk0\DR0 - ok 13:57:38.0546 1176 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk6\DR6 13:57:41.0089 1176 \Device\Harddisk6\DR6 - ok 13:57:41.0089 1176 Boot (0x1200) (d036e113575dfa8ffbb5433056c42f05) \Device\Harddisk0\DR0\Partition0 13:57:41.0089 1176 \Device\Harddisk0\DR0\Partition0 - ok 13:57:41.0104 1176 Boot (0x1200) (746b181eee7ccddee670eeeea38426fd) \Device\Harddisk0\DR0\Partition1 13:57:41.0104 1176 \Device\Harddisk0\DR0\Partition1 - ok 13:57:41.0104 1176 Boot (0x1200) (cb56ba5c445e01e2b446d66c088a6de9) \Device\Harddisk6\DR6\Partition0 13:57:41.0104 1176 \Device\Harddisk6\DR6\Partition0 - ok 13:57:41.0120 1176 ============================================================ 13:57:41.0120 1176 Scan finished 13:57:41.0120 1176 ============================================================ 13:57:41.0120 0304 Detected object count: 0 13:57:41.0120 0304 Actual detected object count: 0 13:57:55.0581 0972 Deinitialize success
  5. Combofix ComboFix 12-08-07.05 - Receptionist 08/08/2012 10:15:46.4.1 - x64 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.3311 [GMT -5:00] Running from: J:\ComboFix.exe AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 ))))))))))))))))))))))))))))))) . . 2012-08-08 15:20 . 2012-08-08 15:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-07 16:38 . 2012-08-07 16:38 -------- d-----w- c:\windows\SysWow64\wbem\Performance 2012-08-07 16:37 . 2008-05-08 05:03 303616 ----a-w- C:\SetACL.exe 2012-08-07 16:16 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe 2012-08-07 16:14 . 2012-08-07 16:14 -------- d-----w- C:\RegBackup 2012-08-07 15:51 . 2012-08-07 16:40 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs 2012-08-07 15:51 . 2012-08-07 15:51 -------- d-----w- c:\program files (x86)\Tweaking.com 2012-08-07 15:10 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-08-07 15:10 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-08-07 15:10 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-08-07 15:10 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-08-07 15:09 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-08-07 15:09 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-08-07 13:47 . 2012-08-07 13:47 -------- d-----w- C:\_OTL 2012-08-02 16:53 . 2012-08-02 16:53 -------- d-----w- c:\users\Receptionist\AppData\Roaming\WildTangent . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-03 18:46 . 2011-12-05 20:34 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-03 08:19 . 2010-09-09 18:30 59701280 ----a-w- c:\windows\system32\MRT.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-08-02_04.41.36 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-04 04:11 . 2012-08-07 16:46 41466 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-08-07 16:46 42814 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-09-09 17:57 . 2012-08-07 16:46 11304 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-949684801-2628650921-427860460-1000_UserData.bin - 2010-09-09 16:51 . 2012-07-24 18:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-09 16:51 . 2012-08-07 17:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-09 16:51 . 2012-07-24 18:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2012-08-07 16:48 . 2012-08-07 17:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-24 18:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-08-07 17:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2012-08-07 16:49 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2012-05-11 08:12 . 2012-05-11 08:12 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll + 2012-08-07 15:38 . 2012-08-07 15:38 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll + 2012-08-07 15:38 . 2012-08-07 15:38 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll - 2012-05-11 08:12 . 2012-05-11 08:12 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll + 2012-08-07 15:38 . 2012-08-07 15:38 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll - 2012-05-11 08:12 . 2012-05-11 08:12 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll + 2012-08-07 15:38 . 2012-08-07 15:38 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll - 2012-05-11 08:12 . 2012-05-11 08:12 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll - 2012-05-11 08:12 . 2012-05-11 08:12 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll + 2012-08-07 15:38 . 2012-08-07 15:38 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll - 2012-05-11 08:12 . 2012-05-11 08:12 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll + 2012-08-07 15:38 . 2012-08-07 15:38 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll + 2012-08-07 15:38 . 2012-08-07 15:38 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll - 2012-05-11 08:12 . 2012-05-11 08:12 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll - 2012-05-11 08:12 . 2012-05-11 08:12 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll + 2012-08-07 15:38 . 2012-08-07 15:38 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll + 2012-08-07 15:38 . 2012-08-07 15:38 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll - 2012-05-11 08:12 . 2012-05-11 08:12 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll - 2012-05-11 08:12 . 2012-05-11 08:12 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll + 2012-08-07 15:38 . 2012-08-07 15:38 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll - 2012-05-11 08:12 . 2012-05-11 08:12 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll + 2012-08-07 15:38 . 2012-08-07 15:38 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll - 2012-05-11 08:12 . 2012-05-11 08:12 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2012-08-07 15:38 . 2012-08-07 15:38 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll - 2012-05-11 08:12 . 2012-05-11 08:12 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll + 2012-08-07 15:38 . 2012-08-07 15:38 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll + 2012-08-07 15:38 . 2012-08-07 15:38 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll - 2012-05-11 08:12 . 2012-05-11 08:12 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll + 2012-08-07 15:38 . 2012-08-07 15:38 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll - 2012-05-11 08:12 . 2012-05-11 08:12 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll - 2012-05-11 08:12 . 2012-05-11 08:12 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll + 2012-08-07 15:38 . 2012-08-07 15:38 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll + 2012-08-07 15:38 . 2012-08-07 15:38 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2012-05-11 08:12 . 2012-05-11 08:12 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2012-05-11 08:12 . 2012-05-11 08:12 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll + 2012-08-07 15:38 . 2012-08-07 15:38 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll + 2012-08-07 15:38 . 2012-08-07 15:38 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll - 2012-05-11 08:12 . 2012-05-11 08:12 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll - 2012-05-11 08:12 . 2012-05-11 08:12 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2012-08-07 15:38 . 2012-08-07 15:38 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2012-08-07 15:38 . 2012-08-07 15:38 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2012-05-11 08:12 . 2012-05-11 08:12 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2012-05-11 08:11 . 2012-05-11 08:11 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2012-08-07 15:38 . 2012-08-07 15:38 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2012-08-07 15:38 . 2012-08-07 15:38 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2012-05-11 08:11 . 2012-05-11 08:11 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2012-08-07 15:08 . 2012-08-07 15:08 25600 c:\windows\Installer\a28ac.msi - 2010-05-04 04:23 . 2012-05-11 08:15 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe + 2010-05-04 04:23 . 2012-08-07 15:36 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe + 2010-05-04 04:23 . 2012-08-07 15:36 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe - 2010-05-04 04:23 . 2012-05-11 08:15 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe - 2010-05-04 04:23 . 2012-05-11 08:15 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe + 2010-05-04 04:23 . 2012-08-07 15:36 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe + 2012-08-07 17:00 . 2012-08-07 17:00 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\7d8e25020591e95326aa6203a4822838\System.Web.DynamicData.Design.ni.dll + 2012-08-07 16:54 . 2012-08-07 16:54 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\278b2cc231c33f587e5b4b20939ebd00\WindowsLiveWriter.ni.exe + 2012-08-07 16:54 . 2012-08-07 16:54 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8bfdc50805fabbf41f706229e939bd1d\WindowsLive.Writer.Api.ni.dll + 2012-08-07 16:56 . 2012-08-07 16:56 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\9c64ecb6b01e37720f4c0bbce38b2aa9\System.Web.DynamicData.Design.ni.dll - 2012-08-02 04:41 . 2012-08-02 04:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-08-08 15:22 . 2012-08-08 15:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-08-08 15:22 . 2012-08-08 15:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-08-02 04:41 . 2012-08-02 04:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-08-07 15:18 . 2012-06-06 05:03 805376 c:\windows\SysWOW64\cdosys.dll - 2011-07-01 15:00 . 2010-11-20 12:18 805376 c:\windows\SysWOW64\cdosys.dll + 2009-07-14 02:36 . 2012-08-08 15:14 624614 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-08-01 18:54 624614 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-08-01 18:54 106732 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-08-08 15:14 106732 c:\windows\system32\perfc009.dat - 2009-07-14 04:45 . 2012-05-11 08:34 343576 c:\windows\system32\FNTCACHE.DAT + 2009-07-14 04:45 . 2012-08-07 16:42 343576 c:\windows\system32\FNTCACHE.DAT + 2012-08-07 15:09 . 2012-08-07 15:09 219368 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\reliability\Sqm\Manifest\Sqm27.bin + 2012-04-21 16:03 . 2012-04-21 16:03 616024 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll + 2012-08-07 15:19 . 2012-04-23 22:33 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll - 2012-04-11 12:54 . 2012-01-26 23:31 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll + 2012-04-21 16:03 . 2012-04-21 16:03 616024 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll - 2012-04-11 12:54 . 2012-01-26 23:33 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll + 2012-08-07 15:19 . 2012-04-23 22:35 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll + 2012-08-07 15:38 . 2012-08-07 15:38 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll - 2012-05-11 08:12 . 2012-05-11 08:12 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll - 2012-05-11 08:12 . 2012-05-11 08:12 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll + 2012-08-07 15:38 . 2012-08-07 15:38 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll - 2012-05-11 08:12 . 2012-05-11 08:12 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll + 2012-08-07 15:38 . 2012-08-07 15:38 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll - 2012-05-11 08:12 . 2012-05-11 08:12 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll + 2012-08-07 15:38 . 2012-08-07 15:38 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll - 2012-05-11 08:12 . 2012-05-11 08:12 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2012-08-07 15:38 . 2012-08-07 15:38 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2012-08-07 15:38 . 2012-08-07 15:38 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll - 2012-05-11 08:12 . 2012-05-11 08:12 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll + 2012-08-07 15:38 . 2012-08-07 15:38 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - 2012-05-11 08:12 . 2012-05-11 08:12 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2012-08-07 15:38 . 2012-08-07 15:38 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll - 2012-05-11 08:12 . 2012-05-11 08:12 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll - 2012-05-11 08:12 . 2012-05-11 08:12 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll + 2012-08-07 15:38 . 2012-08-07 15:38 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll - 2012-05-11 08:12 . 2012-05-11 08:12 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll + 2012-08-07 15:38 . 2012-08-07 15:38 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll - 2012-05-11 08:12 . 2012-05-11 08:12 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll + 2012-08-07 15:38 . 2012-08-07 15:38 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll + 2012-08-07 15:38 . 2012-08-07 15:38 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll - 2012-05-11 08:12 . 2012-05-11 08:12 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll - 2012-05-11 08:12 . 2012-05-11 08:12 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll + 2012-08-07 15:38 . 2012-08-07 15:38 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2012-05-11 08:12 . 2012-05-11 08:12 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll + 2012-08-07 15:38 . 2012-08-07 15:38 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll + 2012-08-07 15:38 . 2012-08-07 15:38 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll - 2012-05-11 08:12 . 2012-05-11 08:12 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll - 2012-05-11 08:12 . 2012-05-11 08:12 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll + 2012-08-07 15:38 . 2012-08-07 15:38 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll + 2012-08-07 15:38 . 2012-08-07 15:38 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll - 2012-05-11 08:12 . 2012-05-11 08:12 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2012-08-07 15:38 . 2012-08-07 15:38 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll - 2012-05-11 08:12 . 2012-05-11 08:12 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll - 2012-05-11 08:12 . 2012-05-11 08:12 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll + 2012-08-07 15:38 . 2012-08-07 15:38 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll + 2012-08-07 15:38 . 2012-08-07 15:38 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll - 2012-05-11 08:12 . 2012-05-11 08:12 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll + 2012-08-07 15:38 . 2012-08-07 15:38 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll - 2012-05-11 08:12 . 2012-05-11 08:12 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll + 2012-08-07 15:38 . 2012-08-07 15:38 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll - 2012-05-11 08:12 . 2012-05-11 08:12 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll + 2012-08-07 15:38 . 2012-08-07 15:38 616024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll + 2012-08-07 15:38 . 2012-08-07 15:38 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2012-05-11 08:12 . 2012-05-11 08:12 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll + 2012-08-07 15:38 . 2012-08-07 15:38 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll - 2012-05-11 08:12 . 2012-05-11 08:12 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2012-08-07 15:38 . 2012-08-07 15:38 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll - 2012-05-11 08:12 . 2012-05-11 08:12 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll + 2012-08-07 15:38 . 2012-08-07 15:38 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll - 2012-05-11 08:12 . 2012-05-11 08:12 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2012-08-07 15:38 . 2012-08-07 15:38 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll - 2012-05-11 08:12 . 2012-05-11 08:12 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll - 2012-05-11 08:12 . 2012-05-11 08:12 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll + 2012-08-07 15:38 . 2012-08-07 15:38 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll + 2012-08-07 15:38 . 2012-08-07 15:38 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll - 2012-05-11 08:12 . 2012-05-11 08:12 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll - 2012-05-11 08:12 . 2012-05-11 08:12 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll + 2012-08-07 15:38 . 2012-08-07 15:38 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll + 2012-08-07 15:38 . 2012-08-07 15:38 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll - 2012-05-11 08:12 . 2012-05-11 08:12 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll + 2012-08-07 15:38 . 2012-08-07 15:38 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll - 2012-05-11 08:12 . 2012-05-11 08:12 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll + 2012-08-07 15:38 . 2012-08-07 15:38 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll - 2012-05-11 08:12 . 2012-05-11 08:12 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll + 2012-08-07 15:38 . 2012-08-07 15:38 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll - 2012-05-11 08:12 . 2012-05-11 08:12 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll + 2012-08-07 15:38 . 2012-08-07 15:38 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll - 2012-05-11 08:12 . 2012-05-11 08:12 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll + 2012-08-07 15:38 . 2012-08-07 15:38 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll - 2012-05-11 08:12 . 2012-05-11 08:12 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll - 2012-05-11 08:12 . 2012-05-11 08:12 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll + 2012-08-07 15:38 . 2012-08-07 15:38 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll + 2012-08-07 15:38 . 2012-08-07 15:38 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll - 2012-05-11 08:12 . 2012-05-11 08:12 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll + 2012-08-07 15:38 . 2012-08-07 15:38 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll - 2012-05-11 08:12 . 2012-05-11 08:12 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll + 2012-08-07 15:38 . 2012-08-07 15:38 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll - 2012-05-11 08:12 . 2012-05-11 08:12 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll - 2012-05-11 08:12 . 2012-05-11 08:12 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll + 2012-08-07 15:38 . 2012-08-07 15:38 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll + 2012-08-07 15:38 . 2012-08-07 15:38 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - 2012-05-11 08:12 . 2012-05-11 08:12 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2012-08-07 15:38 . 2012-08-07 15:38 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2012-05-11 08:12 . 2012-05-11 08:12 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll + 2012-08-07 15:38 . 2012-08-07 15:38 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll - 2012-05-11 08:12 . 2012-05-11 08:12 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll - 2012-05-11 08:12 . 2012-05-11 08:12 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2012-08-07 15:38 . 2012-08-07 15:38 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2012-08-07 15:38 . 2012-08-07 15:38 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll - 2012-05-11 08:12 . 2012-05-11 08:12 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll + 2012-08-07 15:38 . 2012-08-07 15:38 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll - 2012-05-11 08:12 . 2012-05-11 08:12 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll - 2012-05-11 08:12 . 2012-05-11 08:12 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll + 2012-08-07 15:38 . 2012-08-07 15:38 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll + 2012-08-07 15:38 . 2012-08-07 15:38 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - 2012-05-11 08:12 . 2012-05-11 08:12 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll + 2012-08-07 15:38 . 2012-08-07 15:38 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2012-05-11 08:12 . 2012-05-11 08:12 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2012-05-11 08:12 . 2012-05-11 08:12 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll + 2012-08-07 15:38 . 2012-08-07 15:38 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll + 2012-08-07 15:38 . 2012-08-07 15:38 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll - 2012-05-11 08:11 . 2012-05-11 08:11 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll - 2012-05-11 08:11 . 2012-05-11 08:11 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll + 2012-08-07 15:38 . 2012-08-07 15:38 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll + 2012-08-07 15:38 . 2012-08-07 15:38 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - 2012-05-11 08:11 . 2012-05-11 08:11 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll + 2012-08-07 15:38 . 2012-08-07 15:38 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2012-05-11 08:11 . 2012-05-11 08:11 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2012-05-11 08:11 . 2012-05-11 08:11 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll + 2012-08-07 15:38 . 2012-08-07 15:38 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll + 2010-05-04 04:23 . 2012-08-07 15:36 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe - 2010-05-04 04:23 . 2012-05-11 08:15 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe + 2010-05-04 04:23 . 2012-08-07 15:36 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe - 2010-05-04 04:23 . 2012-05-11 08:15 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe + 2010-05-04 04:23 . 2012-08-07 15:36 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe - 2010-05-04 04:23 . 2012-05-11 08:15 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe + 2010-05-04 04:23 . 2012-08-07 15:36 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe - 2010-05-04 04:23 . 2012-05-11 08:15 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe + 2012-08-07 17:04 . 2012-08-07 17:04 337408 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\08becdcc9bd647c4e4d07ceea7fe4895\WindowsFormsIntegration.ni.dll + 2012-08-07 17:03 . 2012-08-07 17:03 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\ca5505a49a075ee7ad2535f89d9ea992\System.ServiceProcess.ni.dll + 2012-08-07 17:03 . 2012-08-07 17:03 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\0d8257087be3e57b071d1d5ccd705c2f\System.Messaging.ni.dll + 2012-08-07 17:03 . 2012-08-07 17:03 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\52792a7ce63196551c29f5201562c1ae\System.Configuration.Install.ni.dll + 2012-08-07 17:00 . 2012-08-07 17:00 422912 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\097137b03ff37196b4b8ba62db34d64a\Microsoft.VisualBasic.Compatibility.Data.ni.dll + 2012-08-07 16:57 . 2012-08-07 16:57 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\44752ffa92ebb7170951a41898d8b9c6\WindowsFormsIntegration.ni.dll + 2012-08-07 16:57 . 2012-08-07 16:57 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\5552b27237c3dbe4f21a10e97adf2edc\System.ServiceProcess.ni.dll + 2012-08-07 16:57 . 2012-08-07 16:57 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\a730931e386537e3c229e049c9a6d271\System.Messaging.ni.dll + 2012-08-07 16:57 . 2012-08-07 16:57 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\c7d60a49e43964b1ae17e9a080376c6d\System.Configuration.Install.ni.dll + 2012-08-07 16:56 . 2012-08-07 16:56 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\8cc4dd9babffe370cf375925fba15f84\Microsoft.VisualBasic.Compatibility.Data.ni.dll + 2012-08-07 17:00 . 2012-08-07 17:00 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\127710a11855aaf4817f9ab34a25d99e\WindowsFormsIntegration.ni.dll + 2012-08-07 17:00 . 2012-08-07 17:00 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\b945c708d9d3d8468fc2631960729f66\TaskScheduler.ni.dll + 2012-08-07 17:00 . 2012-08-07 17:00 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\f23ea30ef7d30fd22839a24bc635dcc1\System.Web.Routing.ni.dll + 2012-08-07 17:00 . 2012-08-07 17:00 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\b905eb57b631a30c60caa4d68c186963\System.Web.Entity.ni.dll + 2012-08-07 17:00 . 2012-08-07 17:00 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\8204bbe8263075e41000513a405ab784\System.Web.Entity.Design.ni.dll + 2012-08-07 17:00 . 2012-08-07 17:00 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\4183c7b14c5b1db05505e20d44cb859a\System.Web.DynamicData.ni.dll + 2012-08-07 17:00 . 2012-08-07 17:00 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\ec4ed0bbb05d4e714ca5c14278af1977\System.Web.Abstractions.ni.dll + 2012-08-07 15:35 . 2012-08-07 15:35 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\1962f8344f19c367f4e0be9f8f5a7972\System.ServiceProcess.ni.dll + 2012-08-07 15:40 . 2012-08-07 15:40 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\21286d6c1657bae9cd56f2f9bf2c3732\System.Messaging.ni.dll + 2012-08-07 15:35 . 2012-08-07 15:35 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\a76b760d8b987ce161519e1b8bf18fdd\System.Drawing.Design.ni.dll + 2012-08-07 16:59 . 2012-08-07 16:59 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\f0d44ee55e2b59a4790766bd501d60f1\napsnap.ni.dll + 2012-08-07 16:59 . 2012-08-07 16:59 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\7820503ca6ed2512fc3e3ce3cc690b01\napinit.ni.dll + 2012-08-07 16:58 . 2012-08-07 16:58 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\4b5dccc05af5dfbf4986c6a2d1b2b25f\MMCFxCommon.ni.dll + 2012-08-07 16:58 . 2012-08-07 16:58 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\e29cbd30a31d3c8dae19eb17f70c4ec4\Microsoft.MediaCenter.iTv.ni.dll + 2012-08-07 16:58 . 2012-08-07 16:58 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\409dae089f2e041343cff71f822cd505\Microsoft.MediaCenter.ITVVM.ni.dll + 2012-08-07 16:58 . 2012-08-07 16:58 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\c887a7a1b55269a9d11de4b6591b9bd6\Microsoft.ManagementConsole.ni.dll + 2012-08-07 16:58 . 2012-08-07 16:58 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\4ae6ccc32dafb4e3765b9db05585bd48\mcplayerinterop.ni.dll + 2012-08-07 16:58 . 2012-08-07 16:58 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\b0db345fd62a84c98fd8b0bf3c72e8bb\mcGlidHostObj.ni.dll + 2012-08-07 16:58 . 2012-08-07 16:58 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\7a70dae70a2459270fe34d654fd0a178\EventViewer.ni.dll + 2012-08-07 15:40 . 2012-08-07 15:40 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\08c9aa18b306aa47ddc0ae4a63b05d04\ehExtHost.ni.exe + 2012-08-07 16:55 . 2012-08-07 16:55 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\95836ab912bfc5d3c747555a7560a646\WindowsLiveLocal.WriterPlugin.ni.dll + 2012-08-07 16:54 . 2012-08-07 16:54 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f928d0ca788be830178453d279dd5ed0\WindowsLive.Writer.BlogClient.ni.dll + 2012-08-07 16:54 . 2012-08-07 16:54 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ec1322da7309cd9028c96ce6126bbbee\WindowsLive.Writer.Controls.ni.dll + 2012-08-07 16:55 . 2012-08-07 16:55 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ebf3a9ef8dd1000279e2144ed62d894a\WindowsLive.Writer.SpellChecker.ni.dll + 2012-08-07 16:54 . 2012-08-07 16:54 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e215a72afd565232e0c8abfb1755a6cf\WindowsLive.Writer.BrowserControl.ni.dll + 2012-08-07 16:54 . 2012-08-07 16:54 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d8ef9a917c6ae2af0629ec779879bd8e\WindowsLive.Writer.Passport.ni.dll + 2012-08-07 16:54 . 2012-08-07 16:54 258560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ca7d88bb0ba7c4535653c9a49be437fb\WindowsLive.Writer.Mshtml.ni.dll + 2012-08-07 16:55 . 2012-08-07 16:55 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ae7de5bce52289111e50875cd37527f2\WindowsLive.Writer.HtmlEditor.ni.dll + 2012-08-07 16:54 . 2012-08-07 16:54 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\91eaa4412030c5f993ae12cee84c8be9\WindowsLive.Writer.Interop.ni.dll + 2012-08-07 16:54 . 2012-08-07 16:54 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\24208f8fac7694960209ea4c66d44851\WindowsLive.Writer.Localization.ni.dll + 2012-08-07 16:55 . 2012-08-07 16:55 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\23620e2a124c1f1e35d051d4eaa5bd44\WindowsLive.Writer.FileDestinations.ni.dll + 2012-08-07 16:54 . 2012-08-07 16:54 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0f8ad334aea37a91359114b604645350\WindowsLive.Writer.Extensibility.ni.dll + 2012-08-07 16:55 . 2012-08-07 16:55 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\b77830cad2b699baaba685b94a868b2c\WindowsLive.Client.ni.dll + 2012-08-07 16:56 . 2012-08-07 16:56 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\50933f0a7ece72e717ba7d17559df5ef\WindowsFormsIntegration.ni.dll + 2012-08-07 16:56 . 2012-08-07 16:56 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\ac7909b6838589158fe3f6a8190018eb\TaskScheduler.ni.dll + 2012-08-07 16:56 . 2012-08-07 16:56 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\c7f44adc1a0b2eb2b0636ee4a202419a\System.Web.Routing.ni.dll + 2012-08-07 16:56 . 2012-08-07 16:56 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\1d9398c255b8fdb9b9347e463d99a7e3\System.Web.Extensions.Design.ni.dll + 2012-08-07 16:56 . 2012-08-07 16:56 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\bc239944bca7cc6b6ddb473259183c7d\System.Web.Entity.ni.dll + 2012-08-07 16:56 . 2012-08-07 16:56 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ba3dd9383f752d46e80a33b769dda73d\System.Web.Entity.Design.ni.dll + 2012-08-07 16:56 . 2012-08-07 16:56 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b026d4636999893a3c741f1f7e7ccdaf\System.Web.DynamicData.ni.dll + 2012-08-07 16:56 . 2012-08-07 16:56 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\24547c0fc525c5e061bb1ae66b965469\System.Web.Abstractions.ni.dll + 2012-08-07 15:29 . 2012-08-07 15:29 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\441f16bb7547cc6f2435d43e68002a47\System.ServiceProcess.ni.dll + 2012-08-07 16:55 . 2012-08-07 16:55 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\f9a982c40c3d777c1091e3801874acc9\System.Messaging.ni.dll + 2012-08-07 15:29 . 2012-08-07 15:29 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\33582b127d761babf8c8cdfe4e43749a\System.Drawing.Design.ni.dll + 2012-08-07 16:55 . 2012-08-07 16:55 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\717221d971aeead5d8956225c365ddff\napsnap.ni.dll + 2012-08-07 16:55 . 2012-08-07 16:55 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\c22cc9e6e124357491b5a38258973a01\napinit.ni.dll + 2012-08-07 16:55 . 2012-08-07 16:55 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\8e2a9204e6166b8b27687560a17f62d9\MMCFxCommon.ni.dll + 2012-08-07 16:55 . 2012-08-07 16:55 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\e901c3772777a59b870c0ff1a377f328\Microsoft.ManagementConsole.ni.dll + 2012-08-07 16:55 . 2012-08-07 16:55 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\064f94f282dacefe99ee6184ab2f4a1d\EventViewer.ni.dll + 2012-08-07 16:55 . 2012-08-07 16:55 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\a6b8eb80cfbdd927b2fa4ecb69fc0209\ehExtHost32.ni.exe + 2012-08-07 15:19 . 2012-04-23 22:35 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - 2012-04-11 12:54 . 2012-01-26 23:33 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll + 2012-08-07 15:18 . 2012-06-06 06:02 1133568 c:\windows\system32\cdosys.dll - 2011-07-01 15:00 . 2010-11-20 13:25 1133568 c:\windows\system32\cdosys.dll - 2009-07-14 04:45 . 2012-05-11 08:39 7113258 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2009-07-14 04:45 . 2012-08-07 15:58 7113258 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2012-03-15 18:17 . 2012-03-15 18:17 5029672 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll + 2012-03-15 18:17 . 2012-03-15 18:17 5029672 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll - 2012-05-11 08:12 . 2012-05-11 08:12 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll + 2012-08-07 15:38 . 2012-08-07 15:38 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll - 2012-05-11 08:12 . 2012-05-11 08:12 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll + 2012-08-07 15:38 . 2012-08-07 15:38 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll + 2012-08-07 15:38 . 2012-08-07 15:38 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll - 2012-05-11 08:12 . 2012-05-11 08:12 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll + 2012-08-07 15:38 . 2012-08-07 15:38 5029672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll + 2012-08-07 15:38 . 2012-08-07 15:38 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll - 2012-05-11 08:12 . 2012-05-11 08:12 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll - 2012-05-11 08:12 . 2012-05-11 08:12 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll + 2012-08-07 15:38 . 2012-08-07 15:38 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll + 2012-08-07 15:38 . 2012-08-07 15:38 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll - 2012-05-11 08:12 . 2012-05-11 08:12 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll + 2012-08-07 15:38 . 2012-08-07 15:38 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll - 2012-05-11 08:12 . 2012-05-11 08:12 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll - 2012-05-11 08:12 . 2012-05-11 08:12 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll + 2012-08-07 15:38 . 2012-08-07 15:38 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll - 2012-05-11 08:12 . 2012-05-11 08:12 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll + 2012-08-07 15:38 . 2012-08-07 15:38 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll + 2012-08-07 15:38 . 2012-08-07 15:38 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll - 2012-05-11 08:12 . 2012-05-11 08:12 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll - 2012-05-11 08:12 . 2012-05-11 08:12 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll + 2012-08-07 15:38 . 2012-08-07 15:38 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll + 2012-08-07 15:38 . 2012-08-07 15:38 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll - 2012-05-11 08:12 . 2012-05-11 08:12 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll + 2012-08-07 15:38 . 2012-08-07 15:38 3825952 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll - 2012-05-11 08:12 . 2012-05-11 08:12 3825952 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll - 2012-05-11 08:12 . 2012-05-11 08:12 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll + 2012-08-07 15:38 . 2012-08-07 15:38 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll + 2012-08-07 15:38 . 2012-08-07 15:38 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll - 2012-05-11 08:12 . 2012-05-11 08:12 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll - 2012-05-11 08:11 . 2012-05-11 08:11 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll + 2012-08-07 15:38 . 2012-08-07 15:38 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll + 2012-08-07 15:38 . 2012-08-07 15:38 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll - 2012-05-11 08:11 . 2012-05-11 08:11 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll - 2012-05-11 08:11 . 2012-05-11 08:11 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll + 2012-08-07 15:38 . 2012-08-07 15:38 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll - 2012-05-11 08:11 . 2012-05-11 08:11 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll + 2012-08-07 15:38 . 2012-08-07 15:38 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll + 2012-04-23 03:46 . 2012-04-23 03:46 1187328 c:\windows\Installer\13b5be.msp + 2012-06-19 17:54 . 2012-06-19 17:54 2239488 c:\windows\Installer\13b5b4.msp + 2012-03-15 19:26 . 2012-03-15 19:26 4212736 c:\windows\Installer\13b5a3.msp + 2012-04-05 03:37 . 2012-04-05 03:37 2540544 c:\windows\Installer\13b599.msp - 2010-05-04 04:23 . 2012-05-11 08:15 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe + 2010-05-04 04:23 . 2012-08-07 15:36 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe + 2011-07-27 10:09 . 2011-07-27 10:09 5310848 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\IPEDITOR.DLL + 2012-08-07 17:01 . 2012-08-07 17:01 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\e286701acf74012d3aa4a21953f03b6b\WindowsBase.ni.dll + 2012-08-07 17:03 . 2012-08-07 17:03 5645824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\950f64ba9fb22ca06c5b2b9cf6f5f4b4\System.Windows.Forms.DataVisualization.ni.dll + 2012-08-07 17:03 . 2012-08-07 17:03 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\d2de16284459454472a6875185c64d08\System.Printing.ni.dll + 2012-08-07 17:02 . 2012-08-07 17:02 2305024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\1225ef41527a975de83f22328d0a3b93\System.Drawing.ni.dll + 2012-08-07 17:02 . 2012-08-07 17:02 2403328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\ad9ff5d55f7ea22e80c39e0ff0240984\System.Deployment.ni.dll + 2012-08-07 17:03 . 2012-08-07 17:03 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\707f90689caf41ad429bf3ad373503cb\System.Activities.Presentation.ni.dll + 2012-08-07 17:03 . 2012-08-07 17:03 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\16c9569b75a9f47c38b60ba733936e1a\ReachFramework.ni.dll + 2012-08-07 17:02 . 2012-08-07 17:02 2056704 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\9c3d6b3ddef66cac069b6ab1fec514f8\PresentationUI.ni.dll + 2012-08-07 17:00 . 2012-08-07 17:00 1843712 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\e4d308f69077903e24de92fe4fc06d29\Microsoft.VisualBasic.Compatibility.ni.dll + 2012-08-07 17:00 . 2012-08-07 17:00 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\70e2694fe050bd480b9f61f935ca2da5\Microsoft.VisualBasic.ni.dll + 2012-08-07 15:39 . 2012-08-07 15:39 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll + 2012-08-07 16:57 . 2012-08-07 16:57 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\7f0476e4df01ca2219f7db531408e91c\System.Windows.Forms.DataVisualization.ni.dll + 2012-08-07 16:56 . 2012-08-07 16:56 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\f87f8bc0bc9563096150f23f6c220e7b\System.Printing.ni.dll + 2012-08-07 15:40 . 2012-08-07 15:40 1666048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll + 2012-08-07 16:56 . 2012-08-07 16:56 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\e899cda47704280f54949c69b78c55cc\System.Deployment.ni.dll + 2012-08-07 16:57 . 2012-08-07 16:57 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\36299fad6b7b591cfb6bd9e50dbd33df\System.Activities.Presentation.ni.dll + 2012-08-07 16:57 . 2012-08-07 16:57 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\442af6f7c8b447bdec3ad8d23da89c5a\ReachFramework.ni.dll + 2012-08-07 16:56 . 2012-08-07 16:56 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\cf455da9b8fedf66767c1a7ab3eea9c9\PresentationUI.ni.dll + 2012-08-07 16:56 . 2012-08-07 16:56 1139712 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\2ed0173a2e75b1a3943bd2d96649a50c\Microsoft.VisualBasic.Compatibility.ni.dll + 2012-08-07 16:56 . 2012-08-07 16:56 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\09c2f8f606e09d85cfe6e0ad89fbe729\Microsoft.VisualBasic.ni.dll + 2012-08-07 17:00 . 2012-08-07 17:00 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\e9007661281ebb2076dda1568381ae25\System.WorkflowServices.ni.dll + 2012-08-07 15:35 . 2012-08-07 15:35 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\3bdad8116f2d3b81552cc1f8b028aa6e\System.Workflow.ComponentModel.ni.dll + 2012-08-07 15:35 . 2012-08-07 15:35 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\ef43c05e15a8efb4ced6445d1ea35c86\System.Workflow.Activities.ni.dll + 2012-08-07 17:00 . 2012-08-07 17:00 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\d20ebdf7ee8b54cd324a0bc8d062259d\System.Web.Mobile.ni.dll + 2012-08-07 17:00 . 2012-08-07 17:00 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\fe6df807f6b3184c209e371c885694be\System.Web.Extensions.Design.ni.dll + 2012-08-07 17:00 . 2012-08-07 17:00 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\9641252211cf6ab01a5bde58c5f7dba1\System.Web.Extensions.ni.dll + 2012-08-07 15:34 . 2012-08-07 15:34 1463808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\b964519964d302b4977e1380d8d15f1a\System.Printing.ni.dll + 2012-08-07 15:32 . 2012-08-07 15:32 2318848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\222eb8aa336953a6b0216db2b0c4770d\System.Drawing.ni.dll + 2012-08-07 15:32 . 2012-08-07 15:32 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\052d9ef010e4ff1dd46772a8671a7dc1\System.Deployment.ni.dll + 2012-08-07 15:34 . 2012-08-07 15:34 3116032 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\1f88a3693c8ddd527a130aff49dc58b3\ReachFramework.ni.dll + 2012-08-07 15:34 . 2012-08-07 15:34 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\210745b8ab0d0efb287eec496271c7db\PresentationUI.ni.dll + 2012-08-07 16:59 . 2012-08-07 16:59 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\6161ff72aad572608d6459db4375921b\Narrator.ni.exe + 2012-08-07 16:59 . 2012-08-07 16:59 2327552 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\1c52385da78998a8c3be3cae7a148e65\MMCEx.ni.dll + 2012-08-07 16:58 . 2012-08-07 16:58 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\2e77de04de7574b9c1bf56cfcb31af68\MIGUIControls.ni.dll + 2012-08-07 16:59 . 2012-08-07 16:59 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\ed3dbcc90dcd37ed6067aa66280e979e\Microsoft.VisualBasic.ni.dll + 2012-08-07 16:59 . 2012-08-07 16:59 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\6caa366471176a065a96d77e8ba01eeb\Microsoft.PowerShell.Commands.Utility.ni.dll + 2012-08-07 16:59 . 2012-08-07 16:59 5350912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\679baf265ca0c434c5b9b01dbeb3dd49\Microsoft.PowerShell.Editor.ni.dll + 2012-08-07 15:41 . 2012-08-07 15:41 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b2afc0af3d89ae00e973b4e6e9db382c\Microsoft.MediaCenter.ni.dll + 2012-08-07 16:57 . 2012-08-07 16:57 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\653e1ee01f10d658d52ca42e17e74283\Microsoft.MediaCenter.UI.ni.dll + 2012-08-07 16:59 . 2012-08-07 16:59 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\4a0761608a0c0af58bd3b17bc8aba2d8\Microsoft.MediaCenter.Bml.ni.dll + 2012-08-07 16:59 . 2012-08-07 16:59 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\1dfd6aa34b61f94f3222d1ac306ee08e\Microsoft.Ink.ni.dll + 2012-08-07 16:59 . 2012-08-07 16:59 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\c61d2050ddb9370ec88f7e0a40e6ec83\Microsoft.Build.Tasks.ni.dll + 2012-08-07 16:59 . 2012-08-07 16:59 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\0930c9203145895378b3f948ddbd0640\Microsoft.Build.Tasks.v3.5.ni.dll + 2012-08-07 16:57 . 2012-08-07 16:57 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\f5cb40bc7bce93175c5775bed1018c1f\mcstore.ni.dll + 2012-08-07 16:54 . 2012-08-07 16:54 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\62576d2c7cf13f472c789326c6eede31\WindowsLive.Writer.CoreServices.ni.dll + 2012-08-07 16:54 . 2012-08-07 16:54 6394368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3e976d57ebe9a56883a1a60399244a09\WindowsLive.Writer.PostEditor.ni.dll + 2012-08-07 16:54 . 2012-08-07 16:54 1105408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3869496315c69074176f6970175b8357\WindowsLive.Writer.ApplicationFramework.ni.dll + 2012-08-07 16:56 . 2012-08-07 16:56 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a23e8a64ca21224f2bea9ca3c3a5a005\System.WorkflowServices.ni.dll + 2012-08-07 15:36 . 2012-08-07 15:36 4516352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\0efbc299207e35df9199ca98c7209051\System.Workflow.ComponentModel.ni.dll + 2012-08-07 15:35 . 2012-08-07 15:35 2994688 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\12f7432045de0943f05f83ba21ae2795\System.Workflow.Activities.ni.dll + 2012-08-07 16:56 . 2012-08-07 16:56 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\238c801e0bbe9ca6b49241e96c9002a0\System.Web.Mobile.ni.dll + 2012-08-07 16:56 . 2012-08-07 16:56 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f21d509212c31d51f71b3f750052e9fb\System.Web.Extensions.ni.dll + 2012-08-07 15:28 . 2012-08-07 15:28 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\991dbe40be5b114ed705bb5b48e6b330\System.Printing.ni.dll + 2012-08-07 15:25 . 2012-08-07 15:25 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll + 2012-08-07 15:24 . 2012-08-07 15:24 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f5e4446864b34e38af0467fcef6f4283\System.Deployment.ni.dll + 2012-08-07 15:28 . 2012-08-07 15:28 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\87f73de6e080d37be93adfc7d5c31d7a\ReachFramework.ni.dll + 2012-08-07 15:27 . 2012-08-07 15:27 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\81aacc474fa8eab0acc6e4be332c1bc7\PresentationUI.ni.dll + 2012-08-07 16:55 . 2012-08-07 16:55 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\5a1931b757da881a84c3a4a5477a7c20\Narrator.ni.exe + 2012-08-07 16:55 . 2012-08-07 16:55 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\1c088fce4f92cbe43503d584fa51af1d\MMCEx.ni.dll + 2012-08-07 16:55 . 2012-08-07 16:55 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\8706f5d47b38dac04d0cd230baee4c0d\MIGUIControls.ni.dll + 2012-08-07 16:55 . 2012-08-07 16:55 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\ca751192bea68826694e690f3a6b5481\Microsoft.VisualBasic.ni.dll + 2012-08-07 16:55 . 2012-08-07 16:55 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\99ae5f32cd1dc3618659bc3c77f2b2a9\Microsoft.PowerShell.Commands.Utility.ni.dll + 2012-08-07 16:55 . 2012-08-07 16:55 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4edc9ecb13c33924ae73febac2d41b35\Microsoft.PowerShell.Editor.ni.dll + 2012-08-07 16:55 . 2012-08-07 16:55 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\8ce1d10f94b40f054017865757552f2d\Microsoft.MediaCenter.UI.ni.dll + 2012-08-07 16:55 . 2012-08-07 16:55 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\7fab1ec8f5ed6a55a8a73b2c590bd7cd\Microsoft.MediaCenter.ni.dll + 2012-08-07 16:55 . 2012-08-07 16:55 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\915ffe12bb261ba8ee009f379ba7d086\Microsoft.Ink.ni.dll + 2012-08-07 16:55 . 2012-08-07 16:55 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\38ca1e4f14366981e2fb9ef6d977c966\Microsoft.Build.Tasks.ni.dll + 2012-08-07 16:55 . 2012-08-07 16:55 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\121a206f90a50c110c3aa561aac4cab1\Microsoft.Build.Tasks.v3.5.ni.dll + 2012-08-07 16:55 . 2012-08-07 16:55 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\2ffc241a384334f2f12a89f318d3a82c\mcstore.ni.dll - 2009-07-14 02:34 . 2012-05-11 08:32 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat + 2009-07-14 02:34 . 2012-08-07 15:47 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat + 2012-08-07 17:03 . 2012-08-07 17:03 17355264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\e883d90a0210bf99ca88f3b4ade53a24\System.Windows.Forms.ni.dll + 2012-08-07 17:02 . 2012-08-07 17:02 24407552 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\a3c3789d54894008501ce5891f1eeb40\PresentationFramework.ni.dll + 2012-08-07 17:01 . 2012-08-07 17:01 15908864 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\9d69a7a407bbc43a1bcb2da603af5840\PresentationCore.ni.dll + 2012-08-07 15:40 . 2012-08-07 15:40 13198336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll + 2012-08-07 15:40 . 2012-08-07 15:40 18000896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll + 2012-08-07 15:39 . 2012-08-07 15:39 11451904 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll + 2012-08-07 15:33 . 2012-08-07 15:33 17379840 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\f0d2181352f262008abe7593454194d8\System.Windows.Forms.ni.dll + 2012-08-07 15:34 . 2012-08-07 15:34 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\25d1a444d4ec79a2facc05adf9cd43c1\System.Web.ni.dll + 2012-08-07 15:34 . 2012-08-07 15:34 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\15c75736fbf675454ba78309edeb01ee\System.Design.ni.dll + 2012-08-07 15:34 . 2012-08-07 15:34 19198464 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\47054c4d5b7e522c21a9d57797410302\PresentationFramework.ni.dll + 2012-08-07 15:32 . 2012-08-07 15:32 16543232 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\3a9d13514a8c4c710fa5ce8e9b5393fe\PresentationCore.ni.dll + 2012-08-07 16:58 . 2012-08-07 16:58 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\0c1f96a4136efe532bbb8eb91d3de300\ehshell.ni.dll + 2012-08-07 15:25 . 2012-08-07 15:25 12433408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\697251a50a103e3d047178c2ab710593\System.Windows.Forms.ni.dll + 2012-08-07 15:28 . 2012-08-07 15:28 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\2b07e726c1c19bb8440d82b200fb603b\System.Web.ni.dll + 2012-08-07 15:29 . 2012-08-07 15:29 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\bd50eea0424b0f1e4c8b3f5cd79494d1\System.Design.ni.dll + 2012-08-07 15:27 . 2012-08-07 15:27 14340608 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll + 2012-08-07 15:24 . 2012-08-07 15:24 12237824 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}] 2011-10-25 03:01 832680 ----a-w- c:\progra~2\REBATE~1\RebateI.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2010-03-26 563744] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984] "IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368] "PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168] "ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] "Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] R2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 136176] R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-03-25 226624] R2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-08-26 20792] R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] R2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232] R3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\DRIVERS\firehk.sys [2008-10-17 56648] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 136176] R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2010-06-15 138904] R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2010-06-15 45424] R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2010-06-15 40152] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-19 100520] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-09 1255736] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] R4 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-06-15 1498224] R4 hips;McAfee HIPSCore Service;c:\program files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2010-06-15 39840] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-19 281416] S1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);c:\windows\system32\Drivers\NEOFLTR_650_15991.SYS [2010-06-08 100472] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-04-19 156248] S3 FirehkMP;FirehkMP;c:\windows\system32\DRIVERS\firehk.sys [2008-10-17 56648] . . Contents of the 'Scheduled Tasks' folder . 2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 19:38] . 2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 19:38] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80273&lng=en uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=17360910a116p0455v115r4582s216 mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 Trusted Zone: agencyanywhere.agency.ni.nwie.net Trusted Zone: skilldialogue.com Trusted Zone: skillport.com TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - c:\progra~2\REBATE~1\RebateI.dll DPF: {9916D178-71C8-4764-969C-95B9B67A1F76} - hxxps://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\software\Network Associates] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . Completion time: 2012-08-08 10:26:35 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-08 15:26 ComboFix2.txt 2012-08-07 14:56 ComboFix3.txt 2012-08-07 13:45 ComboFix4.txt 2012-08-02 04:45 . Pre-Run: 422,211,252,224 bytes free Post-Run: 421,905,850,368 bytes free . - - End Of File - - 3D316B788D4208635134D87D77C22533
  6. DDS . DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.5.0_17 Run by Receptionist at 10:28:45 on 2012-08-08 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.3203 [GMT -5:00] . AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\mfevtps.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80273&lng=en mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=17360910a116p0455v115r4582s216 uURLSearchHooks: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll BHO: : {ccb69577-088b-4004-9ed8-ff5bcc83a039} - C:\PROGRA~2\REBATE~1\RebateI.dll BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - C:\PROGRA~2\INBOXT~1\Inbox.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" mRun: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mRunOnce: [<NO NAME>] mRunOnce: [GrpConv] grpconv -o mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL Trusted Zone: agencyanywhere.agency.ni.nwie.net Trusted Zone: skilldialogue.com Trusted Zone: skillport.com DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://logic.live.primorisservices.com/systemInfo/ScriptX/smsx.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {9916D178-71C8-4764-969C-95B9B67A1F76} - hxxps://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://agents.nationwide.com/dana-cached/sc/JuniperSetupClient.cab TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{B91B9BA9-4B3F-4729-B204-73F2C2BCEE58} : DhcpNameServer = 75.75.76.76 75.75.75.75 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~2\REBATE~1\RebateI.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll BHO-X64: : {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~2\REBATE~1\RebateI.dll BHO-X64: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll TB-X64: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" mRun-x64: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" mRun-x64: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mRunOnce-x64: [(Default)] mRunOnce-x64: [GrpConv] grpconv -o . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);\??\C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS --> C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS [?] R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?] R3 FirehkMP;FirehkMP;C:\Windows\system32\DRIVERS\firehk.sys --> C:\Windows\system32\DRIVERS\firehk.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] S2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176] S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-3-25 226624] S2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-8-25 20792] S2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-1-12 120128] S2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2011-5-10 183040] S2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2010-8-25 66880] S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] S2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-5-3 243232] S3 Firehk;McAfee NDIS Intermediate Filter;C:\Windows\system32\DRIVERS\firehk.sys --> C:\Windows\system32\DRIVERS\firehk.sys [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176] S3 HIPK;McAfee Inc. HIPK;C:\Windows\system32\drivers\HIPK.sys --> C:\Windows\system32\drivers\HIPK.sys [?] S3 HIPPSK;McAfee Inc. HIPPSK;C:\Windows\system32\drivers\HIPPSK.sys --> C:\Windows\system32\drivers\HIPPSK.sys [?] S3 HIPQK;McAfee Inc. HIPQK;C:\Windows\system32\drivers\HIPQK.sys --> C:\Windows\system32\drivers\HIPQK.sys [?] S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] S4 enterceptAgent;McAfee Host Intrusion Prevention Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-6-15 1498224] S4 hips;McAfee HIPSCore Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2011-2-7 39840] . =============== Created Last 30 ================ . 2012-08-08 15:22:35 -------- d-sh--w- C:\$RECYCLE.BIN 2012-08-07 16:38:10 -------- d-----w- C:\Windows\SysWow64\wbem\Performance 2012-08-07 16:37:01 303616 ----a-w- C:\SetACL.exe 2012-08-07 16:16:40 290304 ----a-w- C:\subinacl.exe 2012-08-07 16:14:42 -------- d-----w- C:\RegBackup 2012-08-07 15:51:56 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs 2012-08-07 15:51:48 -------- d-----w- C:\Program Files (x86)\Tweaking.com 2012-08-07 15:10:10 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-08-07 15:09:10 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-08-07 15:09:10 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-08-07 13:47:36 -------- d-----w- C:\_OTL 2012-08-02 16:53:00 -------- d-----w- C:\Users\Receptionist\AppData\Roaming\WildTangent 2012-08-02 04:21:07 98816 ----a-w- C:\Windows\sed.exe 2012-08-02 04:21:07 518144 ----a-w- C:\Windows\SWREG.exe 2012-08-02 04:21:07 256000 ----a-w- C:\Windows\PEV.exe 2012-08-02 04:21:07 208896 ----a-w- C:\Windows\MBR.exe . ==================== Find3M ==================== . 2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll . ============= FINISH: 10:28:59.26 ===============
  7. here is dds attach . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 9/9/2010 12:55:23 PM System Uptime: 8/8/2012 10:21:27 AM (0 hours ago) . Motherboard: eMachines | | ET1350 Processor: AMD Athlon II 160u Processor | CPU 1 | 1808/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 447 GiB total, 393.001 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . ==== System Restore Points =================== . RP115: 5/10/2012 7:34:04 AM - Windows Update RP116: 5/11/2012 3:00:12 AM - Windows Update RP117: 5/22/2012 1:48:14 PM - Scheduled Checkpoint RP118: 5/30/2012 9:04:40 AM - Scheduled Checkpoint RP119: 6/11/2012 2:09:39 PM - Scheduled Checkpoint RP120: 7/3/2012 10:57:09 AM - Scheduled Checkpoint RP121: 7/11/2012 12:00:05 AM - Scheduled Checkpoint RP122: 7/20/2012 5:12:43 PM - Scheduled Checkpoint RP123: 8/2/2012 12:37:59 PM - Scheduled Checkpoint RP124: 8/7/2012 10:08:30 AM - Windows Update RP125: 8/7/2012 10:20:50 AM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader 9.4.6 MUI Advertising Center AppGraffiti Bejeweled 2 Deluxe Blackhawk Striker 2 Bob the Builder Can-Do-Zoo Brother MFL-Pro Suite MFC-8480DN Build-a-lot 2 Citrix XenApp Plugin for Hosted Apps Compatibility Pack for the 2007 Office system CyberLink PowerDVD 9 eBay Worldwide eMachines Game Console eMachines Games eMachines Recovery Management eMachines Registration eMachines ScreenSaver eMachines Updater Escape Rosecliff Island Faerie Solitaire Google Toolbar for Internet Explorer Google Update Helper GoToAssist Corporate Hotkey Utility Identity Card ImagXpress Inbox Toolbar Internet TV for Windows Media Center J2SE Runtime Environment 5.0 Update 17 Java Auto Updater Java 6 Update 29 Jewel Quest Solitaire 3 Juniper Networks Host Checker Juniper Networks Secure Application Manager Juniper Networks Setup Client Junk Mail filter update Malwarebytes Anti-Malware version 1.62.0.1300 McAfee Agent McAfee AntiSpyware Enterprise Module McAfee Host Intrusion Prevention McAfee SiteAdvisor Enterprise Plus McAfee VirusScan Enterprise Microsoft Choice Guard Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Click-to-Run 2010 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Business 2010 - English Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Monopoly MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mystery P.I. - Lost in Los Angeles Nero 9 Essentials Nero ControlCenter Nero DiscSpeed Nero DiscSpeed Help Nero DriveSpeed Nero DriveSpeed Help Nero Express Help Nero InfoTool Nero InfoTool Help Nero Installer Nero Online Upgrade Nero StartSmart Nero StartSmart Help Nero StartSmart OEM NeroExpress neroxml NVIDIA ForceWare Network Access Manager Penguins! Plants vs. Zombies Polar Bowler Polar Golfer Realtek High Definition Audio Driver RebateInformer ScanSoft PaperPort 11 Scrabble Plus Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition System Information Reporter Tweaking.com - Windows Repair (All in One) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Virtual Families Virtual Villagers - A New Home Welcome Center Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer Windows Media Center Add-in for Flash Yahoo! BrowserPlus 2.9.8 Yahtzee Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 8/8/2012 10:22:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 8/8/2012 10:22:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 8/8/2012 10:22:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 8/8/2012 10:22:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 8/8/2012 10:22:22 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6 8/8/2012 10:22:22 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found. 8/8/2012 10:22:22 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 8/8/2012 10:22:22 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. 8/8/2012 10:22:20 AM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: Netman. This service might not be installed. 8/8/2012 10:20:57 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 8/8/2012 10:14:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} 8/7/2012 9:57:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 8/7/2012 9:57:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 8/7/2012 8:48:48 AM, Error: Service Control Manager [7023] - The Power service terminated with the following error: The service has not been started. 8/7/2012 8:48:46 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error The parameter is incorrect.. 8/7/2012 8:48:46 AM, Error: Service Control Manager [7003] - The Workstation service depends the following service: NSI. This service might not be installed. 8/7/2012 8:48:46 AM, Error: Service Control Manager [7003] - The Telephony service depends the following service: PlugPlay. This service might not be installed. 8/7/2012 8:48:46 AM, Error: Service Control Manager [7003] - The Network Location Awareness service depends the following service: NSI. This service might not be installed. 8/7/2012 8:48:46 AM, Error: Service Control Manager [7003] - The DNS Client service depends the following service: NSI. This service might not be installed. 8/7/2012 8:48:43 AM, Error: Service Control Manager [7003] - The IP Helper service depends the following service: NSI. This service might not be installed. 8/7/2012 8:48:42 AM, Error: Service Control Manager [7003] - The Windows Driver Foundation - User-mode Driver Framework service depends the following service: PlugPlay. This service might not be installed. 8/7/2012 8:48:42 AM, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: NSI. This service might not be installed. 8/7/2012 8:48:41 AM, Error: Service Control Manager [7003] - The Windows Audio Endpoint Builder service depends the following service: PlugPlay. This service might not be installed. 8/7/2012 8:48:41 AM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. 8/7/2012 2:19:01 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer EPC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B91B9BA9-4B3F-4729-B204-73F2C2BCEE58}. The master browser is stopping or an election is being forced. 8/7/2012 11:44:47 AM, Error: Service Control Manager [7023] - The Portable Device Enumerator Service service terminated with the following error: The system cannot find the file specified. 8/7/2012 11:44:45 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 8/7/2012 11:43:29 AM, Error: Service Control Manager [7023] - The Remote Access Connection Manager service terminated with the following error: The system cannot find the file specified. 8/7/2012 11:43:14 AM, Error: Service Control Manager [7023] - The seclogon service terminated with the following error: The specified procedure could not be found. 8/7/2012 11:40:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 8/2/2012 3:50:52 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. 8/2/2012 3:50:02 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started. 8/2/2012 3:50:00 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. 8/2/2012 3:49:11 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. 8/2/2012 12:30:33 PM, Error: Service Control Manager [7024] - The Disk Defragmenter service terminated with service-specific error %%-2147023834. 8/1/2012 11:39:52 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 8/1/2012 1:46:52 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service has not been started. . ==== End Of File ===========================
  8. Hello Screen317 I now have internet access in normal mode. I ran rogue kill and it posted the infection I have zero access. I will run combofix and dds again
  9. I can only run in safe mode and trying to delete in safe mode doesn't do anything. I click and click but the machine does not do anything nor give a message
  10. hello I reposted again (sorry)and another member suggested roguekill and here are the results from both dds attatch and rogue kill text . DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.5.0_17 Run by Receptionist at 13:14:51 on 2012-08-02 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.3410 [GMT -5:00] . AV: McAfee VirusScan Enterprise *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Host Intrusion Prevention Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\mfevtps.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80273&lng=en mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=17360910a116p0455v115r4582s216 uURLSearchHooks: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll BHO: : {ccb69577-088b-4004-9ed8-ff5bcc83a039} - C:\PROGRA~2\REBATE~1\RebateI.dll BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - C:\PROGRA~2\INBOXT~1\Inbox.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" mRun: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL Trusted Zone: agencyanywhere.agency.ni.nwie.net Trusted Zone: skilldialogue.com Trusted Zone: skillport.com DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://logic.live.primorisservices.com/systemInfo/ScriptX/smsx.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {9916D178-71C8-4764-969C-95B9B67A1F76} - hxxps://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://agents.nationwide.com/dana-cached/sc/JuniperSetupClient.cab TCP: DhcpNameServer = 10.1.10.1 TCP: Interfaces\{B91B9BA9-4B3F-4729-B204-73F2C2BCEE58} : DhcpNameServer = 10.1.10.1 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~2\REBATE~1\RebateI.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll BHO-X64: : {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~2\REBATE~1\RebateI.dll BHO-X64: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll TB-X64: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" mRun-x64: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" mRun-x64: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);\??\C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS --> C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS [?] R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?] R3 FirehkMP;FirehkMP;C:\Windows\system32\DRIVERS\firehk.sys --> C:\Windows\system32\DRIVERS\firehk.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] S2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176] S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-3-25 226624] S2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-8-25 20792] S2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-1-12 120128] S2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2011-5-10 183040] S2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2010-8-25 66880] S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] S2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-5-3 243232] S3 Firehk;McAfee NDIS Intermediate Filter;C:\Windows\system32\DRIVERS\firehk.sys --> C:\Windows\system32\DRIVERS\firehk.sys [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176] S3 HIPK;McAfee Inc. HIPK;C:\Windows\system32\drivers\HIPK.sys --> C:\Windows\system32\drivers\HIPK.sys [?] S3 HIPPSK;McAfee Inc. HIPPSK;C:\Windows\system32\drivers\HIPPSK.sys --> C:\Windows\system32\drivers\HIPPSK.sys [?] S3 HIPQK;McAfee Inc. HIPQK;C:\Windows\system32\drivers\HIPQK.sys --> C:\Windows\system32\drivers\HIPQK.sys [?] S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] S4 enterceptAgent;McAfee Host Intrusion Prevention Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-6-15 1498224] S4 hips;McAfee HIPSCore Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2011-2-7 39840] . =============== Created Last 30 ================ . 2012-08-02 16:53:00 -------- d-----w- C:\Users\Receptionist\AppData\Roaming\WildTangent 2012-08-02 04:41:35 -------- d-----w- C:\$RECYCLE.BIN 2012-08-02 04:21:07 98816 ----a-w- C:\Windows\sed.exe 2012-08-02 04:21:07 518144 ----a-w- C:\Windows\SWREG.exe 2012-08-02 04:21:07 256000 ----a-w- C:\Windows\PEV.exe 2012-08-02 04:21:07 208896 ----a-w- C:\Windows\MBR.exe . ==================== Find3M ==================== . 2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys . ============= FINISH: 13:15:47.95 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 9/9/2010 12:55:23 PM System Uptime: 8/2/2012 1:13:52 PM (0 hours ago) . Motherboard: eMachines | | ET1350 Processor: AMD Athlon II 160u Processor | CPU 1 | 1808/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 447 GiB total, 392.849 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP113: 4/26/2012 4:05:30 PM - Scheduled Checkpoint RP114: 5/4/2012 2:30:15 PM - Scheduled Checkpoint RP115: 5/10/2012 7:34:04 AM - Windows Update RP116: 5/11/2012 3:00:12 AM - Windows Update RP117: 5/22/2012 1:48:14 PM - Scheduled Checkpoint RP118: 5/30/2012 9:04:40 AM - Scheduled Checkpoint RP119: 6/11/2012 2:09:39 PM - Scheduled Checkpoint RP120: 7/3/2012 10:57:09 AM - Scheduled Checkpoint RP121: 7/11/2012 12:00:05 AM - Scheduled Checkpoint RP122: 7/20/2012 5:12:43 PM - Scheduled Checkpoint RP123: 8/2/2012 12:37:59 PM - Scheduled Checkpoint . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader 9.4.6 MUI Advertising Center AppGraffiti Bejeweled 2 Deluxe Blackhawk Striker 2 Bob the Builder Can-Do-Zoo Brother MFL-Pro Suite MFC-8480DN Build-a-lot 2 Citrix XenApp Plugin for Hosted Apps Compatibility Pack for the 2007 Office system CyberLink PowerDVD 9 eBay Worldwide eMachines Game Console eMachines Games eMachines Recovery Management eMachines Registration eMachines ScreenSaver eMachines Updater Escape Rosecliff Island Faerie Solitaire Google Toolbar for Internet Explorer Google Update Helper GoToAssist Corporate Hotkey Utility Identity Card ImagXpress Inbox Toolbar Internet TV for Windows Media Center J2SE Runtime Environment 5.0 Update 17 Java Auto Updater Java 6 Update 29 Jewel Quest Solitaire 3 Juniper Networks Host Checker Juniper Networks Secure Application Manager Juniper Networks Setup Client Junk Mail filter update Malwarebytes Anti-Malware version 1.62.0.1300 McAfee Agent McAfee AntiSpyware Enterprise Module McAfee Host Intrusion Prevention McAfee SiteAdvisor Enterprise Plus McAfee VirusScan Enterprise Microsoft Choice Guard Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Click-to-Run 2010 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Business 2010 - English Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Monopoly MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mystery P.I. - Lost in Los Angeles Nero 9 Essentials Nero ControlCenter Nero DiscSpeed Nero DiscSpeed Help Nero DriveSpeed Nero DriveSpeed Help Nero Express Help Nero InfoTool Nero InfoTool Help Nero Installer Nero Online Upgrade Nero StartSmart Nero StartSmart Help Nero StartSmart OEM NeroExpress neroxml NVIDIA ForceWare Network Access Manager Penguins! Plants vs. Zombies Polar Bowler Polar Golfer Realtek High Definition Audio Driver RebateInformer ScanSoft PaperPort 11 Scrabble Plus Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition System Information Reporter Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Virtual Families Virtual Villagers - A New Home Welcome Center Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer Windows Media Center Add-in for Flash Yahoo! BrowserPlus 2.9.8 Yahtzee Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 8/2/2012 12:44:16 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. 8/2/2012 12:30:33 PM, Error: Service Control Manager [7024] - The Disk Defragmenter service terminated with service-specific error %%-2147023834. 8/2/2012 11:36:19 AM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started. 8/2/2012 11:36:15 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. 8/2/2012 11:35:25 AM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. 8/2/2012 11:35:21 AM, Error: Service Control Manager [7023] - The seclogon service terminated with the following error: The specified procedure could not be found. 8/2/2012 1:14:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 8/2/2012 1:14:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 8/2/2012 1:14:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 8/2/2012 1:14:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 8/2/2012 1:14:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 8/2/2012 1:14:23 PM, Error: Service Control Manager [7023] - The Power service terminated with the following error: The service has not been started. 8/2/2012 1:14:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6 8/2/2012 1:14:19 PM, Error: Service Control Manager [7003] - The Workstation service depends the following service: NSI. This service might not be installed. 8/2/2012 1:14:19 PM, Error: Service Control Manager [7003] - The DNS Client service depends the following service: NSI. This service might not be installed. 8/2/2012 1:14:19 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 8/2/2012 1:14:18 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error The parameter is incorrect.. 8/2/2012 1:14:18 PM, Error: Service Control Manager [7003] - The Telephony service depends the following service: PlugPlay. This service might not be installed. 8/2/2012 1:14:18 PM, Error: Service Control Manager [7003] - The Network Location Awareness service depends the following service: NSI. This service might not be installed. 8/2/2012 1:14:18 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: Netman. This service might not be installed. 8/2/2012 1:14:18 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. 8/2/2012 1:14:17 PM, Error: Service Control Manager [7003] - The IP Helper service depends the following service: NSI. This service might not be installed. 8/2/2012 1:14:15 PM, Error: Service Control Manager [7003] - The Windows Driver Foundation - User-mode Driver Framework service depends the following service: PlugPlay. This service might not be installed. 8/2/2012 1:14:15 PM, Error: Service Control Manager [7003] - The Windows Audio Endpoint Builder service depends the following service: PlugPlay. This service might not be installed. 8/2/2012 1:14:15 PM, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: NSI. This service might not be installed. 8/2/2012 1:14:15 PM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. 8/1/2012 11:41:23 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found. 8/1/2012 11:40:23 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 8/1/2012 11:39:52 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 8/1/2012 11:33:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} 8/1/2012 11:30:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 8/1/2012 1:46:52 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service has not been started. . ==== End Of File =========================== RogueKiller V7.6.4 [07/17/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Safe mode with network support User: Receptionist [Admin rights] Mode: Scan -- Date: 08/02/2012 13:21:00 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 3 ¤¤¤ [sCRSV] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Users\RECEPT~1\Desktop\dds.scr) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : c:\users\receptionist\appdata\local\{141217f5-01f1-cc55-56ea-e23dae3f84a7}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\users\receptionist\appdata\local\{141217f5-01f1-cc55-56ea-e23dae3f84a7}\U --> FOUND [ZeroAccess][FOLDER] L : c:\users\receptionist\appdata\local\{141217f5-01f1-cc55-56ea-e23dae3f84a7}\L --> FOUND ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] 716b200493e5deeed3a0e18a51753e52 [bSP] ec2b29426b3d17b2394cf4039c4cd572 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 19456 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 39847936 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 40052736 | Size: 457382 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1].txt >> RKreport[1].txt
  11. here is the combofix txt file and new dds text file ComboFix 12-07-31.03 - Receptionist 08/01/2012 23:35:07.1.1 - x64 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.3375 [GMT -5:00] Running from: c:\users\Receptionist\Desktop\ComboFix.exe AV: McAfee VirusScan Enterprise *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Host Intrusion Prevention Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\RECEPT~1\AppData\Local\Temp\pasfri.dll c:\users\Receptionist\GoToAssistDownloadHelper.exe . . ((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 ))))))))))))))))))))))))))))))) . . . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-03 18:46 . 2011-12-05 20:34 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-11 08:15 . 2010-09-09 18:30 57848688 ----a-w- c:\windows\system32\MRT.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}] 2011-10-25 03:01 832680 ----a-w- c:\progra~2\REBATE~1\RebateI.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2010-03-26 563744] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984] "IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368] "PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168] "ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] R2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 136176] R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-03-25 226624] R2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-08-26 20792] R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] R2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232] R3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\DRIVERS\firehk.sys [2008-10-17 56648] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 136176] R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2010-06-15 138904] R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2010-06-15 45424] R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2010-06-15 40152] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-19 100520] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-09 1255736] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] R4 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-06-15 1498224] R4 hips;McAfee HIPSCore Service;c:\program files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2010-06-15 39840] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-19 281416] S1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);c:\windows\system32\Drivers\NEOFLTR_650_15991.SYS [2010-06-08 100472] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-04-19 156248] S3 FirehkMP;FirehkMP;c:\windows\system32\DRIVERS\firehk.sys [2008-10-17 56648] . . Contents of the 'Scheduled Tasks' folder . 2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 19:38] . 2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 19:38] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80273&lng=en uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=17360910a116p0455v115r4582s216 mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 Trusted Zone: agencyanywhere.agency.ni.nwie.net Trusted Zone: skilldialogue.com Trusted Zone: skillport.com TCP: DhcpNameServer = 10.1.10.1 Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - c:\progra~2\REBATE~1\RebateI.dll DPF: {9916D178-71C8-4764-969C-95B9B67A1F76} - hxxps://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-PortableMedia - c:\users\Receptionist\AppData\Local\Portable\PortableMedia.exe Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\software\Network Associates] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-08-01 23:45:18 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-02 04:45 . Pre-Run: 420,662,083,584 bytes free Post-Run: 420,605,194,240 bytes free . - - End Of File - - 4A08DEE2E1A07AAA1E23777F6B1BB142 ---------dds-------------file . DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.5.0_17 Run by Receptionist at 23:46:43 on 2012-08-01 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.3262 [GMT -5:00] . AV: McAfee VirusScan Enterprise *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Host Intrusion Prevention Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\mfevtps.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80273&lng=en mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=17360910a116p0455v115r4582s216 uURLSearchHooks: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll BHO: : {ccb69577-088b-4004-9ed8-ff5bcc83a039} - C:\PROGRA~2\REBATE~1\RebateI.dll BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - C:\PROGRA~2\INBOXT~1\Inbox.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" mRun: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL Trusted Zone: agencyanywhere.agency.ni.nwie.net Trusted Zone: skilldialogue.com Trusted Zone: skillport.com DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://logic.live.primorisservices.com/systemInfo/ScriptX/smsx.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {9916D178-71C8-4764-969C-95B9B67A1F76} - hxxps://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://agents.nationwide.com/dana-cached/sc/JuniperSetupClient.cab TCP: DhcpNameServer = 10.1.10.1 TCP: Interfaces\{B91B9BA9-4B3F-4729-B204-73F2C2BCEE58} : DhcpNameServer = 10.1.10.1 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~2\REBATE~1\RebateI.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll BHO-X64: : {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~2\REBATE~1\RebateI.dll BHO-X64: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll TB-X64: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" mRun-x64: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" mRun-x64: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);\??\C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS --> C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS [?] R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?] R3 FirehkMP;FirehkMP;C:\Windows\system32\DRIVERS\firehk.sys --> C:\Windows\system32\DRIVERS\firehk.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] S2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176] S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-3-25 226624] S2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-8-25 20792] S2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-1-12 120128] S2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2011-5-10 183040] S2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2010-8-25 66880] S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] S2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-5-3 243232] S3 Firehk;McAfee NDIS Intermediate Filter;C:\Windows\system32\DRIVERS\firehk.sys --> C:\Windows\system32\DRIVERS\firehk.sys [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176] S3 HIPK;McAfee Inc. HIPK;C:\Windows\system32\drivers\HIPK.sys --> C:\Windows\system32\drivers\HIPK.sys [?] S3 HIPPSK;McAfee Inc. HIPPSK;C:\Windows\system32\drivers\HIPPSK.sys --> C:\Windows\system32\drivers\HIPPSK.sys [?] S3 HIPQK;McAfee Inc. HIPQK;C:\Windows\system32\drivers\HIPQK.sys --> C:\Windows\system32\drivers\HIPQK.sys [?] S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] S4 enterceptAgent;McAfee Host Intrusion Prevention Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-6-15 1498224] S4 hips;McAfee HIPSCore Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2011-2-7 39840] . =============== Created Last 30 ================ . 2012-08-02 04:41:35 -------- d-----w- C:\$RECYCLE.BIN 2012-08-02 04:21:07 98816 ----a-w- C:\Windows\sed.exe 2012-08-02 04:21:07 518144 ----a-w- C:\Windows\SWREG.exe 2012-08-02 04:21:07 256000 ----a-w- C:\Windows\PEV.exe 2012-08-02 04:21:07 208896 ----a-w- C:\Windows\MBR.exe . ==================== Find3M ==================== . 2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys . ============= FINISH: 23:46:57.04 ===============
  12. hello Here is the malware quick scan and dds Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.03.05 Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 Receptionist :: RECEPTIONIST-PC [administrator] 8/1/2012 2:17:38 PM mbam-log-2012-08-01 (14-17-38).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 210422 Time elapsed: 2 minute(s), 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Here is the dds scan . DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.5.0_17 Run by Receptionist at 13:51:01 on 2012-08-01 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.3384 [GMT -5:00] . AV: McAfee VirusScan Enterprise *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Host Intrusion Prevention Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\mfevtps.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80273&lng=en uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=17360910a116p0455v115r4582s216 uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=17360910a116p0455v115r4582s216 mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=17360910a116p0455v115r4582s216 uURLSearchHooks: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll BHO: : {ccb69577-088b-4004-9ed8-ff5bcc83a039} - C:\PROGRA~2\REBATE~1\RebateI.dll BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - C:\PROGRA~2\INBOXT~1\Inbox.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [vchap] rundll32.exe "C:\Users\RECEPT~1\AppData\Local\Temp\vchap.dll",IsConvertImagesDialogShowed uRun: [PortableMedia] "C:\Users\Receptionist\AppData\Local\Portable\PortableMedia.exe" /b uRun: [pasfri] rundll32.exe "C:\Users\RECEPT~1\AppData\Local\Temp\pasfri.dll",QuaternionLn mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe mRun: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE mRun: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" mRun: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL Trusted Zone: agencyanywhere.agency.ni.nwie.net Trusted Zone: skilldialogue.com Trusted Zone: skillport.com DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://logic.live.primorisservices.com/systemInfo/ScriptX/smsx.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {9916D178-71C8-4764-969C-95B9B67A1F76} - hxxps://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://agents.nationwide.com/dana-cached/sc/JuniperSetupClient.cab TCP: DhcpNameServer = 10.1.10.1 TCP: Interfaces\{B91B9BA9-4B3F-4729-B204-73F2C2BCEE58} : DhcpNameServer = 10.1.10.1 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~2\REBATE~1\RebateI.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll BHO-X64: : {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~2\REBATE~1\RebateI.dll BHO-X64: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll TB-X64: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe mRun-x64: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE mRun-x64: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" mRun-x64: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" mRun-x64: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);\??\C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS --> C:\Windows\system32\Drivers\NEOFLTR_650_15991.SYS [?] R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?] R3 FirehkMP;FirehkMP;C:\Windows\system32\DRIVERS\firehk.sys --> C:\Windows\system32\DRIVERS\firehk.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] S2 enterceptAgent;McAfee Host Intrusion Prevention Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-6-15 1498224] S2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176] S2 hips;McAfee HIPSCore Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2011-2-7 39840] S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-3-25 226624] S2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-8-25 20792] S2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-1-12 120128] S2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2011-5-10 183040] S2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2010-8-25 66880] S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] S2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-5-3 243232] S3 Firehk;McAfee NDIS Intermediate Filter;C:\Windows\system32\DRIVERS\firehk.sys --> C:\Windows\system32\DRIVERS\firehk.sys [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176] S3 HIPK;McAfee Inc. HIPK;C:\Windows\system32\drivers\HIPK.sys --> C:\Windows\system32\drivers\HIPK.sys [?] S3 HIPPSK;McAfee Inc. HIPPSK;C:\Windows\system32\drivers\HIPPSK.sys --> C:\Windows\system32\drivers\HIPPSK.sys [?] S3 HIPQK;McAfee Inc. HIPQK;C:\Windows\system32\drivers\HIPQK.sys --> C:\Windows\system32\drivers\HIPQK.sys [?] S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-05-21 21:28:57 102248 ----a-w- C:\Users\Receptionist\GoToAssistDownloadHelper.exe . ============= FINISH: 13:51:48.20 ===============
  13. The machine in question is a emachine running windows 7. It had viruses on it. It will not allow me to open device manager or any other service. The message box says " The specified service does not exist as an installed service. I ran malwarebytes and removed 4 viruses and how I did that was by taking the hardrive and docking it in a usb stand and scanned it on another pc. I hook the hard drive in the pc it belongs in and it still is doing the same thing. It is not allowing me to access device manager, Malwarebyte or any service. The machine is hard wired to internet but it says not connected. In safe mode with networking I still can not connect to internet but Malwarebyte runs. I ran it again and the machine shows no infections. I tried the device manager but It opened with no icons the window is blank. How can I fix this? I know there is a hidden service running in the background I want to unhide it or delete it. Thanks
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.