Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

google redirecting


  • This topic is locked This topic is locked

#1
brick928

brick928

    New Member

  • Member
  • Pip
  • 7 posts
Hi, I have a problem with google redirecting. We got this new laptop last month, and within a week this problem started. I havent been able to get rid of it. I ran a malwarebytes scan about a week or two ago and it found Trojan.Tracur.Gen, and quarantined it, but the redirect problem still occurs. Thank you for your help.

Here is my OTL log:

OTL logfile created on: 8/9/2011 7:49:58 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Michelina\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 51.90% Memory free
7.90 Gb Paging File | 5.70 Gb Available in Paging File | 72.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.40 Gb Total Space | 546.73 Gb Free Space | 93.39% Space Free | Partition Type: NTFS
Drive D: | 960.22 Mb Total Space | 951.78 Mb Free Space | 99.12% Space Free | Partition Type: FAT

Computer Name: MICHELINA-VAIO | User Name: Michelina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/09 19:48:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Michelina\Desktop\OTL.exe
PRC - [2011/08/07 18:10:32 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/08/07 18:10:32 | 001,382,984 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2011/07/11 10:07:44 | 003,996,864 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2011/07/11 10:07:28 | 000,158,048 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\SSU.exe
PRC - [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/03/28 03:48:39 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2011/03/05 19:42:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011/03/05 19:42:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2011/02/15 19:30:18 | 000,047,104 | ---- | M] () -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
PRC - [2011/02/15 14:47:02 | 002,757,312 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2011/02/14 16:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
PRC - [2011/02/14 02:15:46 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/14 02:15:14 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/01/29 08:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2010/11/27 03:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/27 03:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/11/06 02:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 02:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/05/20 19:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/11 17:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (SafeList) ==========

MOD - [2011/08/09 19:48:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Michelina\Desktop\OTL.exe
MOD - [2010/11/20 23:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/30 12:09:12 | 001,021,112 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2011/02/28 13:29:18 | 000,852,160 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2011/02/27 14:15:36 | 000,499,200 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2011/02/27 14:09:36 | 000,885,248 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2011/02/19 01:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2011/02/19 01:10:06 | 000,546,608 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2011/02/19 01:02:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2011/02/14 16:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2011/01/29 08:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2011/01/20 15:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010/12/17 17:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/12/17 17:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/12/17 17:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/08/07 18:10:32 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/07/11 10:07:44 | 003,996,864 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2011/03/28 03:48:39 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/03/05 19:42:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2011/02/21 15:55:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011/02/21 15:55:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2011/02/15 19:30:18 | 000,047,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe -- (Oasis2Service)
SRV - [2011/02/14 02:15:46 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/02/14 02:15:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2011/01/20 15:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010/11/27 03:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/11/06 02:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/05/20 19:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 14:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/11 17:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/11 10:07:54 | 000,136,224 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2011/07/11 10:07:50 | 000,056,920 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\ssfmonm.sys -- (ssfmonm)
DRV:64bit: - [2011/03/28 03:48:44 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/03/28 00:12:44 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2011/03/28 00:07:33 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/08 23:28:52 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/02/21 13:43:52 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/02/17 15:42:12 | 000,174,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp) Intel® Centrino®
DRV:64bit: - [2011/02/17 15:42:06 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb) Intel® Centrino®
DRV:64bit: - [2011/02/17 15:42:04 | 000,075,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum) Intel® Centrino®
DRV:64bit: - [2011/02/15 03:42:50 | 001,388,592 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/02/14 02:15:10 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2011/02/11 04:48:34 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/12/21 12:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/12/01 08:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/04/26 16:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010/04/24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/04/17 14:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sony.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = BA 95 B0 13 B9 72 F6 48 AC 42 B8 7F 0B B6 AF 49 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/26 22:06:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/06/26 22:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michelina\AppData\Roaming\Mozilla\Extensions
[2011/07/27 00:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michelina\AppData\Roaming\Mozilla\Firefox\Profiles\iyu5p2yk.default\extensions
[2011/07/22 16:19:22 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Michelina\AppData\Roaming\Mozilla\Firefox\Profiles\iyu5p2yk.default\extensions\{091c4167-6158-4661-bc73-6ee645096741}
[2011/07/27 07:55:10 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Michelina\AppData\Roaming\Mozilla\Firefox\Profiles\iyu5p2yk.default\extensions\{dfc7f2c6-cc46-45d9-bd63-21b37608640e}
[2011/06/26 22:06:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2011/06/16 00:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/07 18:11:42 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCUDelayStartup.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKCU..\Run: [147559844] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (椀渀搀漀眀猀) - File not found
O30:64bit: - LSA: Security Packages - (ᘀ堀㄀) - File not found
O30 - LSA: Security Packages - (椀渀搀漀眀猀) - File not found
O30 - LSA: Security Packages - (ᘀ堀㄀) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/09 19:48:54 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Michelina\Desktop\OTL.exe
[2011/08/07 15:58:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/07 15:58:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/07 15:58:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/07 15:58:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/07 15:58:45 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/08/07 15:56:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/07 15:56:42 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/07/22 17:35:03 | 000,000,000 | ---D | C] -- C:\Users\Michelina\AppData\Roaming\Malwarebytes
[2011/07/22 17:34:56 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/22 17:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/22 17:34:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/22 17:34:53 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/22 17:34:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/12 23:19:40 | 000,000,000 | ---D | C] -- C:\Users\Michelina\Documents\SPN 321
[2011/07/11 22:58:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/07/11 22:50:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/07/11 22:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/07/11 22:47:24 | 000,000,000 | ---D | C] -- C:\Users\Michelina\AppData\Local\Microsoft Help
[2011/07/11 22:47:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/07/11 20:59:10 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/07/11 20:54:06 | 000,000,000 | ---D | C] -- C:\Users\Michelina\AppData\Local\SoftGrid Client
[2011/07/11 20:54:05 | 000,000,000 | ---D | C] -- C:\Users\Michelina\AppData\Roaming\SoftGrid Client
[2011/07/11 20:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2011/07/11 20:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/07/11 20:53:19 | 000,000,000 | ---D | C] -- C:\Users\Michelina\AppData\Roaming\TP
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/09 19:48:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Michelina\Desktop\OTL.exe
[2011/08/09 19:07:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/09 18:43:12 | 000,779,016 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/09 18:43:12 | 000,660,342 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/09 18:43:12 | 000,120,980 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/09 08:56:43 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/09 08:56:43 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/09 08:47:30 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/28 22:19:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/07/22 17:34:56 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/19 17:27:58 | 000,000,120 | ---- | M] () -- C:\Windows\SysWow64\1919255251
[2011/07/13 08:03:45 | 000,377,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/11 23:34:15 | 000,795,368 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/11 10:07:54 | 000,136,224 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\SysNative\drivers\ssidrv.sys
[2011/07/11 10:07:50 | 000,056,920 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\SysNative\drivers\ssfmonm.sys
[2011/07/11 10:07:38 | 000,030,424 | ---- | M] () -- C:\Windows\SysWow64\wrLZMA.dll
[2011/07/11 10:07:28 | 000,019,576 | ---- | M] () -- C:\Windows\SysNative\SsiEfr.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/07 15:58:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/07 15:58:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/07 15:58:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/07 15:58:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/07 15:58:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/07/28 22:19:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/07/22 17:34:56 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/13 07:50:21 | 000,000,120 | ---- | C] () -- C:\Windows\SysWow64\1919255251
[2011/06/26 22:17:01 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2011/06/01 17:19:27 | 000,000,226 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/03/28 03:04:05 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/03/28 03:04:04 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/03/28 03:04:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/02/10 19:03:27 | 000,795,368 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/07/11 22:51:34 | 000,000,000 | ---D | M] -- C:\Users\Michelina\AppData\Roaming\SoftGrid Client
[2011/07/11 20:54:11 | 000,000,000 | ---D | M] -- C:\Users\Michelina\AppData\Roaming\TP
[2009/07/14 01:08:49 | 000,016,334 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello brick928 and welcome to G2G! Posted Image

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


    :OTL
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKCU..\Run: [8DDYX0ZBPZ] File not found
    O30:64bit: - LSA: Authentication Packages - (ows\w) - File not found
    O30 - LSA: Authentication Packages - (ows\w) - File not found
    O30:64bit: - LSA: Security Packages - (椀渀搀漀眀猀) - File not found
    O30:64bit: - LSA: Security Packages - (ᘀ堀㄀) - File not found
    O30 - LSA: Security Packages - (椀渀搀漀眀猀) - File not found
    O30 - LSA: Security Packages - (ᘀ堀㄀) - File not found
    [2011/08/10 20:52:57 | 000,000,304 | -HS- | M] () -- C:\Windows\tasks\UAGNECRRTU.job
    [2011/08/07 22:13:30 | 000,065,024 | RHS- | M] () -- C:\Windows\SysWow64\dxdiagnc.dll
    [2011/08/09 05:45:18 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
    [2011/08/09 05:45:18 | 000,019,576 | ---- | C] () -- C:\Windows\SysNative\SsiEfr.exe
    [2011/07/31 14:23:58 | 000,476,672 | ---- | C] () -- C:\Windows\nxpunist.exe

    :Files
    C:\32788R22FWJFW
    ipconfig /flushdns /c
    ipconfig /all /c
    nslookup google.com /c
    nslookup yahoo.com /c
    ping -n 2 google.com /c
    ping -n 2 yahoo.com /c
    route print /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 3


Please don't forget to include these items in your reply:


  • OTL fix log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#3
brick928

brick928

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi Maliprog thanks for your help,

here is my OTL log ... I tried running the fix you said, but OTL kept freezing up and not responding.
Also, in the middle of the scan an error message comes up and says
"Cannot create file C:\Windows\System32\drivers\etc\hosts"


Files\Folders moved on Reboot...
File move failed. C:\Windows\SysWOW64\wrLZMA.dll scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SsiEfr.exe scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Edited by brick928, 11 August 2011 - 08:26 PM.

  • 0

#4
brick928

brick928

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ASWMBR scan:
aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-11 22:17:33
-----------------------------
22:17:33.818 OS Version: Windows x64 6.1.7601 Service Pack 1
22:17:33.818 Number of processors: 4 586 0x2A07
22:17:33.818 ComputerName: MICHELINA-VAIO UserName: Michelina
22:17:34.832 Initialize success
22:17:50.803 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:17:50.809 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
22:17:50.825 Disk 0 MBR read successfully
22:17:50.830 Disk 0 MBR scan
22:17:50.835 Disk 0 Windows 7 default MBR code
22:17:50.841 Service scanning
22:17:52.721 Modules scanning
22:17:52.728 Disk 0 trace - called modules:
22:17:52.735
22:17:52.741 Scan finished successfully
22:21:55.814 Disk 0 MBR has been saved successfully to "C:\Users\Michelina\Desktop\MBR.dat"
22:21:55.814 The log file has been saved successfully to "C:\Users\Michelina\Desktop\aswMBR.txt"


Thanks!
  • 0

#5
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi brick928,

You are right. OTL didn't finish his job. Please try to run Step 1 again but this time from Safe mode with networking

Please restart in safe mode:
  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode with networking option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

  • 0

#6
brick928

brick928

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ran the fix in safe mode, seems to still be having the redirect problem. here are the results:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\8DDYX0ZBPZ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:ows\w deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:ows\w deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:椀渀搀漀眀猀 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:ᘀ堀㄀ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:椀渀搀漀眀猀 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:ᘀ堀㄀ deleted successfully.
File C:\Windows\tasks\UAGNECRRTU.job not found.
File C:\Windows\SysWow64\dxdiagnc.dll not found.
C:\Windows\SysWOW64\wrLZMA.dll moved successfully.
C:\Windows\SysNative\SsiEfr.exe moved successfully.
File C:\Windows\nxpunist.exe not found.
========== FILES ==========
File\Folder C:\32788R22FWJFW not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Michelina\Desktop\cmd.bat deleted successfully.
C:\Users\Michelina\Desktop\cmd.txt deleted successfully.
< ipconfig /all /c >
Windows IP Configuration
Host Name . . . . . . . . . . . . : Michelina-VAIO
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 40-25-C2-1D-E2-7D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 6150
Physical Address. . . . . . . . . : 40-25-C2-1D-E2-7C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c133:769e:bdc:6bf6%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, August 13, 2011 2:50:49 PM
Lease Expires . . . . . . . . . . : Sunday, August 14, 2011 2:50:48 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 322971074
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-78-67-53-78-84-3C-93-AF-21
DNS Servers . . . . . . . . . . . : 192.168.1.1
68.237.161.12
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : 78-84-3C-93-AF-21
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Reusable ISATAP Interface {0F61166C-D197-4676-A3A4-AD856548CC9A}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{0AF1AD6F-AA25-47D6-9FF3-8A2A9D1A5E77}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{3AECB157-FE67-4E48-BE97-5CE1E0682ED1}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{5EECAD8D-E2C3-4F9C-91E3-7490C63E1274}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.home:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{2EC5A5DC-9741-4280-BEC2-92CDEF797BD8}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\Michelina\Desktop\cmd.bat deleted successfully.
C:\Users\Michelina\Desktop\cmd.txt deleted successfully.
< nslookup google.com /c >
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1
Name: google.com
Addresses: 74.125.226.112
74.125.226.114
74.125.226.116
74.125.226.115
74.125.226.113
C:\Users\Michelina\Desktop\cmd.bat deleted successfully.
C:\Users\Michelina\Desktop\cmd.txt deleted successfully.
< nslookup yahoo.com /c >
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1
Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65
C:\Users\Michelina\Desktop\cmd.bat deleted successfully.
C:\Users\Michelina\Desktop\cmd.txt deleted successfully.
< ping -n 2 google.com /c >
Pinging google.com [74.125.226.116] with 32 bytes of data:
Reply from 74.125.226.116: bytes=32 time=8ms TTL=55
Reply from 74.125.226.116: bytes=32 time=8ms TTL=54
Ping statistics for 74.125.226.116:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 8ms, Maximum = 8ms, Average = 8ms
C:\Users\Michelina\Desktop\cmd.bat deleted successfully.
C:\Users\Michelina\Desktop\cmd.txt deleted successfully.
< ping -n 2 yahoo.com /c >
Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=105ms TTL=56
Reply from 72.30.2.43: bytes=32 time=95ms TTL=56
Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 95ms, Maximum = 105ms, Average = 100ms
C:\Users\Michelina\Desktop\cmd.bat deleted successfully.
C:\Users\Michelina\Desktop\cmd.txt deleted successfully.
< route print /c >
===========================================================================
Interface List
14...40 25 c2 1d e2 7d ......Microsoft Virtual WiFi Miniport Adapter
13...40 25 c2 1d e2 7c ......Intel® Centrino® Wireless-N 6150
11...78 84 3c 93 af 21 ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
1...........................Software Loopback Interface 1
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.4 281
192.168.1.4 255.255.255.255 On-link 192.168.1.4 281
192.168.1.255 255.255.255.255 On-link 192.168.1.4 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.4 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.4 281
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
13 281 fe80::/64 On-link
13 281 fe80::c133:769e:bdc:6bf6/128
On-link
1 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
C:\Users\Michelina\Desktop\cmd.bat deleted successfully.
C:\Users\Michelina\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Michelina
->Temp folder emptied: 15817982 bytes
->Temporary Internet Files folder emptied: 53574762 bytes
->Java cache emptied: 7969490 bytes
->FireFox cache emptied: 43937194 bytes
->Flash cache emptied: 470 bytes

User: Public

%systemdrive% .tmp files removed: 80370 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64559015 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 58831 bytes
RecycleBin emptied: 12055810 bytes

Total Files Cleaned = 189.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Michelina
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08132011_145528

Files\Folders moved on Reboot...
C:\Users\Michelina\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Edited by brick928, 13 August 2011 - 01:14 PM.

  • 0

#7
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi brick928,

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\\ComboFix.txt log in your next reply.
  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
You can write all problems here. There is no need to write me a messages. Try to run Combofix in Safe mode

To restart in safe mode:
  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

  • 0

#9
brick928

brick928

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ComboFix 11-08-17.03 - Michelina 08/17/2011 17:38:26.3.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.3048 [GMT -4:00]
Running from: c:\users\Michelina\Desktop\ComboFix.exe
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Michelina\AppData\Roaming\Mozilla\Firefox\Profiles\iyu5p2yk.default\extensions\{091c4167-6158-4661-bc73-6ee645096741}
c:\users\Michelina\AppData\Roaming\Mozilla\Firefox\Profiles\iyu5p2yk.default\extensions\{091c4167-6158-4661-bc73-6ee645096741}\chrome.manifest
c:\users\Michelina\AppData\Roaming\Mozilla\Firefox\Profiles\iyu5p2yk.default\extensions\{091c4167-6158-4661-bc73-6ee645096741}\chrome\xulcache.jar
c:\users\Michelina\AppData\Roaming\Mozilla\Firefox\Profiles\iyu5p2yk.default\extensions\{091c4167-6158-4661-bc73-6ee645096741}\defaults\preferences\xulcache.js
c:\users\Michelina\AppData\Roaming\Mozilla\Firefox\Profiles\iyu5p2yk.default\extensions\{091c4167-6158-4661-bc73-6ee645096741}\install.rdf
c:\users\Michelina\AppData\Roaming\Mozilla\Firefox\Profiles\iyu5p2yk.default\extensions\{dfc7f2c6-cc46-45d9-bd63-21b37608640e}
c:\users\Michelina\AppData\Roaming\Mozilla\Firefox\Profiles\iyu5p2yk.default\extensions\{dfc7f2c6-cc46-45d9-bd63-21b37608640e}\chrome.manifest
c:\users\Michelina\AppData\Roaming\Mozilla\Firefox\Profiles\iyu5p2yk.default\extensions\{dfc7f2c6-cc46-45d9-bd63-21b37608640e}\chrome\xulcache.jar
c:\users\Michelina\AppData\Roaming\Mozilla\Firefox\Profiles\iyu5p2yk.default\extensions\{dfc7f2c6-cc46-45d9-bd63-21b37608640e}\defaults\preferences\xulcache.js
c:\users\Michelina\AppData\Roaming\Mozilla\Firefox\Profiles\iyu5p2yk.default\extensions\{dfc7f2c6-cc46-45d9-bd63-21b37608640e}\install.rdf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BITS32
-------\Service_RpcSs32
-------\Service_wmiApSrv32
.
.
((((((((((((((((((((((((( Files Created from 2011-07-17 to 2011-08-17 )))))))))))))))))))))))))))))))
.
.
2011-08-17 21:43 . 2011-08-17 21:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-17 17:52 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8659FA4B-ABC5-4915-B77F-6A1A554726B0}\mpengine.dll
2011-08-12 00:51 . 2011-08-12 00:51 -------- d-----w- c:\users\Michelina\AppData\Local\Programs
2011-08-11 23:15 . 2011-08-11 23:15 -------- d-----w- C:\_OTL
2011-08-10 18:36 . 2011-07-16 05:41 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-22 21:35 . 2011-07-22 21:35 -------- d-----w- c:\users\Michelina\AppData\Roaming\Malwarebytes
2011-07-22 21:34 . 2011-07-06 23:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-22 21:34 . 2011-07-22 21:34 -------- d-----w- c:\programdata\Malwarebytes
2011-07-22 21:34 . 2011-07-22 21:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-22 21:34 . 2011-07-06 23:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 04:26 . 2011-08-10 18:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-12 11:40 . 2011-07-12 11:40 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-11 14:07 . 2011-06-27 02:17 136224 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2011-07-11 14:07 . 2011-06-27 02:17 56920 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2011-06-27 01:56 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-11 03:07 . 2011-07-12 23:02 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-06-01 22:12 . 2011-06-01 22:12 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2011-06-01 22:12 . 2011-06-01 22:12 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui
2011-06-01 22:12 . 2011-06-01 22:12 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui
2011-06-01 22:12 . 2011-06-01 22:12 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui
2011-06-01 22:12 . 2011-06-01 22:12 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2011-06-01 22:11 . 2011-06-01 22:11 44032 ----a-w- c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui
2011-06-01 21:39 . 2011-06-01 21:39 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-06-01 21:38 . 2011-06-01 21:38 521448 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-24 23:14 . 2010-11-21 03:27 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-06-29 11:48 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 11:48 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 11:48 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 11:48 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 11:48 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF28891.cfxxe" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"WebrootTrayApp"="c:\program files (x86)\Webroot\Security\Current\Framework\WRTray.exe" [2011-08-07 1382984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"combofix"="c:\combofix\CF28891.cfxxe" [X]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
R2 ACDaemon32;ArcSoft Connect Daemon ;c:\programdata\hcproviders32.exe [x]
R2 ACDaemon3232;ArcSoft Connect Daemon ;c:\programdata\WindowsCodecsExt32.exe [x]
R2 ACDaemon323232;ArcSoft Connect Daemon ;c:\programdata\fdWNet32.exe [x]
R2 ACDaemon32323232;ArcSoft Connect Daemon ;c:\programdata\KBDA132.exe [x]
R2 AeLookupSvc32;Application Experience ;c:\programdata\IconCodecService32.exe [x]
R2 AeLookupSvc3232;Application Experience ;c:\programdata\sscore32.exe [x]
R2 AeLookupSvc323232;Application Experience ;c:\programdata\PerfCenterCPL32.exe [x]
R2 AeLookupSvc32323232;Application Experience ;c:\programdata\mfc100rus32.exe [x]
R2 ALG3232;Application Layer Gateway Service ;c:\programdata\comsvcs32.exe [x]
R2 ALG323232;Application Layer Gateway Service ;c:\programdata\secproc32.exe [x]
R2 AppIDSvc32;Application Identity ;c:\programdata\usbperf32.exe [x]
R2 AppIDSvc3232;Application Identity ;c:\programdata\tvratings32.exe [x]
R2 AppIDSvc323232;Application Identity ;c:\programdata\synceng32.exe [x]
R2 Appinfo32;Application Information ;c:\programdata\mscoree32.exe [x]
R2 Appinfo3232;Application Information ;c:\programdata\KBDIT32.exe [x]
R2 aspnet_state32;ASP.NET State Service ;c:\programdata\d3d10_132.exe [x]
R2 aspnet_state3232;ASP.NET State Service ;c:\programdata\ExplorerFrame32.exe [x]
R2 aspnet_state323232;ASP.NET State Service ;c:\programdata\KBDCZ232.exe [x]
R2 aspnet_state32323232;ASP.NET State Service ;c:\programdata\pots32.exe [x]
R2 aspnet_state3232323232;ASP.NET State Service ;c:\programdata\hcproviders32.exe [x]
R2 aspnet_state323232323232;ASP.NET State Service ;c:\programdata\C_ISCII32.exe [x]
R2 aspnet_state32323232323232;ASP.NET State Service ;c:\programdata\PresentationHostProxy32.exe [x]
R2 AudioEndpointBuilder32;Windows Audio Endpoint Builder ;c:\programdata\KBDHEPT32.exe [x]
R2 AudioEndpointBuilder3232;Windows Audio Endpoint Builder ;c:\programdata\srhelper32.exe [x]
R2 AudioEndpointBuilder323232;Windows Audio Endpoint Builder ;c:\programdata\aspnet_counters32.exe [x]
R2 AudioEndpointBuilder32323232;Windows Audio Endpoint Builder ;c:\programdata\pstorsvc32.exe [x]
R2 AudioEndpointBuilder3232323232;Windows Audio Endpoint Builder ;c:\programdata\IPHLPAPI32.exe [x]
R2 AudioEndpointBuilder323232323232;Windows Audio Endpoint Builder ;c:\programdata\olethk3232.exe [x]
R2 AudioEndpointBuilder32323232323232;Windows Audio Endpoint Builder ;c:\programdata\eventcls32.exe [x]
R2 AudioEndpointBuilder3232323232323232;Windows Audio Endpoint Builder ;c:\programdata\SyncInfrastructure32.exe [x]
R2 AudioEndpointBuilder323232323232323232;Windows Audio Endpoint Builder ;c:\programdata\p2pcollab32.exe [x]
R2 AudioSrv32;Windows Audio ;c:\programdata\deskperf32.exe [x]
R2 AudioSrv3232;Windows Audio ;c:\programdata\wsock3232.exe [x]
R2 AudioSrv323232;Windows Audio ;c:\programdata\WABSyncProvider32.exe [x]
R2 AxInstSV32;ActiveX Installer (AxInstSV) ;c:\programdata\olethk3232.exe [x]
R2 AxInstSV3232;ActiveX Installer (AxInstSV) ;c:\programdata\dot3api32.exe [x]
R2 AxInstSV323232;ActiveX Installer (AxInstSV) ;c:\programdata\iTVData32.exe [x]
R2 BDESVC32;BitLocker Drive Encryption Service ;c:\programdata\advapi3232.exe [x]
R2 BDESVC3232;BitLocker Drive Encryption Service ;c:\programdata\propsys32.exe [x]
R2 BDESVC323232;BitLocker Drive Encryption Service ;c:\programdata\winusb32.exe [x]
R2 BDESVC32323232;BitLocker Drive Encryption Service ;c:\programdata\wuapi32.exe [x]
R2 BDESVC3232323232;BitLocker Drive Encryption Service ;c:\programdata\ureg32.exe [x]
R2 BDESVC323232323232;BitLocker Drive Encryption Service ;c:\programdata\mscat3232.exe [x]
R2 BDESVC32323232323232;BitLocker Drive Encryption Service ;c:\programdata\KBDTURME32.exe [x]
R2 BFE32;Base Filtering Engine ;c:\programdata\COLORCNV32.exe [x]
R2 BFE3232;Base Filtering Engine ;c:\programdata\KBDURDU32.exe [x]
R2 BITS3232;Background Intelligent Transfer Service ;c:\programdata\kbd106n32.exe [x]
R2 BITS323232;Background Intelligent Transfer Service ;c:\programdata\api-ms-win-core-synch-l1-1-032.exe [x]
R2 BITS32323232;Background Intelligent Transfer Service ;c:\programdata\dpx32.exe [x]
R2 BITS3232323232;Background Intelligent Transfer Service ;c:\programdata\AuthFWGP32.exe [x]
R2 BITS323232323232;Background Intelligent Transfer Service ;c:\programdata\docprop32.exe [x]
R2 BITS32323232323232;Background Intelligent Transfer Service ;c:\programdata\NlsData001032.exe [x]
R2 Browser32;Computer Browser ;c:\programdata\mscms32.exe [x]
R2 Browser3232;Computer Browser ;c:\programdata\ds32gt32.exe [x]
R2 Browser323232;Computer Browser ;c:\programdata\KBDSG32.exe [x]
R2 Browser32323232;Computer Browser ;c:\programdata\dpapiprovider32.exe [x]
R2 Browser3232323232;Computer Browser ;c:\programdata\d3d832.exe [x]
R2 Browser323232323232;Computer Browser ;c:\programdata\ncryptui32.exe [x]
R2 Browser32323232323232;Computer Browser ;c:\programdata\spwizimg32.exe [x]
R2 Browser3232323232323232;Computer Browser ;c:\programdata\KBDGKL32.exe [x]
R2 Browser323232323232323232;Computer Browser ;c:\programdata\XAPOFX1_532.exe [x]
R2 Browser32323232323232323232;Computer Browser ;c:\programdata\iprop32.exe [x]
R2 bthserv32;Bluetooth Support Service ;c:\programdata\dskquota32.exe [x]
R2 bthserv3232;Bluetooth Support Service ;c:\programdata\ipsmsnap32.exe [x]
R2 bthserv323232;Bluetooth Support Service ;c:\programdata\mgmtapi32.exe [x]
R2 bthserv32323232;Bluetooth Support Service ;c:\programdata\sas32.exe [x]
R2 CertPropSvc32;Certificate Propagation ;c:\programdata\compstui32.exe [x]
R2 CertPropSvc3232;Certificate Propagation ;c:\programdata\wshcon32.exe [x]
R2 CertPropSvc323232;Certificate Propagation ;c:\programdata\prnfldr32.exe [x]
R2 clr_optimization_v2.0.50727_323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\programdata\rpcnsh32.exe [x]
R2 clr_optimization_v2.0.50727_32323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\programdata\puiapi32.exe [x]
R2 clr_optimization_v2.0.50727_3232323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\programdata\KBDES32.exe [x]
R2 clr_optimization_v2.0.50727_323232323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\programdata\MFPlay32.exe [x]
R2 clr_optimization_v2.0.50727_32323232323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\programdata\PortableDeviceTypes32.exe [x]
R2 clr_optimization_v2.0.50727_6432;Microsoft .NET Framework NGEN v2.0.50727_X64 ;c:\programdata\mfAACEnc32.exe [x]
R2 clr_optimization_v2.0.50727_643232;Microsoft .NET Framework NGEN v2.0.50727_X64 ;c:\programdata\KBDLT232.exe [x]
R2 clr_optimization_v2.0.50727_64323232;Microsoft .NET Framework NGEN v2.0.50727_X64 ;c:\programdata\davhlpr32.exe [x]
R2 clr_optimization_v2.0.50727_6432323232;Microsoft .NET Framework NGEN v2.0.50727_X64 ;c:\programdata\sppcomapi32.exe [x]
R2 clr_optimization_v2.0.50727_643232323232;Microsoft .NET Framework NGEN v2.0.50727_X64 ;c:\programdata\w32topl32.exe [x]
R2 clr_optimization_v2.0.50727_64323232323232;Microsoft .NET Framework NGEN v2.0.50727_X64 ;c:\programdata\nlhtml32.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_3232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;c:\programdata\api-ms-win-core-util-l1-1-032.exe [x]
R2 clr_optimization_v4.0.30319_323232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;c:\programdata\untfs32.exe [x]
R2 clr_optimization_v4.0.30319_32323232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;c:\programdata\ole232.exe [x]
R2 clr_optimization_v4.0.30319_3232323232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;c:\programdata\KBDLV32.exe [x]
R2 clr_optimization_v4.0.30319_323232323232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;c:\programdata\KBDUSL32.exe [x]
R2 clr_optimization_v4.0.30319_32323232323232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;c:\programdata\olesvr3232.exe [x]
R2 clr_optimization_v4.0.30319_3232323232323232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;c:\programdata\hbaapi32.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 clr_optimization_v4.0.30319_6432;Microsoft .NET Framework NGEN v4.0.30319_X64 ;c:\programdata\KBDRU32.exe [x]
R2 clr_optimization_v4.0.30319_643232;Microsoft .NET Framework NGEN v4.0.30319_X64 ;c:\programdata\DDACLSys32.exe [x]
R2 clr_optimization_v4.0.30319_64323232;Microsoft .NET Framework NGEN v4.0.30319_X64 ;c:\programdata\cewmdm32.exe [x]
R2 clr_optimization_v4.0.30319_6432323232;Microsoft .NET Framework NGEN v4.0.30319_X64 ;c:\programdata\FXSCOM32.exe [x]
R2 clr_optimization_v4.0.30319_643232323232;Microsoft .NET Framework NGEN v4.0.30319_X64 ;c:\programdata\webio32.exe [x]
R2 clr_optimization_v4.0.30319_64323232323232;Microsoft .NET Framework NGEN v4.0.30319_X64 ;c:\programdata\fmifs32.exe [x]
R2 clr_optimization_v4.0.30319_6432323232323232;Microsoft .NET Framework NGEN v4.0.30319_X64 ;c:\programdata\drmv2clt32.exe [x]
R2 clr_optimization_v4.0.30319_643232323232323232;Microsoft .NET Framework NGEN v4.0.30319_X64 ;c:\programdata\KBDINBE232.exe [x]
R2 clr_optimization_v4.0.30319_64323232323232323232;Microsoft .NET Framework NGEN v4.0.30319_X64 ;c:\programdata\KBDHU132.exe [x]
R2 COMSysApp32;COM+ System Application ;c:\programdata\perfproc32.exe [x]
R2 COMSysApp3232;COM+ System Application ;c:\programdata\wscmisetup32.exe [x]
R2 COMSysApp323232;COM+ System Application ;c:\programdata\scrrun32.exe [x]
R2 COMSysApp32323232;COM+ System Application ;c:\programdata\drmmgrtn32.exe [x]
R2 COMSysApp3232323232;COM+ System Application ;c:\programdata\NlsData041632.exe [x]
R2 COMSysApp323232323232;COM+ System Application ;c:\programdata\uudf32.exe [x]
R2 CryptSvc32;Cryptographic Services ;c:\programdata\whealogr32.exe [x]
R2 CryptSvc3232;Cryptographic Services ;c:\programdata\virtdisk32.exe [x]
R2 CryptSvc323232;Cryptographic Services ;c:\programdata\wpcao32.exe [x]
R2 CryptSvc32323232;Cryptographic Services ;c:\programdata\efsadu32.exe [x]
R2 CryptSvc3232323232;Cryptographic Services ;c:\programdata\themeui32.exe [x]
R2 CryptSvc323232323232;Cryptographic Services ;c:\programdata\upnp32.exe [x]
R2 CryptSvc32323232323232;Cryptographic Services ;c:\programdata\api-ms-win-core-localregistry-l1-1-032.exe [x]
R2 cvhsvc32;Client Virtualization Handler ;c:\programdata\iesysprep32.exe [x]
R2 cvhsvc3232;Client Virtualization Handler ;c:\programdata\KBDTH332.exe [x]
R2 cvhsvc323232;Client Virtualization Handler ;c:\programdata\compstui32.exe [x]
R2 cvhsvc32323232;Client Virtualization Handler ;c:\programdata\odexl3232.exe [x]
R2 cvhsvc3232323232;Client Virtualization Handler ;c:\programdata\secproc_isv32.exe [x]
R2 cvhsvc323232323232;Client Virtualization Handler ;c:\programdata\ktmw3232.exe [x]
R2 cvhsvc32323232323232;Client Virtualization Handler ;c:\programdata\KBDDA32.exe [x]
R2 DcomLaunch32;DCOM Server Process Launcher ;c:\programdata\iashlpr32.exe [x]
R2 DcomLaunch3232;DCOM Server Process Launcher ;c:\programdata\KBDFC32.exe [x]
R2 DcomLaunch323232;DCOM Server Process Launcher ;c:\programdata\winrssrv32.exe [x]
R2 DcomLaunch32323232;DCOM Server Process Launcher ;c:\programdata\KBDRO32.exe [x]
R2 DcomLaunch3232323232;DCOM Server Process Launcher ;c:\programdata\serialui32.exe [x]
R2 DcomLaunch323232323232;DCOM Server Process Launcher ;c:\programdata\icm3232.exe [x]
R2 DcomLaunch32323232323232;DCOM Server Process Launcher ;c:\programdata\filemgmt32.exe [x]
R2 defragsvc32;Disk Defragmenter ;c:\programdata\azroles32.exe [x]
R2 defragsvc3232;Disk Defragmenter ;c:\programdata\cic32.exe [x]
R2 defragsvc323232;Disk Defragmenter ;c:\programdata\pdhui32.exe [x]
R2 defragsvc32323232;Disk Defragmenter ;c:\programdata\spnet32.exe [x]
R2 Dhcp32;DHCP Client ;c:\programdata\WMNetMgr32.exe [x]
R2 Dhcp3232;DHCP Client ;c:\programdata\DeviceCenter32.exe [x]
R2 Dhcp323232;DHCP Client ;c:\programdata\miguiresource32.exe [x]
R2 Dhcp32323232;DHCP Client ;c:\programdata\KBDLV132.exe [x]
R2 DMAgent32;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service ;c:\programdata\uxtheme32.exe [x]
R2 DMAgent3232;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service ;c:\programdata\mstext4032.exe [x]
R2 DMAgent323232;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service ;c:\programdata\sas32.exe [x]
R2 DMAgent32323232;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service ;c:\programdata\NlsLexicons002232.exe [x]
R2 Dnscache32;DNS Client ;c:\programdata\OpcServices32.exe [x]
R2 Dnscache3232;DNS Client ;c:\programdata\rasppp32.exe [x]
R2 Dnscache323232;DNS Client ;c:\programdata\ndfetw32.exe [x]
R2 DPS32;Diagnostic Policy Service ;c:\programdata\IPBusEnumProxy32.exe [x]
R2 EapHost32;Extensible Authentication Protocol ;c:\programdata\dmloader32.exe [x]
R2 EapHost3232;Extensible Authentication Protocol ;c:\programdata\D3DCompiler_4132.exe [x]
R2 EapHost323232;Extensible Authentication Protocol ;c:\programdata\SyncHostps32.exe [x]
R2 EapHost32323232;Extensible Authentication Protocol ;c:\programdata\btpanui32.exe [x]
R2 EapHost3232323232;Extensible Authentication Protocol ;c:\programdata\bcryptprimitives32.exe [x]
R2 EapHost323232323232;Extensible Authentication Protocol ;c:\programdata\KBDMLT4732.exe [x]
R2 EapHost32323232323232;Extensible Authentication Protocol ;c:\programdata\msvcr7132.exe [x]
R2 EFS32;Encrypting File System (EFS) ;c:\programdata\KBDGRLND32.exe [x]
R2 EFS3232;Encrypting File System (EFS) ;c:\programdata\iprtrmgr32.exe [x]
R2 EFS323232;Encrypting File System (EFS) ;c:\programdata\syssetup32.exe [x]
R2 EFS32323232;Encrypting File System (EFS) ;c:\programdata\apss32.exe [x]
R2 EFS3232323232;Encrypting File System (EFS) ;c:\programdata\comrepl32.exe [x]
R2 ehRecvr32;Windows Media Center Receiver Service ;c:\programdata\netcorehc32.exe [x]
R2 ehRecvr3232;Windows Media Center Receiver Service ;c:\programdata\mssphtb32.exe [x]
R2 ehRecvr323232;Windows Media Center Receiver Service ;c:\programdata\WinSyncProviders32.exe [x]
R2 ehRecvr32323232;Windows Media Center Receiver Service ;c:\programdata\kbd101a32.exe [x]
R2 ehSched32;Windows Media Center Scheduler Service ;c:\programdata\sti32.exe [x]
R2 ehSched3232;Windows Media Center Scheduler Service ;c:\programdata\tlscsp32.exe [x]
R2 ehSched323232;Windows Media Center Scheduler Service ;c:\programdata\NlsLexicons004932.exe [x]
R2 ehSched32323232;Windows Media Center Scheduler Service ;c:\programdata\ir50_qcx32.exe [x]
R2 eventlog32;Windows Event Log ;c:\programdata\wmdrmnet32.exe [x]
R2 eventlog3232;Windows Event Log ;c:\programdata\nsi32.exe [x]
R2 eventlog323232;Windows Event Log ;c:\programdata\pnpsetup32.exe [x]
R2 eventlog32323232;Windows Event Log ;c:\programdata\d3dx9_3232.exe [x]
R2 eventlog3232323232;Windows Event Log ;c:\programdata\prncache32.exe [x]
R2 eventlog323232323232;Windows Event Log ;c:\programdata\SearchFolder32.exe [x]
R2 eventlog32323232323232;Windows Event Log ;c:\programdata\msvcrt2032.exe [x]
R2 eventlog3232323232323232;Windows Event Log ;c:\programdata\wlanpref32.exe [x]
R2 eventlog323232323232323232;Windows Event Log ;c:\programdata\loghours32.exe [x]
R2 eventlog32323232323232323232;Windows Event Log ;c:\programdata\bidispl32.exe [x]
R2 eventlog3232323232323232323232;Windows Event Log ;c:\programdata\mshtmled32.exe [x]
R2 EventSystem32;COM+ Event System ;c:\programdata\msmpeg2vdec32.exe [x]
R2 EventSystem3232;COM+ Event System ;c:\programdata\msswch32.exe [x]
R2 EventSystem323232;COM+ Event System ;c:\programdata\igdumdx3232.exe [x]
R2 EventSystem32323232;COM+ Event System ;c:\programdata\mmci32.exe [x]
R2 EventSystem3232323232;COM+ Event System ;c:\programdata\WMVENCOD32.exe [x]
R2 EvtEng32;Intel® PROSet/Wireless Event Log ;c:\programdata\WinSync32.exe [x]
R2 EvtEng3232;Intel® PROSet/Wireless Event Log ;c:\programdata\crypt3232.exe [x]
R2 EvtEng323232;Intel® PROSet/Wireless Event Log ;c:\programdata\adsldp32.exe [x]
R2 EvtEng32323232;Intel® PROSet/Wireless Event Log ;c:\programdata\ds32gt32.exe [x]
R2 EvtEng3232323232;Intel® PROSet/Wireless Event Log ;c:\programdata\KBDUR32.exe [x]
R2 Fax32;Fax ;c:\programdata\certmgr32.exe [x]
R2 Fax3232;Fax ;c:\programdata\netmsg32.exe [x]
R2 Fax323232;Fax ;c:\programdata\framedyn32.exe [x]
R2 Fax32323232;Fax ;c:\programdata\cdosys32.exe [x]
R2 Fax3232323232;Fax ;c:\programdata\fdPnp32.exe [x]
R2 Fax323232323232;Fax ;c:\programdata\cmstplua32.exe [x]
R2 Fax32323232323232;Fax ;c:\programdata\wow3232.exe [x]
R2 Fax3232323232323232;Fax ;c:\programdata\KBDUR132.exe [x]
R2 Fax323232323232323232;Fax ;c:\programdata\iasrad32.exe [x]
R2 fdPHost32;Function Discovery Provider Host ;c:\programdata\iasnap32.exe [x]
R2 fdPHost3232;Function Discovery Provider Host ;c:\programdata\netcfgx32.exe [x]
R2 fdPHost323232;Function Discovery Provider Host ;c:\programdata\vdsvd32.exe [x]
R2 fdPHost32323232;Function Discovery Provider Host ;c:\programdata\PortableDeviceClassExtension32.exe [x]
R2 fdPHost3232323232;Function Discovery Provider Host ;c:\programdata\linkinfo32.exe [x]
R2 fdPHost323232323232;Function Discovery Provider Host ;c:\programdata\SynCOM32.exe [x]
R2 FDResPub32;Function Discovery Resource Publication ;c:\programdata\wuwebv32.exe [x]
R2 FontCache3.0.0.032;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\getuname32.exe [x]
R2 FontCache3.0.0.03232;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\sppcext32.exe [x]
R2 FontCache3.0.0.0323232;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\WlanMM32.exe [x]
R2 FontCache3.0.0.032323232;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\kbd101b32.exe [x]
R2 FontCache3.0.0.03232323232;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\w32topl32.exe [x]
R2 FontCache3.0.0.0323232323232;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\mstime32.exe [x]
R2 FontCache3.0.0.032323232323232;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\mssha32.exe [x]
R2 FontCache3.0.0.03232323232323232;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\KBDFI32.exe [x]
R2 FontCache3.0.0.0323232323232323232;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\EhStorShell32.exe [x]
R2 FontCache32;Windows Font Cache Service ;c:\programdata\VAN32.exe [x]
R2 FontCache3232;Windows Font Cache Service ;c:\programdata\dimsroam32.exe [x]
R2 FontCache323232;Windows Font Cache Service ;c:\programdata\msihnd32.exe [x]
R2 FontCache32323232;Windows Font Cache Service ;c:\programdata\onexui32.exe [x]
R2 FontCache3232323232;Windows Font Cache Service ;c:\programdata\keyiso32.exe [x]
R2 FontCache323232323232;Windows Font Cache Service ;c:\programdata\WfHC32.exe [x]
R2 FontCache32323232323232;Windows Font Cache Service ;c:\programdata\ksuser32.exe [x]
R2 gpsvc32;Group Policy Client ;c:\programdata\efscore32.exe [x]
R2 gpsvc3232;Group Policy Client ;c:\programdata\xactengine3_732.exe [x]
R2 gpsvc323232;Group Policy Client ;c:\programdata\msxml4r32.exe [x]
R2 gpsvc32323232;Group Policy Client ;c:\programdata\TSpkg32.exe [x]
R2 hidserv32;Human Interface Device Access ;c:\programdata\NlsData001932.exe [x]
R2 hidserv3232;Human Interface Device Access ;c:\programdata\WlanMM32.exe [x]
R2 hidserv323232;Human Interface Device Access ;c:\programdata\usp1032.exe [x]
R2 hidserv32323232;Human Interface Device Access ;c:\programdata\odfox3232.exe [x]
R2 hkmsvc32;Health Key and Certificate Management ;c:\programdata\msjetoledb4032.exe [x]
R2 hkmsvc3232;Health Key and Certificate Management ;c:\programdata\KBDTAT32.exe [x]
R2 hkmsvc323232;Health Key and Certificate Management ;c:\programdata\mimefilt32.exe [x]
R2 hkmsvc32323232;Health Key and Certificate Management ;c:\programdata\qmgrprxy32.exe [x]
R2 hkmsvc3232323232;Health Key and Certificate Management ;c:\programdata\sbe32.exe [x]
R2 hkmsvc323232323232;Health Key and Certificate Management ;c:\programdata\qedit32.exe [x]
R2 hkmsvc32323232323232;Health Key and Certificate Management ;c:\programdata\licmgr1032.exe [x]
R2 HomeGroupListener32;HomeGroup Listener ;c:\programdata\ntdsapi32.exe [x]
R2 HomeGroupListener3232;HomeGroup Listener ;c:\programdata\wmdmps32.exe [x]
R2 HomeGroupListener323232;HomeGroup Listener ;c:\programdata\WsmSvc32.exe [x]
R2 HomeGroupListener32323232;HomeGroup Listener ;c:\programdata\KBDA232.exe [x]
R2 HomeGroupProvider32;HomeGroup Provider ;c:\programdata\api-ms-win-core-util-l1-1-032.exe [x]
R2 HomeGroupProvider3232;HomeGroup Provider ;c:\programdata\authz32.exe [x]
R2 HomeGroupProvider323232;HomeGroup Provider ;c:\programdata\mswmdm32.exe [x]
R2 HomeGroupProvider32323232;HomeGroup Provider ;c:\programdata\NlsLexicons004732.exe [x]
R2 HomeGroupProvider3232323232;HomeGroup Provider ;c:\programdata\wscproxystub32.exe [x]
R2 HomeGroupProvider323232323232;HomeGroup Provider ;c:\programdata\KBDINUK232.exe [x]
R2 HomeGroupProvider32323232323232;HomeGroup Provider ;c:\programdata\dssec32.exe [x]
R2 IAStorDataMgrSvc32;Intel® Rapid Storage Technology ;c:\programdata\sqlcese3032.exe [x]
R2 IAStorDataMgrSvc3232;Intel® Rapid Storage Technology ;c:\programdata\wsmplpxy32.exe [x]
R2 IAStorDataMgrSvc323232;Intel® Rapid Storage Technology ;c:\programdata\wlanutil32.exe [x]
R2 IAStorDataMgrSvc32323232;Intel® Rapid Storage Technology ;c:\programdata\pcwum32.exe [x]
R2 IAStorDataMgrSvc3232323232;Intel® Rapid Storage Technology ;c:\programdata\vdsvd32.exe [x]
R2 IAStorDataMgrSvc323232323232;Intel® Rapid Storage Technology ;c:\programdata\drtprov32.exe [x]
R2 IconMan_R32;IconMan_R ;c:\programdata\NlsLexicons002632.exe [x]
R2 IconMan_R3232;IconMan_R ;c:\programdata\ws2_3232.exe [x]
R2 IconMan_R323232;IconMan_R ;c:\programdata\ACCTRES32.exe [x]
R2 IconMan_R32323232;IconMan_R ;c:\programdata\vsstrace32.exe [x]
R2 IconMan_R3232323232;IconMan_R ;c:\programdata\iprtprio32.exe [x]
R2 IconMan_R323232323232;IconMan_R ;c:\programdata\netid32.exe [x]
R2 idsvc32;Windows CardSpace ;c:\programdata\iprtrmgr32.exe [x]
R2 idsvc3232;Windows CardSpace ;c:\programdata\uxlibres32.exe [x]
R2 idsvc323232;Windows CardSpace ;c:\programdata\dmsynth32.exe [x]
R2 idsvc32323232;Windows CardSpace ;c:\programdata\ocsetapi32.exe [x]
R2 idsvc3232323232;Windows CardSpace ;c:\programdata\dhcpcsvc32.exe [x]
R2 idsvc323232323232;Windows CardSpace ;c:\programdata\IMJP10K32.exe [x]
R2 IKEEXT32;IKE and AuthIP IPsec Keying Modules ;c:\programdata\fwcfg32.exe [x]
R2 IKEEXT3232;IKE and AuthIP IPsec Keying Modules ;c:\programdata\NlsData000232.exe [x]
R2 IKEEXT323232;IKE and AuthIP IPsec Keying Modules ;c:\programdata\dmscript32.exe [x]
R2 IPBusEnum32;PnP-X IP Bus Enumerator ;c:\programdata\d3dim32.exe [x]
R2 IPBusEnum3232;PnP-X IP Bus Enumerator ;c:\programdata\PlaySndSrv32.exe [x]
R2 IPBusEnum323232;PnP-X IP Bus Enumerator ;c:\programdata\chtbrkr32.exe [x]
R2 IPBusEnum32323232;PnP-X IP Bus Enumerator ;c:\programdata\mtxlegih32.exe [x]
R2 IPBusEnum3232323232;PnP-X IP Bus Enumerator ;c:\programdata\NlsLexicons0c1a32.exe [x]
R2 IPBusEnum323232323232;PnP-X IP Bus Enumerator ;c:\programdata\slwga32.exe [x]
R2 iphlpsvc32;IP Helper ;c:\programdata\netbios32.exe [x]
R2 iphlpsvc3232;IP Helper ;c:\programdata\ndfapi32.exe [x]
R2 iphlpsvc323232;IP Helper ;c:\programdata\msscp32.exe [x]
R2 iphlpsvc32323232;IP Helper ;c:\programdata\nddeapi32.exe [x]
R2 iphlpsvc3232323232;IP Helper ;c:\programdata\catsrvut32.exe [x]
R2 IviRegMgr32;IviRegMgr ;c:\programdata\dfscli32.exe [x]
R2 IviRegMgr3232;IviRegMgr ;c:\programdata\resutils32.exe [x]
R2 IviRegMgr323232;IviRegMgr ;c:\programdata\dwmcore32.exe [x]
R2 IviRegMgr32323232;IviRegMgr ;c:\programdata\KBDEST32.exe [x]
R2 IviRegMgr3232323232;IviRegMgr ;c:\programdata\rnr2032.exe [x]
R2 IviRegMgr323232323232;IviRegMgr ;c:\programdata\TimeDateMUICallback32.exe [x]
R2 IviRegMgr32323232323232;IviRegMgr ;c:\programdata\NAPMONTR32.exe [x]
R2 IviRegMgr3232323232323232;IviRegMgr ;c:\programdata\kerberos32.exe [x]
R2 KeyIso32;CNG Key Isolation ;c:\programdata\dmsynth32.exe [x]
R2 KtmRm32;KtmRm for Distributed Transaction Coordinator ;c:\programdata\wlanutil32.exe [x]
R2 KtmRm3232;KtmRm for Distributed Transaction Coordinator ;c:\programdata\NlsLexicons004b32.exe [x]
R2 LanmanServer32;Server ;c:\programdata\fontsub32.exe [x]
R2 LanmanServer3232;Server ;c:\programdata\profapi32.exe [x]
R2 LanmanServer323232;Server ;c:\programdata\msxml432.exe [x]
R2 LanmanServer32323232;Server ;c:\programdata\elslad32.exe [x]
R2 LanmanServer3232323232;Server ;c:\programdata\QSHVHOST32.exe [x]
R2 LanmanServer323232323232;Server ;c:\programdata\PortableDeviceClassExtension32.exe [x]
R2 LanmanServer32323232323232;Server ;c:\programdata\wkscli32.exe [x]
R2 LanmanServer3232323232323232;Server ;c:\programdata\d3d10_132.exe [x]
R2 LanmanWorkstation32;Workstation ;c:\programdata\msexch4032.exe [x]
R2 LanmanWorkstation3232;Workstation ;c:\programdata\wmdmps32.exe [x]
R2 LanmanWorkstation323232;Workstation ;c:\programdata\dxmasf32.exe [x]
R2 LanmanWorkstation32323232;Workstation ;c:\programdata\dataclen32.exe [x]
R2 LanmanWorkstation3232323232;Workstation ;c:\programdata\avifil3232.exe [x]
R2 LanmanWorkstation323232323232;Workstation ;c:\programdata\pstorec32.exe [x]
R2 LanmanWorkstation32323232323232;Workstation ;c:\programdata\wmpcm32.exe [x]
R2 LanmanWorkstation3232323232323232;Workstation ;c:\programdata\esentprf32.exe [x]
R2 LanmanWorkstation323232323232323232;Workstation ;c:\programdata\wsnmp3232.exe [x]
R2 LanmanWorkstation32323232323232323232;Workstation ;c:\programdata\EhStorPwdMgr32.exe [x]
R2 LanmanWorkstation3232323232323232323232;Workstation ;c:\programdata\NlsLexicons004c32.exe [x]
R2 LanmanWorkstation323232323232323232323232;Workstation ;c:\programdata\ir41_qcx32.exe [x]
R2 LanmanWorkstation32323232323232323232323232;Workstation ;c:\programdata\iashlpr32.exe [x]
R2 LanmanWorkstation3232323232323232323232323232;Workstation ;c:\programdata\expsrv32.exe [x]
R2 LanmanWorkstation323232323232323232323232323232;Workstation ;c:\programdata\DevicePairingFolder32.exe [x]
R2 lltdsvc32;Link-Layer Topology Discovery Mapper ;c:\programdata\netshell32.exe [x]
R2 lltdsvc3232;Link-Layer Topology Discovery Mapper ;c:\programdata\iedkcs3232.exe [x]
R2 lmhosts32;TCP/IP NetBIOS Helper ;c:\programdata\sdiagprv32.exe [x]
R2 lmhosts3232;TCP/IP NetBIOS Helper ;c:\programdata\DeviceDisplayStatusManager32.exe [x]
R2 lmhosts323232;TCP/IP NetBIOS Helper ;c:\programdata\sppwmi32.exe [x]
R2 lmhosts32323232;TCP/IP NetBIOS Helper ;c:\programdata\NlsData004e32.exe [x]
R2 lmhosts3232323232;TCP/IP NetBIOS Helper ;c:\programdata\NlsData002232.exe [x]
R2 lmhosts323232323232;TCP/IP NetBIOS Helper ;c:\programdata\msexch4032.exe [x]
R2 LMS32;Intel® Management and Security Application Local Management Service ;c:\programdata\dbnetlib32.exe [x]
R2 Mcx2Svc32;Media Center Extender Service ;c:\programdata\dmusic32.exe [x]
R2 Mcx2Svc3232;Media Center Extender Service ;c:\programdata\msjet4032.exe [x]
R2 Mcx2Svc323232;Media Center Extender Service ;c:\programdata\batmeter32.exe [x]
R2 Mcx2Svc32323232;Media Center Extender Service ;c:\programdata\ogldrv32.exe [x]
R2 Mcx2Svc3232323232;Media Center Extender Service ;c:\programdata\wlanmsm32.exe [x]
R2 Mcx2Svc323232323232;Media Center Extender Service ;c:\programdata\NcdProp32.exe [x]
R2 MMCSS32;Multimedia Class Scheduler ;c:\programdata\api-ms-win-security-base-l1-1-032.exe [x]
R2 MMCSS3232;Multimedia Class Scheduler ;c:\programdata\COLORCNV32.exe [x]
R2 MMCSS323232;Multimedia Class Scheduler ;c:\programdata\utildll32.exe [x]
R2 MMCSS32323232;Multimedia Class Scheduler ;c:\programdata\KBDEST32.exe [x]
R2 MpsSvc32;Windows Firewall ;c:\programdata\api-ms-win-core-xstate-l1-1-032.exe [x]
R2 MpsSvc3232;Windows Firewall ;c:\programdata\udhisapi32.exe [x]
R2 MpsSvc323232;Windows Firewall ;c:\programdata\KBDUSA32.exe [x]
R2 MpsSvc32323232;Windows Firewall ;c:\programdata\NlsLexicons001832.exe [x]
R2 MpsSvc3232323232;Windows Firewall ;c:\programdata\WMPEncEn32.exe [x]
R2 MpsSvc323232323232;Windows Firewall ;c:\programdata\prflbmsg32.exe [x]
R2 MpsSvc32323232323232;Windows Firewall ;c:\programdata\KBDSL132.exe [x]
R2 MSDTC32;Distributed Transaction Coordinator ;c:\programdata\dhcpcmonitor32.exe [x]
R2 MSDTC3232;Distributed Transaction Coordinator ;c:\programdata\dot3hc32.exe [x]
R2 MSDTC323232;Distributed Transaction Coordinator ;c:\programdata\PortableDeviceConnectApi32.exe [x]
R2 MSDTC32323232;Distributed Transaction Coordinator ;c:\programdata\odtext3232.exe [x]
R2 MSDTC3232323232;Distributed Transaction Coordinator ;c:\programdata\netlogon32.exe [x]
R2 MSDTC323232323232;Distributed Transaction Coordinator ;c:\programdata\iesetup32.exe [x]
R2 MSDTC32323232323232;Distributed Transaction Coordinator ;c:\programdata\tsgqec32.exe [x]
R2 MSiSCSI32;Microsoft iSCSI Initiator Service ;c:\programdata\mprmsg32.exe [x]
R2 MSiSCSI3232;Microsoft iSCSI Initiator Service ;c:\programdata\api-ms-win-core-xstate-l1-1-032.exe [x]
R2 MSiSCSI323232;Microsoft iSCSI Initiator Service ;c:\programdata\mshtmled32.exe [x]
R2 MSiSCSI32323232;Microsoft iSCSI Initiator Service ;c:\programdata\ieakui32.exe [x]
R2 msiserver32;Windows Installer ;c:\programdata\d3dim70032.exe [x]
R2 msiserver3232;Windows Installer ;c:\programdata\NlsLexicons004932.exe [x]
R2 msiserver323232;Windows Installer ;c:\programdata\KBDTH332.exe [x]
R2 msiserver32323232;Windows Installer ;c:\programdata\networkmap32.exe [x]
R2 msiserver3232323232;Windows Installer ;c:\programdata\TaskSchdPS32.exe [x]
R2 msiserver323232323232;Windows Installer ;c:\programdata\ntmarta32.exe [x]
R2 msiserver32323232323232;Windows Installer ;c:\programdata\spwizres32.exe [x]
R2 msiserver3232323232323232;Windows Installer ;c:\programdata\d3dx10_4132.exe [x]
R2 msiserver323232323232323232;Windows Installer ;c:\programdata\d3dx10_4332.exe [x]
R2 MyWiFiDHCPDNS32;Wireless PAN DHCP Server ;c:\programdata\d3dx10_4232.exe [x]
R2 MyWiFiDHCPDNS3232;Wireless PAN DHCP Server ;c:\programdata\KBDTIPRC32.exe [x]
R2 MyWiFiDHCPDNS323232;Wireless PAN DHCP Server ;c:\programdata\asycfilt32.exe [x]
R2 MyWiFiDHCPDNS32323232;Wireless PAN DHCP Server ;c:\programdata\msafd32.exe [x]
R2 MyWiFiDHCPDNS3232323232;Wireless PAN DHCP Server ;c:\programdata\AuthFWGP32.exe [x]
R2 MyWiFiDHCPDNS323232323232;Wireless PAN DHCP Server ;c:\programdata\iasads32.exe [x]
R2 MyWiFiDHCPDNS32323232323232;Wireless PAN DHCP Server ;c:\programdata\cliconfg32.exe [x]
R2 napagent32;Network Access Protection Agent ;c:\programdata\ieakeng32.exe [x]
R2 napagent3232;Network Access Protection Agent ;c:\programdata\PresentationHostProxy32.exe [x]
R2 napagent323232;Network Access Protection Agent ;c:\programdata\d3dxof32.exe [x]
R2 napagent32323232;Network Access Protection Agent ;c:\programdata\iesysprep32.exe [x]
R2 Netlogon32;Netlogon ;c:\programdata\rasgcw32.exe [x]
R2 Netlogon3232;Netlogon ;c:\programdata\UIAutomationCore32.exe [x]
R2 Netlogon323232;Netlogon ;c:\programdata\XpsGdiConverter32.exe [x]
R2 Netlogon32323232;Netlogon ;c:\programdata\dmdlgs32.exe [x]
R2 Netlogon3232323232;Netlogon ;c:\programdata\nshhttp32.exe [x]
R2 Netlogon323232323232;Netlogon ;c:\programdata\ieakeng32.exe [x]
R2 Netlogon32323232323232;Netlogon ;c:\programdata\avicap3232.exe [x]
R2 Netlogon3232323232323232;Netlogon ;c:\programdata\adsldp32.exe [x]
R2 Netlogon323232323232323232;Netlogon ;c:\programdata\tquery32.exe [x]
R2 Netman32;Network Connections ;c:\programdata\LIVESSP32.exe [x]
R2 Netman3232;Network Connections ;c:\programdata\ctl3d3232.exe [x]
R2 Netman323232;Network Connections ;c:\programdata\KBDCA32.exe [x]
R2 Netman32323232;Network Connections ;c:\programdata\user3232.exe [x]
R2 NetMsmqActivator32;Net.Msmq Listener Adapter ;c:\programdata\Vault32.exe [x]
R2 NetMsmqActivator3232;Net.Msmq Listener Adapter ;c:\programdata\DDACLSys32.exe [x]
R2 NetMsmqActivator323232;Net.Msmq Listener Adapter ;c:\programdata\mshtmler32.exe [x]
R2 NetMsmqActivator32323232;Net.Msmq Listener Adapter ;c:\programdata\kbd101c32.exe [x]
R2 NetMsmqActivator3232323232;Net.Msmq Listener Adapter ;c:\programdata\msvcrt32.exe [x]
R2 NetMsmqActivator323232323232;Net.Msmq Listener Adapter ;c:\programdata\AltTab32.exe [x]
R2 NetPipeActivator32;Net.Pipe Listener Adapter ;c:\programdata\mcicda32.exe [x]
R2 NetPipeActivator3232;Net.Pipe Listener Adapter ;c:\programdata\tzres32.exe [x]
R2 NetPipeActivator323232;Net.Pipe Listener Adapter ;c:\programdata\msnetobj32.exe [x]
R2 NetPipeActivator32323232;Net.Pipe Listener Adapter ;c:\programdata\occache32.exe [x]
R2 NetPipeActivator3232323232;Net.Pipe Listener Adapter ;c:\programdata\cca32.exe [x]
R2 netprofm32;Network List Service ;c:\programdata\KBDLT232.exe [x]
R2 netprofm3232;Network List Service ;c:\programdata\wmvdspa32.exe [x]
R2 netprofm323232;Network List Service ;c:\programdata\nci32.exe [x]
R2 netprofm32323232;Network List Service ;c:\programdata\dpnhpast32.exe [x]
R2 netprofm3232323232;Network List Service ;c:\programdata\KBDBGPH32.exe [x]
R2 netprofm323232323232;Network List Service ;c:\programdata\RPCNDFP32.exe [x]
R2 netprofm32323232323232;Network List Service ;c:\programdata\dxtrans32.exe [x]
R2 netprofm3232323232323232;Network List Service ;c:\programdata\perfctrs32.exe [x]
R2 NetTcpActivator32;Net.Tcp Listener Adapter ;c:\programdata\api-ms-win-core-synch-l1-1-032.exe [x]
R2 NetTcpActivator3232;Net.Tcp Listener Adapter ;c:\programdata\ActionCenterCPL32.exe [x]
R2 NetTcpActivator323232;Net.Tcp Listener Adapter ;c:\programdata\wevtapi32.exe [x]
R2 NetTcpPortSharing32;Net.Tcp Port Sharing Service ;c:\programdata\wdi32.exe [x]
R2 NetTcpPortSharing3232;Net.Tcp Port Sharing Service ;c:\programdata\P2PGraph32.exe [x]
R2 NetTcpPortSharing323232;Net.Tcp Port Sharing Service ;c:\programdata\KBDNO32.exe [x]
R2 NlaSvc32;Network Location Awareness ;c:\programdata\KBDKHMR32.exe [x]
R2 NlaSvc3232;Network Location Awareness ;c:\programdata\srvcli32.exe [x]
R2 NlaSvc323232;Network Location Awareness ;c:\programdata\ir41_qc32.exe [x]
R2 NlaSvc32323232;Network Location Awareness ;c:\programdata\clbcatq32.exe [x]
R2 NlaSvc3232323232;Network Location Awareness ;c:\programdata\localsec32.exe [x]
R2 NlaSvc323232323232;Network Location Awareness ;c:\programdata\DWrite32.exe [x]
R2 NlaSvc32323232323232;Network Location Awareness ;c:\programdata\rasplap32.exe [x]
R2 NlaSvc3232323232323232;Network Location Awareness ;c:\programdata\bitsprx432.exe [x]
R2 NlaSvc323232323232323232;Network Location Awareness ;c:\programdata\sppcc32.exe [x]
R2 nsi32;Network Store Interface Service ;c:\programdata\setupcln32.exe [x]
R2 nsi3232;Network Store Interface Service ;c:\programdata\DevicePairingProxy32.exe [x]
R2 nsi323232;Network Store Interface Service ;c:\programdata\dot3gpclnt32.exe [x]
R2 nsi32323232;Network Store Interface Service ;c:\programdata\mferror32.exe [x]
R2 nsi3232323232;Network Store Interface Service ;c:\programdata\mstscax32.exe [x]
R2 nsi323232323232;Network Store Interface Service ;c:\programdata\msvcrt4032.exe [x]
R2 nsi32323232323232;Network Store Interface Service ;c:\programdata\mswstr1032.exe [x]
R2 nsi3232323232323232;Network Store Interface Service ;c:\programdata\KBDROPR32.exe [x]
R2 Oasis2Service32;Oasis2Service ;c:\programdata\RESAMPLEDMO32.exe [x]
R2 Oasis2Service3232;Oasis2Service ;c:\programdata\adsldpc32.exe [x]
R2 Oasis2Service323232;Oasis2Service ;c:\programdata\version32.exe [x]
R2 Oasis2Service32323232;Oasis2Service ;c:\programdata\Apphlpdm32.exe [x]
R2 Oasis2Service3232323232;Oasis2Service ;c:\programdata\netfxperf32.exe [x]
R2 Oasis2Service323232323232;Oasis2Service ;c:\programdata\dnscmmc32.exe [x]
R2 Oasis2Service32323232323232;Oasis2Service ;c:\programdata\napipsec32.exe [x]
R2 ose32;Office Source Engine ;c:\programdata\api-ms-win-core-interlocked-l1-1-032.exe [x]
R2 ose3232;Office Source Engine ;c:\programdata\wmdmps32.exe [x]
R2 ose323232;Office Source Engine ;c:\programdata\mssprxy32.exe [x]
R2 ose32323232;Office Source Engine ;c:\programdata\KBDLV132.exe [x]
R2 ose3232323232;Office Source Engine ;c:\programdata\taskcomp32.exe [x]
R2 osppsvc32;Office Software Protection Platform ;c:\programdata\netiohlp32.exe [x]
R2 osppsvc3232;Office Software Protection Platform ;c:\programdata\winsta32.exe [x]
R2 osppsvc323232;Office Software Protection Platform ;c:\programdata\dxtmsft32.exe [x]
R2 osppsvc32323232;Office Software Protection Platform ;c:\programdata\wmdrmdev32.exe [x]
R2 osppsvc3232323232;Office Software Protection Platform ;c:\programdata\tsbyuv32.exe [x]
R2 osppsvc323232323232;Office Software Protection Platform ;c:\programdata\NlsLexicons000332.exe [x]
R2 osppsvc32323232323232;Office Software Protection Platform ;c:\programdata\KBDTH132.exe [x]
R2 osppsvc3232323232323232;Office Software Protection Platform ;c:\programdata\icardres32.exe [x]
R2 p2pimsvc32;Peer Networking Identity Manager ;c:\programdata\spwmp32.exe [x]
R2 p2pimsvc3232;Peer Networking Identity Manager ;c:\programdata\RstrtMgr32.exe [x]
R2 p2pimsvc323232;Peer Networking Identity Manager ;c:\programdata\sqlwoa32.exe [x]
R2 p2pimsvc32323232;Peer Networking Identity Manager ;c:\programdata\StorageContextHandler32.exe [x]
R2 p2pimsvc3232323232;Peer Networking Identity Manager ;c:\programdata\shunimpl32.exe [x]
R2 p2pimsvc323232323232;Peer Networking Identity Manager ;c:\programdata\wshext32.exe [x]
R2 p2pimsvc32323232323232;Peer Networking Identity Manager ;c:\programdata\Faultrep32.exe [x]
R2 p2psvc32;Peer Networking Grouping ;c:\programdata\pnpsetup32.exe [x]
R2 p2psvc3232;Peer Networking Grouping ;c:\programdata\D3DX9_4232.exe [x]
R2 p2psvc323232;Peer Networking Grouping ;c:\programdata\KBDAZE32.exe [x]
R2 p2psvc32323232;Peer Networking Grouping ;c:\programdata\mssitlb32.exe [x]
R2 p2psvc3232323232;Peer Networking Grouping ;c:\programdata\netfxperf32.exe [x]
R2 p2psvc323232323232;Peer Networking Grouping ;c:\programdata\api-ms-win-core-libraryloader-l1-1-032.exe [x]
R2 PcaSvc32;Program Compatibility Assistant Service ;c:\programdata\Sens32.exe [x]
R2 PcaSvc3232;Program Compatibility Assistant Service ;c:\programdata\psisdecd32.exe [x]
R2 PcaSvc323232;Program Compatibility Assistant Service ;c:\programdata\accessibilitycpl32.exe [x]
R2 PcaSvc32323232;Program Compatibility Assistant Service ;c:\programdata\sberes32.exe [x]
R2 PerfHost32;Performance Counter DLL Host ;c:\programdata\mfc100kor32.exe [x]
R2 PerfHost3232;Performance Counter DLL Host ;c:\programdata\adsmsext32.exe [x]
R2 PerfHost323232;Performance Counter DLL Host ;c:\programdata\KBDMAC32.exe [x]
R2 PerfHost32323232;Performance Counter DLL Host ;c:\programdata\NlsLexicons002032.exe [x]
R2 PerfHost3232323232;Performance Counter DLL Host ;c:\programdata\XAudio2_532.exe [x]
R2 PerfHost323232323232;Performance Counter DLL Host ;c:\programdata\msasn132.exe [x]
R2 PerfHost32323232323232;Performance Counter DLL Host ;c:\programdata\api-ms-win-core-sysinfo-l1-1-032.exe [x]
R2 PerfHost3232323232323232;Performance Counter DLL Host ;c:\programdata\mfcm10032.exe [x]
R2 PerfHost323232323232323232;Performance Counter DLL Host ;c:\programdata\NlsLexicons000132.exe [x]
R2 PerfHost32323232323232323232;Performance Counter DLL Host ;c:\programdata\nsi32.exe [x]
R2 pla32;Performance Logs & Alerts ;c:\programdata\eventcls32.exe [x]
R2 pla3232;Performance Logs & Alerts ;c:\programdata\rdpencom32.exe [x]
R2 pla323232;Performance Logs & Alerts ;c:\programdata\tapi3232.exe [x]
R2 pla32323232;Performance Logs & Alerts ;c:\programdata\PortableDeviceWMDRM32.exe [x]
R2 pla3232323232;Performance Logs & Alerts ;c:\programdata\CertEnrollUI32.exe [x]
R2 PlugPlay32;Plug and Play ;c:\programdata\cliconfg32.exe [x]
R2 PlugPlay3232;Plug and Play ;c:\programdata\KBDROST32.exe [x]
R2 PlugPlay323232;Plug and Play ;c:\programdata\gameux32.exe [x]
R2 PlugPlay32323232;Plug and Play ;c:\programdata\fphc32.exe [x]
R2 PlugPlay3232323232;Plug and Play ;c:\programdata\QCLIPROV32.exe [x]
R2 PlugPlay323232323232;Plug and Play ;c:\programdata\migisol32.exe [x]
R2 PMBDeviceInfoProvider32;PMBDeviceInfoProvider ;c:\programdata\KBDTH332.exe [x]
R2 PMBDeviceInfoProvider3232;PMBDeviceInfoProvider ;c:\programdata\olecli3232.exe [x]
R2 PMBDeviceInfoProvider323232;PMBDeviceInfoProvider ;c:\programdata\KBDPL132.exe [x]
R2 PMBDeviceInfoProvider32323232;PMBDeviceInfoProvider ;c:\programdata\XInput9_1_032.exe [x]
R2 PMBDeviceInfoProvider3232323232;PMBDeviceInfoProvider ;c:\programdata\shell3232.exe [x]
R2 PMBDeviceInfoProvider323232323232;PMBDeviceInfoProvider ;c:\programdata\pidgenx32.exe [x]
R2 PMBDeviceInfoProvider32323232323232;PMBDeviceInfoProvider ;c:\programdata\softpub32.exe [x]
R2 PMBDeviceInfoProvider3232323232323232;PMBDeviceInfoProvider ;c:\programdata\npmproxy32.exe [x]
R2 PMBDeviceInfoProvider323232323232323232;PMBDeviceInfoProvider ;c:\programdata\dsuiext32.exe [x]
R2 PNRPAutoReg32;PNRP Machine Name Publication Service ;c:\programdata\umdmxfrm32.exe [x]
R2 PNRPAutoReg3232;PNRP Machine Name Publication Service ;c:\programdata\srclient32.exe [x]
R2 PNRPAutoReg323232;PNRP Machine Name Publication Service ;c:\programdata\vfpodbc32.exe [x]
R2 PNRPAutoReg32323232;PNRP Machine Name Publication Service ;c:\programdata\KBDURDU32.exe [x]
R2 PNRPAutoReg3232323232;PNRP Machine Name Publication Service ;c:\programdata\deskmon32.exe [x]
R2 PNRPAutoReg323232323232;PNRP Machine Name Publication Service ;c:\programdata\mtxex32.exe [x]
R2 PNRPAutoReg32323232323232;PNRP Machine Name Publication Service ;c:\programdata\SmartcardCredentialProvider32.exe [x]
R2 PNRPsvc32;Peer Name Resolution Protocol ;c:\programdata\rnr2032.exe [x]
R2 PNRPsvc3232;Peer Name Resolution Protocol ;c:\programdata\KBDINMAL32.exe [x]
R2 PNRPsvc323232;Peer Name Resolution Protocol ;c:\programdata\mfdvdec32.exe [x]
R2 PolicyAgent32;IPsec Policy Agent ;c:\programdata\crypt3232.exe [x]
R2 PolicyAgent3232;IPsec Policy Agent ;c:\programdata\cabview32.exe [x]
R2 PolicyAgent323232;IPsec Policy Agent ;c:\programdata\shwebsvc32.exe [x]
R2 PolicyAgent32323232;IPsec Policy Agent ;c:\programdata\imapi2fs32.exe [x]
R2 Power32;Power ;c:\programdata\NlsData002032.exe [x]
R2 Power3232;Power ;c:\programdata\msdtcVSp1res32.exe [x]
R2 Power323232;Power ;c:\programdata\vssapi32.exe [x]
R2 Power32323232;Power ;c:\programdata\oleaut3232.exe [x]
R2 Power3232323232;Power ;c:\programdata\wpdwcn32.exe [x]
R2 ProfSvc32;User Profile Service ;c:\programdata\snmpapi32.exe [x]
R2 ProfSvc3232;User Profile Service ;c:\programdata\eapp3hst32.exe [x]
R2 ProfSvc323232;User Profile Service ;c:\programdata\glmf3232.exe [x]
R2 ProfSvc32323232;User Profile Service ;c:\programdata\wshrm32.exe [x]
R2 ProtectedStorage32;Protected Storage ;c:\programdata\wer32.exe [x]
R2 PSI_SVC_232;Protexis Licensing V2 ;c:\programdata\kbd10332.exe [x]
R2 PSI_SVC_23232;Protexis Licensing V2 ;c:\programdata\RESAMPLEDMO32.exe [x]
R2 PSI_SVC_2323232;Protexis Licensing V2 ;c:\programdata\ufat32.exe [x]
R2 QWAVE32;Quality Windows Audio Video Experience ;c:\programdata\perfnet32.exe [x]
R2 QWAVE3232;Quality Windows Audio Video Experience ;c:\programdata\tapisrv32.exe [x]
R2 QWAVE323232;Quality Windows Audio Video Experience ;c:\programdata\ncrypt32.exe [x]
R2 QWAVE32323232;Quality Windows Audio Video Experience ;c:\programdata\NlsLexicons000132.exe [x]
R2 QWAVE3232323232;Quality Windows Audio Video Experience ;c:\programdata\comsnap32.exe [x]
R2 QWAVE323232323232;Quality Windows Audio Video Experience ;c:\programdata\DevicePairingFolder32.exe [x]
R2 QWAVE32323232323232;Quality Windows Audio Video Experience ;c:\programdata\dpapiprovider32.exe [x]
R2 QWAVE3232323232323232;Quality Windows Audio Video Experience ;c:\programdata\ir32_3232.exe [x]
R2 QWAVE323232323232323232;Quality Windows Audio Video Experience ;c:\programdata\Apphlpdm32.exe [x]
R2 RasAuto32;Remote Access Auto Connection Manager ;c:\programdata\ndiscapCfg32.exe [x]
R2 RasAuto3232;Remote Access Auto Connection Manager ;c:\programdata\WebClnt32.exe [x]
R2 RasAuto323232;Remote Access Auto Connection Manager ;c:\programdata\api-ms-win-core-localization-l1-1-032.exe [x]
R2 RasAuto32323232;Remote Access Auto Connection Manager ;c:\programdata\iesetup32.exe [x]
R2 RasAuto3232323232;Remote Access Auto Connection Manager ;c:\programdata\mssvp32.exe [x]
R2 RasAuto323232323232;Remote Access Auto Connection Manager ;c:\programdata\iprtrmgr32.exe [x]
R2 RasAuto32323232323232;Remote Access Auto Connection Manager ;c:\programdata\networkexplorer32.exe [x]
R2 RasMan32;Remote Access Connection Manager ;c:\programdata\unimdmat32.exe [x]
R2 RasMan3232;Remote Access Connection Manager ;c:\programdata\KBDHE22032.exe [x]
R2 RegSrvc32;Intel® PROSet/Wireless Registry Service ;c:\programdata\dfshim32.exe [x]
R2 RegSrvc3232;Intel® PROSet/Wireless Registry Service ;c:\programdata\DevicePairingHandler32.exe [x]
R2 RegSrvc323232;Intel® PROSet/Wireless Registry Service ;c:\programdata\NlsData000332.exe [x]
R2 RegSrvc32323232;Intel® PROSet/Wireless Registry Service ;c:\programdata\ole3232.exe [x]
R2 RegSrvc3232323232;Intel® PROSet/Wireless Registry Service ;c:\programdata\secproc_ssp_isv32.exe [x]
R2 RegSrvc323232323232;Intel® PROSet/Wireless Registry Service ;c:\programdata\CPFilters32.exe [x]
R2 RegSrvc32323232323232;Intel® PROSet/Wireless Registry Service ;c:\programdata\storage32.exe [x]
R2 RegSrvc3232323232323232;Intel® PROSet/Wireless Registry Service ;c:\programdata\opengl3232.exe [x]
R2 RemoteAccess32;Routing and Remote Access ;c:\programdata\inetcomm32.exe [x]
R2 RemoteAccess3232;Routing and Remote Access ;c:\programdata\KBDHEB32.exe [x]
R2 RemoteAccess323232;Routing and Remote Access ;c:\programdata\imapi232.exe [x]
R2 RemoteAccess32323232;Routing and Remote Access ;c:\programdata\SensorsCpl32.exe [x]
R2 RemoteAccess3232323232;Routing and Remote Access ;c:\programdata\WiaExtensionHost6432.exe [x]
R2 RemoteAccess323232323232;Routing and Remote Access ;c:\programdata\dxtrans32.exe [x]
R2 RemoteAccess32323232323232;Routing and Remote Access ;c:\programdata\NlsLexicons002632.exe [x]
R2 RemoteAccess3232323232323232;Routing and Remote Access ;c:\programdata\lz3232.exe [x]
R2 RemoteRegistry3232;Remote Registry ;c:\programdata\devobj32.exe [x]
R2 RemoteRegistry323232;Remote Registry ;c:\programdata\syncui32.exe [x]
R2 RemoteRegistry32323232;Remote Registry ;c:\programdata\msvcr7132.exe [x]
R2 RemoteRegistry3232323232;Remote Registry ;c:\programdata\KBDGRLND32.exe [x]
R2 RemoteRegistry323232323232;Remote Registry ;c:\programdata\kbd106n32.exe [x]
R2 RemoteRegistry32323232323232;Remote Registry ;c:\programdata\nsi32.exe [x]
R2 RemoteRegistry3232323232323232;Remote Registry ;c:\programdata\WsmRes32.exe [x]
R2 RemoteRegistry323232323232323232;Remote Registry ;c:\programdata\PortableDeviceStatus32.exe [x]
R2 RemoteRegistry32323232323232323232;Remote Registry ;c:\programdata\shellstyle32.exe [x]
R2 RemoteRegistry3232323232323232323232;Remote Registry ;c:\programdata\provsvc32.exe [x]
R2 RemoteRegistry323232323232323232323232;Remote Registry ;c:\programdata\stclient32.exe [x]
R2 RpcEptMapper32;RPC Endpoint Mapper ;c:\programdata\chtbrkr32.exe [x]
R2 RpcEptMapper3232;RPC Endpoint Mapper ;c:\programdata\ieaksie32.exe [x]
R2 RpcEptMapper323232;RPC Endpoint Mapper ;c:\programdata\amxread32.exe [x]
R2 RpcEptMapper32323232;RPC Endpoint Mapper ;c:\programdata\d3dramp32.exe [x]
R2 RpcLocator3232;Remote Procedure Call (RPC) Locator ;c:\programdata\msports32.exe [x]
R2 RpcLocator323232;Remote Procedure Call (RPC) Locator ;c:\programdata\cdosys32.exe [x]
R2 RpcLocator32323232;Remote Procedure Call (RPC) Locator ;c:\programdata\pwrshplugin32.exe [x]
R2 RpcSs3232;Remote Procedure Call (RPC) ;c:\programdata\winhttp32.exe [x]
R2 RpcSs323232;Remote Procedure Call (RPC) ;c:\programdata\iprtprio32.exe [x]
R2 RpcSs32323232;Remote Procedure Call (RPC) ;c:\programdata\xwizards32.exe [x]
R2 RpcSs3232323232;Remote Procedure Call (RPC) ;c:\programdata\PhotoMetadataHandler32.exe [x]
R2 RpcSs323232323232;Remote Procedure Call (RPC) ;c:\programdata\WcnEapPeerProxy32.exe [x]
R2 SampleCollector32;VAIO Care Performance Service ;c:\programdata\msacm3232.exe [x]
R2 SampleCollector3232;VAIO Care Performance Service ;c:\programdata\api-ms-win-core-fibers-l1-1-032.exe [x]
R2 SampleCollector323232;VAIO Care Performance Service ;c:\programdata\win32spl32.exe [x]
R2 SampleCollector32323232;VAIO Care Performance Service ;c:\programdata\icmui32.exe [x]
R2 SampleCollector3232323232;VAIO Care Performance Service ;c:\programdata\puiobj32.exe [x]
R2 SamSs32;Security Accounts Manager ;c:\programdata\FirewallAPI32.exe [x]
R2 SamSs3232;Security Accounts Manager ;c:\programdata\KBDINDEV32.exe [x]
R2 SamSs323232;Security Accounts Manager ;c:\programdata\ndishc32.exe [x]
R2 SamSs32323232;Security Accounts Manager ;c:\programdata\wiadefui32.exe [x]
R2 SamSs3232323232;Security Accounts Manager ;c:\programdata\msimtf32.exe [x]
R2 SCardSvr32;Smart Card ;c:\programdata\KBDMAORI32.exe [x]
R2 SCardSvr3232;Smart Card ;c:\programdata\NlsData081a32.exe [x]
R2 SCardSvr323232;Smart Card ;c:\programdata\KBDHEPT32.exe [x]
R2 SCardSvr32323232;Smart Card ;c:\programdata\Faultrep32.exe [x]
R2 SCardSvr3232323232;Smart Card ;c:\programdata\RtsPStorIcon32.exe [x]
R2 SCardSvr323232323232;Smart Card ;c:\programdata\atl10032.exe [x]
R2 SCardSvr32323232323232;Smart Card ;c:\programdata\netprofm32.exe [x]
R2 SCardSvr3232323232323232;Smart Card ;c:\programdata\TapiSysprep32.exe [x]
R2 SCardSvr323232323232323232;Smart Card ;c:\programdata\wintrust32.exe [x]
R2 Schedule32;Task Scheduler ;c:\programdata\NlsLexicons004b32.exe [x]
R2 Schedule3232;Task Scheduler ;c:\programdata\FXSCOMEX32.exe [x]
R2 Schedule323232;Task Scheduler ;c:\programdata\KBDBHC32.exe [x]
R2 Schedule32323232;Task Scheduler ;c:\programdata\sqlceqp3032.exe [x]
R2 Schedule3232323232;Task Scheduler ;c:\programdata\d3dx9_3232.exe [x]
R2 SCPolicySvc32;Smart Card Removal Policy ;c:\programdata\mapistub32.exe [x]
R2 SCPolicySvc3232;Smart Card Removal Policy ;c:\programdata\wcnwiz32.exe [x]
R2 SCPolicySvc323232;Smart Card Removal Policy ;c:\programdata\InkEd32.exe [x]
R2 SCPolicySvc32323232;Smart Card Removal Policy ;c:\programdata\rasgcw32.exe [x]
R2 SDRSVC32;Windows Backup ;c:\programdata\p2pnetsh32.exe [x]
R2 SDRSVC3232;Windows Backup ;c:\programdata\authui32.exe [x]
R2 SDRSVC323232;Windows Backup ;c:\programdata\packager32.exe [x]
R2 SDRSVC32323232;Windows Backup ;c:\programdata\oleprn32.exe [x]
R2 SDRSVC3232323232;Windows Backup ;c:\programdata\iasrad32.exe [x]
R2 SDRSVC323232323232;Windows Backup ;c:\programdata\KBDSL132.exe [x]
R2 SDRSVC32323232323232;Windows Backup ;c:\programdata\uicom32.exe [x]
R2 SDRSVC3232323232323232;Windows Backup ;c:\programdata\oleacc32.exe [x]
R2 SDRSVC323232323232323232;Windows Backup ;c:\programdata\msmpeg2vdec32.exe [x]
R2 SDRSVC32323232323232323232;Windows Backup ;c:\programdata\mscoree32.exe [x]
R2 seclogon32;Secondary Logon ;c:\programdata\setupcln32.exe [x]
R2 seclogon3232;Secondary Logon ;c:\programdata\findnetprinters32.exe [x]
R2 seclogon323232;Secondary Logon ;c:\programdata\catsrvut32.exe [x]
R2 seclogon32323232;Secondary Logon ;c:\programdata\KBDTIPRC32.exe [x]
R2 SENS32;System Event Notification Service ;c:\programdata\nvwgf2um32.exe [x]
R2 SENS3232;System Event Notification Service ;c:\programdata\pngfilt32.exe [x]
R2 SENS323232;System Event Notification Service ;c:\programdata\keyiso32.exe [x]
R2 SENS32323232;System Event Notification Service ;c:\programdata\aaclient32.exe [x]
R2 SENS3232323232;System Event Notification Service ;c:\programdata\wlandlg32.exe [x]
R2 SensrSvc32;Adaptive Brightness ;c:\programdata\winnsi32.exe [x]
R2 SensrSvc3232;Adaptive Brightness ;c:\programdata\WindowsCodecsExt32.exe [x]
R2 SensrSvc323232;Adaptive Brightness ;c:\programdata\onex32.exe [x]
R2 SensrSvc32323232;Adaptive Brightness ;c:\programdata\dsquery32.exe [x]
R2 SensrSvc3232323232;Adaptive Brightness ;c:\programdata\cryptnet32.exe [x]
R2 SensrSvc323232323232;Adaptive Brightness ;c:\programdata\umdmxfrm32.exe [x]
R2 SessionEnv32;Remote Desktop Configuration ;c:\programdata\KBDMLT4732.exe [x]
R2 SessionEnv3232;Remote Desktop Configuration ;c:\programdata\winsta32.exe [x]
R2 SessionEnv323232;Remote Desktop Configuration ;c:\programdata\eventcls32.exe [x]
R2 SessionEnv32323232;Remote Desktop Configuration ;c:\programdata\winipsec32.exe [x]
R2 SessionEnv3232323232;Remote Desktop Configuration ;c:\programdata\KBDCZ132.exe [x]
R2 SessionEnv323232323232;Remote Desktop Configuration ;c:\programdata\txflog32.exe [x]
R2 SessionEnv32323232323232;Remote Desktop Configuration ;c:\programdata\compobj32.exe [x]
R2 SessionEnv3232323232323232;Remote Desktop Configuration ;c:\programdata\odbcconf32.exe [x]
R2 SessionEnv323232323232323232;Remote Desktop Configuration ;c:\programdata\wshirda32.exe [x]
R2 sftlist32;Application Virtualization Client ;c:\programdata\vssapi32.exe [x]
R2 sftlist3232;Application Virtualization Client ;c:\programdata\winnsi32.exe [x]
R2 sftlist323232;Application Virtualization Client ;c:\programdata\wscisvif32.exe [x]
R2 sftlist32323232;Application Virtualization Client ;c:\programdata\dataclen32.exe [x]
R2 sftlist3232323232;Application Virtualization Client ;c:\programdata\mfc100cht32.exe [x]
R2 sftvsa32;Application Virtualization Service Agent ;c:\programdata\msls3132.exe [x]
R2 sftvsa3232;Application Virtualization Service Agent ;c:\programdata\d3d10warp32.exe [x]
R2 sftvsa323232;Application Virtualization Service Agent ;c:\programdata\BOOTVID32.exe [x]
R2 SharedAccess3232;Internet Connection Sharing (ICS) ;c:\programdata\dskquota32.exe [x]
R2 SharedAccess323232;Internet Connection Sharing (ICS) ;c:\programdata\api-ms-win-core-datetime-l1-1-032.exe [x]
R2 SharedAccess32323232;Internet Connection Sharing (ICS) ;c:\programdata\mshtmpgr32.exe [x]
R2 SharedAccess3232323232;Internet Connection Sharing (ICS) ;c:\windows\system32\WMSPDMOD32.exe [x]
R2 ShellHWDetection32;Shell Hardware Detection ;c:\programdata\wlanapi32.exe [x]
R2 ShellHWDetection3232;Shell Hardware Detection ;c:\programdata\catsrv32.exe [x]
R2 ShellHWDetection323232;Shell Hardware Detection ;c:\programdata\msvcrt2032.exe [x]
R2 ShellHWDetection32323232;Shell Hardware Detection ;c:\programdata\dfshim32.exe [x]
R2 ShellHWDetection3232323232;Shell Hardware Detection ;c:\programdata\schannel32.exe [x]
R2 SNMPTRAP32;SNMP Trap ;c:\programdata\kbd101c32.exe [x]
R2 SNMPTRAP3232;SNMP Trap ;c:\programdata\dmloader32.exe [x]
R2 SOHCImp32;VAIO Content Importer ;c:\programdata\ieframe32.exe [x]
R2 SOHCImp3232;VAIO Content Importer ;c:\programdata\mfc100chs32.exe [x]
R2 SOHCImp323232;VAIO Content Importer ;c:\programdata\wshelper32.exe [x]
R2 SOHCImp32323232;VAIO Content Importer ;c:\programdata\winbrand32.exe [x]
R2 SOHCImp3232323232;VAIO Content Importer ;c:\programdata\NlsData002432.exe [x]
R2 SOHCImp323232323232;VAIO Content Importer ;c:\programdata\NlsData002232.exe [x]
R2 SOHCImp32323232323232;VAIO Content Importer ;c:\programdata\xwtpdui32.exe [x]
R2 SOHCImp3232323232323232;VAIO Content Importer ;c:\programdata\NaturalLanguage632.exe [x]
R2 SOHCImp323232323232323232;VAIO Content Importer ;c:\programdata\KBDHELA332.exe [x]
R2 SOHCImp32323232323232323232;VAIO Content Importer ;c:\programdata\xpssvcs32.exe [x]
R2 SOHCImp3232323232323232323232;VAIO Content Importer ;c:\programdata\bitsprx232.exe [x]
R2 SOHDs32;VAIO Device Searcher ;c:\programdata\ACCTRES32.exe [x]
R2 SOHDs3232;VAIO Device Searcher ;c:\programdata\onexui32.exe [x]
R2 SOHDs323232;VAIO Device Searcher ;c:\programdata\NlsLexicons000332.exe [x]
R2 SpfService32;VAIO Entertainment Common Service ;c:\programdata\cabview32.exe [x]
R2 SpfService3232;VAIO Entertainment Common Service ;c:\programdata\davhlpr32.exe [x]
R2 SpfService323232;VAIO Entertainment Common Service ;c:\programdata\RacEngn32.exe [x]
R2 Spooler32;Print Spooler ;c:\programdata\WSManMigrationPlugin32.exe [x]
R2 sppsvc32;Software Protection ;c:\programdata\iaspolcy32.exe [x]
R2 sppsvc3232;Software Protection ;c:\programdata\mswstr1032.exe [x]
R2 sppsvc323232;Software Protection ;c:\programdata\esent32.exe [x]
R2 sppsvc32323232;Software Protection ;c:\programdata\odbccp3232.exe [x]
R2 sppsvc3232323232;Software Protection ;c:\programdata\imapi232.exe [x]
R2 sppsvc323232323232;Software Protection ;c:\programdata\gdi3232.exe [x]
R2 sppuinotify32;SPP Notification Service ;c:\programdata\KBDMLT4832.exe [x]
R2 sppuinotify3232;SPP Notification Service ;c:\programdata\DeviceCenter32.exe [x]
R2 sppuinotify323232;SPP Notification Service ;c:\programdata\uxtheme32.exe [x]
R2 sppuinotify32323232;SPP Notification Service ;c:\programdata\msident32.exe [x]
R2 sppuinotify3232323232;SPP Notification Service ;c:\programdata\dpnathlp32.exe [x]
R2 SSDPSRV3232;SSDP Discovery ;c:\programdata\fms32.exe [x]
R2 SSDPSRV323232;SSDP Discovery ;c:\programdata\certCredProvider32.exe [x]
R2 SSDPSRV32323232;SSDP Discovery ;c:\programdata\msfeedsbs32.exe [x]
R2 SSDPSRV3232323232;SSDP Discovery ;c:\programdata\msltus4032.exe [x]
R2 SSDPSRV323232323232;SSDP Discovery ;c:\programdata\wuwebv32.exe [x]
R2 SSDPSRV32323232323232;SSDP Discovery ;c:\programdata\msctfui32.exe [x]
R2 SSDPSRV3232323232323232;SSDP Discovery ;c:\programdata\ieakeng32.exe [x]
R2 SSDPSRV323232323232323232;SSDP Discovery ;c:\programdata\NlsLexicons081632.exe [x]
R2 SSDPSRV32323232323232323232;SSDP Discovery ;c:\programdata\sspicli32.exe [x]
R2 SstpSvc32;Secure Socket Tunneling Protocol Service ;c:\programdata\ole2disp32.exe [x]
R2 SstpSvc3232;Secure Socket Tunneling Protocol Service ;c:\programdata\KBDGAE32.exe [x]
R2 SstpSvc323232;Secure Socket Tunneling Protocol Service ;c:\programdata\rpchttp32.exe [x]
R2 SstpSvc32323232;Secure Socket Tunneling Protocol Service ;c:\programdata\sud32.exe [x]
R2 SstpSvc3232323232;Secure Socket Tunneling Protocol Service ;c:\programdata\NlsData004c32.exe [x]
R2 SstpSvc323232323232;Secure Socket Tunneling Protocol Service ;c:\programdata\fmifs32.exe [x]
R2 SstpSvc32323232323232;Secure Socket Tunneling Protocol Service ;c:\programdata\avifil3232.exe [x]
R2 stisvc3232;Windows Image Acquisition (WIA) ;c:\programdata\KBDRO32.exe [x]
R2 stisvc323232;Windows Image Acquisition (WIA) ;c:\programdata\mshtml32.exe [x]
R2 stisvc32323232;Windows Image Acquisition (WIA) ;c:\programdata\sdiageng32.exe [x]
R2 swprv32;Microsoft Software Shadow Copy Provider ;c:\programdata\FM20ESP32.exe [x]
R2 swprv3232;Microsoft Software Shadow Copy Provider ;c:\programdata\ufat32.exe [x]
R2 swprv323232;Microsoft Software Shadow Copy Provider ;c:\programdata\netevent32.exe [x]
R2 swprv32323232;Microsoft Software Shadow Copy Provider ;c:\programdata\comuid32.exe [x]
R2 swprv3232323232;Microsoft Software Shadow Copy Provider ;c:\programdata\signdrv32.exe [x]
R2 swprv323232323232;Microsoft Software Shadow Copy Provider ;c:\programdata\KBDBULG32.exe [x]
R2 SysMain32;Superfetch ;c:\windows\system32\KBDHAU32.exe [x]
R2 SysMain3232;Superfetch ;c:\programdata\webcheck32.exe [x]
R2 SysMain323232;Superfetch ;c:\programdata\tlscsp32.exe [x]
R2 SysMain32323232;Superfetch ;c:\programdata\KBDFO32.exe [x]
R2 SysMain3232323232;Superfetch ;c:\programdata\KBDDIV232.exe [x]
R2 SysMain323232323232;Superfetch ;c:\programdata\FWPUCLNT32.exe [x]
R2 SysMain32323232323232;Superfetch ;c:\programdata\WWanAPI32.exe [x]
R2 SysMain3232323232323232;Superfetch ;c:\programdata\qmgrprxy32.exe [x]
R2 SysMain323232323232323232;Superfetch ;c:\programdata\KBDCZ232.exe [x]
R2 TabletInputService32;Tablet PC Input Service ;c:\programdata\winrssrv32.exe [x]
R2 TabletInputService3232;Tablet PC Input Service ;c:\programdata\XAPOFX1_332.exe [x]
R2 TabletInputService323232;Tablet PC Input Service ;c:\programdata\KBDBULG32.exe [x]
R2 TabletInputService32323232;Tablet PC Input Service ;c:\programdata\devobj32.exe [x]
R2 TapiSrv32;Telephony ;c:\programdata\winrssrv32.exe [x]
R2 TBS32;TPM Base Services ;c:\programdata\pdh32.exe [x]
R2 TBS3232;TPM Base Services ;c:\programdata\webio32.exe [x]
R2 TBS323232;TPM Base Services ;c:\programdata\mtxdm32.exe [x]
R2 TBS32323232;TPM Base Services ;c:\programdata\wdscore32.exe [x]
R2 TBS3232323232;TPM Base Services ;c:\programdata\DeviceUxRes32.exe [x]
R2 TermService32;Remote Desktop Services ;c:\programdata\msxml4r32.exe [x]
R2 TermService3232;Remote Desktop Services ;c:\programdata\cabinet32.exe [x]
R2 TermService323232;Remote Desktop Services ;c:\programdata\appidapi32.exe [x]
R2 Themes32;Themes ;c:\programdata\srchadmin32.exe [x]
R2 Themes3232;Themes ;c:\programdata\KBDAL32.exe [x]
R2 Themes323232;Themes ;c:\programdata\werdiagcontroller32.exe [x]
R2 Themes32323232;Themes ;c:\programdata\dhcpcmonitor32.exe [x]
R2 THREADORDER32;Thread Ordering Server ;c:\programdata\oleaut3232.exe [x]
R2 THREADORDER3232;Thread Ordering Server ;c:\programdata\wdscore32.exe [x]
R2 THREADORDER323232;Thread Ordering Server ;c:\programdata\RESAMPLEDMO32.exe [x]
R2 THREADORDER32323232;Thread Ordering Server ;c:\programdata\wwapi32.exe [x]
R2 THREADORDER3232323232;Thread Ordering Server ;c:\programdata\KBDSORST32.exe [x]
R2 THREADORDER323232323232;Thread Ordering Server ;c:\programdata\wiadefui32.exe [x]
R2 THREADORDER32323232323232;Thread Ordering Server ;c:\programdata\snmpapi32.exe [x]
R2 THREADORDER3232323232323232;Thread Ordering Server ;c:\programdata\spwizeng32.exe [x]
R2 THREADORDER323232323232323232;Thread Ordering Server ;c:\programdata\KBDYCC32.exe [x]
R2 TrkWks32;Distributed Link Tracking Client ;c:\programdata\shacct32.exe [x]
R2 TrkWks3232;Distributed Link Tracking Client ;c:\programdata\wship632.exe [x]
R2 TrkWks323232;Distributed Link Tracking Client ;c:\programdata\eapphost32.exe [x]
R2 TrustedInstaller32;Windows Modules Installer ;c:\programdata\KBDSORST32.exe [x]
R2 TrustedInstaller3232;Windows Modules Installer ;c:\programdata\rasadhlp32.exe [x]
R2 TrustedInstaller323232;Windows Modules Installer ;c:\programdata\napipsec32.exe [x]
R2 TrustedInstaller32323232;Windows Modules Installer ;c:\programdata\NlsLexicons000332.exe [x]
R2 TrustedInstaller3232323232;Windows Modules Installer ;c:\programdata\qasf32.exe [x]
R2 TrustedInstaller323232323232;Windows Modules Installer ;c:\programdata\msctfp32.exe [x]
R2 TrustedInstaller32323232323232;Windows Modules Installer ;c:\programdata\Syncreg32.exe [x]
R2 TrustedInstaller3232323232323232;Windows Modules Installer ;c:\programdata\wow3232.exe [x]
R2 TrustedInstaller323232323232323232;Windows Modules Installer ;c:\programdata\racpldlg32.exe [x]
R2 UI0Detect32;Interactive Services Detection ;c:\programdata\mfc42u32.exe [x]
R2 UI0Detect3232;Interactive Services Detection ;c:\programdata\mapi3232.exe [x]
R2 UNS32;Intel® Management and Security Application User Notification Service ;c:\programdata\wscapi32.exe [x]
R2 UNS3232;Intel® Management and Security Application User Notification Service ;c:\programdata\shpafact32.exe [x]
R2 UNS323232;Intel® Management and Security Application User Notification Service ;c:\programdata\aeevts32.exe [x]
R2 UNS32323232;Intel® Management and Security Application User Notification Service ;c:\programdata\wiatrace32.exe [x]
R2 UNS3232323232;Intel® Management and Security Application User Notification Service ;c:\programdata\WsmSvc32.exe [x]
R2 UNS323232323232;Intel® Management and Security Application User Notification Service ;c:\programdata\KBDBU32.exe [x]
R2 UNS32323232323232;Intel® Management and Security Application User Notification Service ;c:\programdata\XAudio2_732.exe [x]
R2 UNS3232323232323232;Intel® Management and Security Application User Notification Service ;c:\programdata\NlsLexicons002432.exe [x]
R2 upnphost32;UPnP Device Host ;c:\programdata\pots32.exe [x]
R2 upnphost3232;UPnP Device Host ;c:\programdata\fdProxy32.exe [x]
R2 upnphost323232;UPnP Device Host ;c:\programdata\msclmd32.exe [x]
R2 upnphost32323232;UPnP Device Host ;c:\programdata\msisip32.exe [x]
R2 upnphost3232323232;UPnP Device Host ;c:\programdata\TSWorkspace32.exe [x]
R2 UxSms32;Desktop Window Manager Session Manager ;c:\programdata\IPHLPAPI32.exe [x]
R2 UxSms3232;Desktop Window Manager Session Manager ;c:\programdata\SessEnv32.exe [x]
R2 UxSms323232;Desktop Window Manager Session Manager ;c:\programdata\dmstyle32.exe [x]
R2 VAIO Event Service32;VAIO Event Service ;c:\programdata\shlwapi32.exe [x]
R2 VAIO Event Service3232;VAIO Event Service ;c:\programdata\whealogr32.exe [x]
R2 VAIO Event Service323232;VAIO Event Service ;c:\programdata\dot3ui32.exe [x]
R2 VAIO Event Service32323232;VAIO Event Service ;c:\programdata\infocardapi32.exe [x]
R2 VAIO Event Service3232323232;VAIO Event Service ;c:\programdata\photowiz32.exe [x]
R2 VAIO Event Service323232323232;VAIO Event Service ;c:\programdata\XInput9_1_032.exe [x]
R2 VaultSvc32;Credential Manager ;c:\programdata\olepro3232.exe [x]
R2 VaultSvc3232;Credential Manager ;c:\programdata\XpsGdiConverter32.exe [x]
R2 VaultSvc323232;Credential Manager ;c:\programdata\WinSATAPI32.exe [x]
R2 VCFw32;VAIO Content Folder Watcher ;c:\programdata\wlanhlp32.exe [x]
R2 VCFw3232;VAIO Content Folder Watcher ;c:\programdata\LAPRXY32.exe [x]
R2 VcmIAlzMgr32;VAIO Content Metadata Intelligent Analyzing Manager ;c:\programdata\ucmhc32.exe [x]
R2 VcmIAlzMgr3232;VAIO Content Metadata Intelligent Analyzing Manager ;c:\programdata\twext32.exe [x]
R2 VcmIAlzMgr323232;VAIO Content Metadata Intelligent Analyzing Manager ;c:\programdata\kbd10332.exe [x]
R2 VcmIAlzMgr32323232;VAIO Content Metadata Intelligent Analyzing Manager ;c:\programdata\crtdll32.exe [x]
R2 VcmINSMgr32;VAIO Content Metadata Intelligent Network Service Manager ;c:\programdata\wshcon32.exe [x]
R2 VcmINSMgr3232;VAIO Content Metadata Intelligent Network Service Manager ;c:\programdata\KBDVNTC32.exe [x]
R2 VcmINSMgr323232;VAIO Content Metadata Intelligent Network Service Manager ;c:\programdata\davclnt32.exe [x]
R2 VcmINSMgr32323232;VAIO Content Metadata Intelligent Network Service Manager ;c:\programdata\KBDSF32.exe [x]
R2 VcmINSMgr3232323232;VAIO Content Metadata Intelligent Network Service Manager ;c:\programdata\BWContextHandler32.exe [x]
R2 VcmXmlIfHelper32;VAIO Content Metadata XML Interface ;c:\programdata\docprop32.exe [x]
R2 VcmXmlIfHelper3232;VAIO Content Metadata XML Interface ;c:\programdata\dmocx32.exe [x]
R2 VcmXmlIfHelper323232;VAIO Content Metadata XML Interface ;c:\programdata\OobeFldr32.exe [x]
R2 VcmXmlIfHelper32323232;VAIO Content Metadata XML Interface ;c:\programdata\mtxdm32.exe [x]
R2 VcmXmlIfHelper3232323232;VAIO Content Metadata XML Interface ;c:\programdata\WMSPDMOE32.exe [x]
R2 VcmXmlIfHelper323232323232;VAIO Content Metadata XML Interface ;c:\programdata\NlsData041632.exe [x]
R2 VcmXmlIfHelper32323232323232;VAIO Content Metadata XML Interface ;c:\programdata\msidcrl3032.exe [x]
R2 VCService32;VCService ;c:\programdata\rasppp32.exe [x]
R2 VCService3232;VCService ;c:\programdata\korwbrkr32.exe [x]
R2 VCService323232;VCService ;c:\programdata\sdohlp32.exe [x]
R2 VCService32323232;VCService ;c:\programdata\MsRdpWebAccess32.exe [x]
R2 vds32;Virtual Disk ;c:\programdata\wmerror32.exe [x]
R2 vds3232;Virtual Disk ;c:\programdata\luainstall32.exe [x]
R2 vds323232;Virtual Disk ;c:\programdata\MsRdpWebAccess32.exe [x]
R2 vds32323232;Virtual Disk ;c:\programdata\NlsData001932.exe [x]
R2 vds3232323232;Virtual Disk ;c:\programdata\msutb32.exe [x]
R2 vds323232323232;Virtual Disk ;c:\programdata\NlsLexicons041432.exe [x]
R2 vds32323232323232;Virtual Disk ;c:\programdata\RpcNs432.exe [x]
R2 vds3232323232323232;Virtual Disk ;c:\programdata\cmlua32.exe [x]
R2 VSNService32;VSNService ;c:\programdata\ieapfltr32.exe [x]
R2 VSNService3232;VSNService ;c:\programdata\DevicePairingFolder32.exe [x]
R2 VSNService323232;VSNService ;c:\programdata\pifmgr32.exe [x]
R2 VSNService32323232;VSNService ;c:\programdata\wiascanprofiles32.exe [x]
R2 VSNService3232323232;VSNService ;c:\programdata\KBDMLT4832.exe [x]
R2 VSNService323232323232;VSNService ;c:\programdata\mfc100ita32.exe [x]
R2 VSNService32323232323232;VSNService ;c:\programdata\mmres32.exe [x]
R2 VSNService3232323232323232;VSNService ;c:\programdata\KBDINBE232.exe [x]
R2 VSS32;Volume Shadow Copy ;c:\programdata\apphelp32.exe [x]
R2 VSS3232;Volume Shadow Copy ;c:\programdata\uxtheme32.exe [x]
R2 VSS323232;Volume Shadow Copy ;c:\programdata\whhelper32.exe [x]
R2 VSS32323232;Volume Shadow Copy ;c:\programdata\inseng32.exe [x]
R2 VSS3232323232;Volume Shadow Copy ;c:\programdata\NlsLexicons002432.exe [x]
R2 VSS323232323232;Volume Shadow Copy ;c:\programdata\loadperf32.exe [x]
R2 VSS32323232323232;Volume Shadow Copy ;c:\programdata\hhsetup32.exe [x]
R2 VUAgent32;VUAgent ;c:\programdata\duser32.exe [x]
R2 VUAgent3232;VUAgent ;c:\programdata\netapi3232.exe [x]
R2 VUAgent323232;VUAgent ;c:\programdata\KBDUZB32.exe [x]
R2 VUAgent32323232;VUAgent ;c:\programdata\wscisvif32.exe [x]
R2 VUAgent3232323232;VUAgent ;c:\programdata\puiobj32.exe [x]
R2 VUAgent323232323232;VUAgent ;c:\programdata\hnetmon32.exe [x]
R2 VUAgent32323232323232;VUAgent ;c:\programdata\xpsservices32.exe [x]
R2 W32Time32;Windows Time ;c:\programdata\WlanMM32.exe [x]
R2 W32Time3232;Windows Time ;c:\programdata\CertEnrollUI32.exe [x]
R2 W32Time323232;Windows Time ;c:\programdata\msfeeds32.exe [x]
R2 W32Time32323232;Windows Time ;c:\programdata\cryptext32.exe [x]
R2 W32Time3232323232;Windows Time ;c:\programdata\msoert232.exe [x]
R2 W32Time323232323232;Windows Time ;c:\programdata\FM20ENU32.exe [x]
R2 W32Time32323232323232;Windows Time ;c:\programdata\msaudite32.exe [x]
R2 W32Time3232323232323232;Windows Time ;c:\programdata\NlsData000032.exe [x]
R2 WatAdminSvc32;Windows Activation Technologies Service ;c:\programdata\authui32.exe [x]
R2 WatAdminSvc3232;Windows Activation Technologies Service ;c:\programdata\esent32.exe [x]
R2 WatAdminSvc323232;Windows Activation Technologies Service ;c:\programdata\ole232.exe [x]
R2 WatAdminSvc32323232;Windows Activation Technologies Service ;c:\programdata\els32.exe [x]
R2 WatAdminSvc3232323232;Windows Activation Technologies Service ;c:\programdata\NlsLexicons001932.exe [x]
R2 wbengine32;Block Level Backup Engine Service ;c:\programdata\upnphost32.exe [x]
R2 wbengine3232;Block Level Backup Engine Service ;c:\programdata\imm3232.exe [x]
R2 wbengine323232;Block Level Backup Engine Service ;c:\programdata\mtxclu32.exe [x]
R2 WbioSrvc32;Windows Biometric Service ;c:\programdata\actxprxy32.exe [x]
R2 WbioSrvc3232;Windows Biometric Service ;c:\programdata\SearchFolder32.exe [x]
R2 WbioSrvc323232;Windows Biometric Service ;c:\programdata\ndiscapCfg32.exe [x]
R2 WbioSrvc32323232;Windows Biometric Service ;c:\programdata\api-ms-win-core-fibers-l1-1-032.exe [x]
R2 WbioSrvc3232323232;Windows Biometric Service ;c:\programdata\crypt3232.exe [x]
R2 WbioSrvc323232323232;Windows Biometric Service ;c:\programdata\api-ms-win-core-fibers-l1-1-032.exe [x]
R2 WbioSrvc32323232323232;Windows Biometric Service ;c:\programdata\XAPOFX1_332.exe [x]
R2 wcncsvc32;Windows Connect Now - Config Registrar ;c:\programdata\wecapi32.exe [x]
R2 wcncsvc3232;Windows Connect Now - Config Registrar ;c:\programdata\dssenh32.exe [x]
R2 wcncsvc323232;Windows Connect Now - Config Registrar ;c:\programdata\sppcext32.exe [x]
R2 WcsPlugInService32;Windows Color System ;c:\programdata\XpsRasterService32.exe [x]
R2 WcsPlugInService3232;Windows Color System ;c:\programdata\mmres32.exe [x]
R2 WdiServiceHost32;Diagnostic Service Host ;c:\programdata\dataclen32.exe [x]
R2 WdiServiceHost3232;Diagnostic Service Host ;c:\programdata\KBDUSR32.exe [x]
R2 WdiServiceHost323232;Diagnostic Service Host ;c:\programdata\TSpkg32.exe [x]
R2 WdiServiceHost32323232;Diagnostic Service Host ;c:\programdata\msorc32r32.exe [x]
R2 WdiServiceHost3232323232;Diagnostic Service Host ;c:\programdata\mfreadwrite32.exe [x]
R2 WdiSystemHost32;Diagnostic System Host ;c:\programdata\KBDHELA232.exe [x]
R2 WdiSystemHost3232;Diagnostic System Host ;c:\programdata\gptext32.exe [x]
R2 WdiSystemHost323232;Diagnostic System Host ;c:\programdata\mscoree32.exe [x]
R2 WdiSystemHost32323232;Diagnostic System Host ;c:\programdata\adsnt32.exe [x]
R2 WebClient32;WebClient ;c:\programdata\rshx3232.exe [x]
R2 WebClient3232;WebClient ;c:\programdata\mfcm10032.exe [x]
R2 WebClient323232;WebClient ;c:\programdata\NlsLexicons000732.exe [x]
R2 WebrootSpySweeperService32;Webroot Spy Sweeper Engine ;c:\programdata\KBDBHC32.exe [x]
R2 WebrootSpySweeperService3232;Webroot Spy Sweeper Engine ;c:\programdata\WindowsCodecs32.exe [x]
R2 WebrootSpySweeperService323232;Webroot Spy Sweeper Engine ;c:\programdata\napdsnap32.exe [x]
R2 WebrootSpySweeperService32323232;Webroot Spy Sweeper Engine ;c:\programdata\KBDAZEL32.exe [x]
R2 WebrootSpySweeperService3232323232;Webroot Spy Sweeper Engine ;c:\programdata\ndproxystub32.exe [x]
R2 WebrootSpySweeperService323232323232;Webroot Spy Sweeper Engine ;c:\programdata\stclient32.exe [x]
R2 WebrootSpySweeperService32323232323232;Webroot Spy Sweeper Engine ;c:\programdata\NlsData041632.exe [x]
R2 WebrootSpySweeperService3232323232323232;Webroot Spy Sweeper Engine ;c:\programdata\KBDDIV132.exe [x]
R2 WebrootSpySweeperService323232323232323232;Webroot Spy Sweeper Engine ;c:\programdata\cryptsp32.exe [x]
R2 Wecsvc32;Windows Event Collector ;c:\programdata\vfwwdm3232.exe [x]
R2 Wecsvc3232;Windows Event Collector ;c:\programdata\KBDTH132.exe [x]
R2 Wecsvc323232;Windows Event Collector ;c:\programdata\ctl3d3232.exe [x]
R2 Wecsvc32323232;Windows Event Collector ;c:\programdata\KernelBase32.exe [x]
R2 Wecsvc3232323232;Windows Event Collector ;c:\programdata\bcryptprimitives32.exe [x]
R2 Wecsvc323232323232;Windows Event Collector ;c:\programdata\LIVESSP32.exe [x]
R2 Wecsvc32323232323232;Windows Event Collector ;c:\programdata\SynTPCOM32.exe [x]
R2 Wecsvc3232323232323232;Windows Event Collector ;c:\programdata\wshcon32.exe [x]
R2 Wecsvc323232323232323232;Windows Event Collector ;c:\programdata\KBDINASA32.exe [x]
R2 wercplsupport32;Problem Reports and Solutions Control Panel Support ;c:\programdata\NlsLexicons002232.exe [x]
R2 wercplsupport3232;Problem Reports and Solutions Control Panel Support ;c:\programdata\msv1_032.exe [x]
R2 wercplsupport323232;Problem Reports and Solutions Control Panel Support ;c:\programdata\oleprn32.exe [x]
R2 wercplsupport32323232;Problem Reports and Solutions Control Panel Support ;c:\programdata\dot3ui32.exe [x]
R2 wercplsupport3232323232;Problem Reports and Solutions Control Panel Support ;c:\programdata\wlanutil32.exe [x]
R2 WerSvc32;Windows Error Reporting Service ;c:\programdata\msrdc32.exe [x]
R2 WerSvc3232;Windows Error Reporting Service ;c:\programdata\urlmon32.exe [x]
R2 WerSvc323232;Windows Error Reporting Service ;c:\programdata\RASMM32.exe [x]
R2 WerSvc32323232;Windows Error Reporting Service ;c:\programdata\msdtcprx32.exe [x]
R2 WiMAXAppSrv32;Intel® PROSet/Wireless WiMAX Service ;c:\programdata\ir50_qcx32.exe [x]
R2 WiMAXAppSrv3232;Intel® PROSet/Wireless WiMAX Service ;c:\programdata\iologmsg32.exe [x]
R2 WiMAXAppSrv323232;Intel® PROSet/Wireless WiMAX Service ;c:\programdata\dbnetlib32.exe [x]
R2 WiMAXAppSrv32323232;Intel® PROSet/Wireless WiMAX Service ;c:\programdata\winbrand32.exe [x]
R2 WiMAXAppSrv3232323232;Intel® PROSet/Wireless WiMAX Service ;c:\programdata\UIRibbonRes32.exe [x]
R2 WiMAXAppSrv323232323232;Intel® PROSet/Wireless WiMAX Service ;c:\programdata\WinSyncMetastore32.exe [x]
R2 WiMAXAppSrv32323232323232;Intel® PROSet/Wireless WiMAX Service ;c:\programdata\comsnap32.exe [x]
R2 WiMAXAppSrv3232323232323232;Intel® PROSet/Wireless WiMAX Service ;c:\programdata\WsmAuto32.exe [x]
R2 WinDefend32;Windows Defender ;c:\programdata\clfsw3232.exe [x]
R2 WinHttpAutoProxySvc32;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\mssph32.exe [x]
R2 WinHttpAutoProxySvc3232;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\wlansec32.exe [x]
R2 WinHttpAutoProxySvc323232;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\KBDSORS132.exe [x]
R2 WinHttpAutoProxySvc32323232;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\wsecedit32.exe [x]
R2 WinHttpAutoProxySvc3232323232;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\NlsLexicons000c32.exe [x]
R2 Winmgmt32;Windows Management Instrumentation ;c:\programdata\NlsLexicons001d32.exe [x]
R2 Winmgmt3232;Windows Management Instrumentation ;c:\programdata\KBDNE32.exe [x]
R2 Winmgmt323232;Windows Management Instrumentation ;c:\programdata\BWUnpairElevated32.exe [x]
R2 Winmgmt32323232;Windows Management Instrumentation ;c:\programdata\pcwum32.exe [x]
R2 WinRM32;Windows Remote Management (WS-Management) ;c:\programdata\framedynos32.exe [x]
R2 WinRM3232;Windows Remote Management (WS-Management) ;c:\programdata\ctl3d3232.exe [x]
R2 WinRM323232;Windows Remote Management (WS-Management) ;c:\programdata\Vault32.exe [x]
R2 WinRM32323232;Windows Remote Management (WS-Management) ;c:\programdata\odbctrac32.exe [x]
R2 WinRM3232323232;Windows Remote Management (WS-Management) ;c:\programdata\KBDFC32.exe [x]
R2 Wlansvc32;WLAN AutoConfig ;c:\programdata\qmgrprxy32.exe [x]
R2 wlcrasvc32;Windows Live Mesh remote connections service ;c:\programdata\ntdsapi32.exe [x]
R2 wlcrasvc3232;Windows Live Mesh remote connections service ;c:\programdata\mprmsg32.exe [x]
R2 wlcrasvc323232;Windows Live Mesh remote connections service ;c:\programdata\mfds32.exe [x]
R2 wlidsvc32;Windows Live ID Sign-in Assistant ;c:\programdata\sqlcese3032.exe [x]
R2 wlidsvc3232;Windows Live ID Sign-in Assistant ;c:\programdata\msvcrt4032.exe [x]
R2 wlidsvc323232;Windows Live ID Sign-in Assistant ;c:\programdata\msvcrt4032.exe [x]
R2 wlidsvc32323232;Windows Live ID Sign-in Assistant ;c:\programdata\NlsLexicons041632.exe [x]
R2 wlidsvc3232323232;Windows Live ID Sign-in Assistant ;c:\programdata\NlsLexicons002032.exe [x]
R2 wmiApSrv3232;WMI Performance Adapter ;c:\programdata\NlsLexicons001d32.exe [x]
R2 wmiApSrv323232;WMI Performance Adapter ;c:\programdata\RASMM32.exe [x]
R2 wmiApSrv32323232;WMI Performance Adapter ;c:\programdata\secproc32.exe [x]
R2 wmiApSrv3232323232;WMI Performance Adapter ;c:\programdata\bcryptprimitives32.exe [x]
R2 wmiApSrv323232323232;WMI Performance Adapter ;c:\programdata\msclmd32.exe [x]
R2 wmiApSrv32323232323232;WMI Performance Adapter ;c:\programdata\msctf32.exe [x]
R2 WMPNetworkSvc32;Windows Media Player Network Sharing Service ;c:\programdata\dot3msm32.exe [x]
R2 WMPNetworkSvc3232;Windows Media Player Network Sharing Service ;c:\programdata\KBDINTAM32.exe [x]
R2 WPCSvc32;Parental Controls ;c:\programdata\xmllite32.exe [x]
R2 WPCSvc3232;Parental Controls ;c:\programdata\PortableDeviceWiaCompat32.exe [x]
R2 WPCSvc323232;Parental Controls ;c:\programdata\msvcr100_clr040032.exe [x]
R2 WPCSvc32323232;Parental Controls ;c:\programdata\dssenh32.exe [x]
R2 WPCSvc3232323232;Parental Controls ;c:\programdata\oleaut3232.exe [x]
R2 WPCSvc323232323232;Parental Controls ;c:\programdata\winbio32.exe [x]
R2 WPDBusEnum32;Portable Device Enumerator Service ;c:\programdata\ig4icd3232.exe [x]
R2 WPDBusEnum3232;Portable Device Enumerator Service ;c:\programdata\KBDBENE32.exe [x]
R2 WPDBusEnum323232;Portable Device Enumerator Service ;c:\programdata\NlsData001332.exe [x]
R2 WRConsumerService32;Webroot Client Service ;c:\programdata\rastapi32.exe [x]
R2 WRConsumerService3232;Webroot Client Service ;c:\programdata\NlsData041432.exe [x]
R2 WRConsumerService323232;Webroot Client Service ;c:\programdata\sdiagprv32.exe [x]
R2 WRConsumerService32323232;Webroot Client Service ;c:\programdata\qwave32.exe [x]
R2 WRConsumerService3232323232;Webroot Client Service ;c:\programdata\tzres32.exe [x]
R2 wscsvc32;Security Center ;c:\programdata\wlaninst32.exe [x]
R2 wscsvc3232;Security Center ;c:\programdata\rasadhlp32.exe [x]
R2 wscsvc323232;Security Center ;c:\programdata\WinSCard32.exe [x]
R2 wscsvc32323232;Security Center ;c:\programdata\adsldpc32.exe [x]
R2 wscsvc3232323232;Security Center ;c:\programdata\msshavmsg32.exe [x]
R2 wscsvc323232323232;Security Center ;c:\programdata\api-ms-win-core-namedpipe-l1-1-032.exe [x]
R2 WSearch32;Windows Search ;c:\programdata\msimtf32.exe [x]
R2 WSearch3232;Windows Search ;c:\programdata\KBDIR32.exe [x]
R2 wuauserv3232;Windows Update ;c:\programdata\compstui32.exe [x]
R2 wuauserv323232;Windows Update ;c:\programdata\vdmdbg32.exe [x]
R2 wuauserv32323232;Windows Update ;c:\programdata\networkmap32.exe [x]
R2 wuauserv3232323232;Windows Update ;c:\programdata\ocsetapi32.exe [x]
R2 wuauserv323232323232;Windows Update ;c:\programdata\winusb32.exe [x]
R2 wudfsvc32;Windows Driver Foundation - User-mode Driver Framework ;c:\programdata\devenum32.exe [x]
R2 wudfsvc3232;Windows Driver Foundation - User-mode Driver Framework ;c:\programdata\XpsRasterService32.exe [x]
R2 wudfsvc323232;Windows Driver Foundation - User-mode Driver Framework ;c:\programdata\rtutils32.exe [x]
R2 wudfsvc32323232;Windows Driver Foundation - User-mode Driver Framework ;c:\programdata\IDStore32.exe [x]
R2 wudfsvc3232323232;Windows Driver Foundation - User-mode Driver Framework ;c:\programdata\api-ms-win-core-rtlsupport-l1-1-032.exe [x]
R2 wudfsvc323232323232;Windows Driver Foundation - User-mode Driver Framework ;c:\programdata\vdsbas32.exe [x]
R2 wudfsvc32323232323232;Windows Driver Foundation - User-mode Driver Framework ;c:\programdata\kbd101c32.exe [x]
R2 wudfsvc3232323232323232;Windows Driver Foundation - User-mode Driver Framework ;c:\programdata\provthrd32.exe [x]
R2 WwanSvc32;WWAN AutoConfig ;c:\programdata\umdmxfrm32.exe [x]
R2 WwanSvc3232;WWAN AutoConfig ;c:\programdata\ndfetw32.exe [x]
R2 WwanSvc323232;WWAN AutoConfig ;c:\programdata\NlsData000a32.exe [x]
R2 WwanSvc32323232;WWAN AutoConfig ;c:\programdata\d3d10_132.exe [x]
R2 WwanSvc3232323232;WWAN AutoConfig ;c:\programdata\deployJava132.exe [x]
R2 WwanSvc323232323232;WWAN AutoConfig ;c:\programdata\KBDINTEL32.exe [x]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-02-19 546608]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2011-03-30 1021112]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-02-27 499200]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-28 1817088]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-02-15 47104]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-14 2656280]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-02-28 852160]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-02-27 885248]
S2 WRConsumerService;Webroot Client Service;c:\program files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-08-07 3381184]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF28891.cfxxe" [X]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-03-09 518784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-28 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-28 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-28 418328]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCUDelayStartup.exe" [2011-03-02 718336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"combofix"="c:\combofix\CF28891.cfxxe" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://sony.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
FF - ProfilePath - c:\users\Michelina\AppData\Roaming\Mozilla\Firefox\Profiles\iyu5p2yk.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files\Sony\VAIO Care\listener.exe
c:\program files (x86)\DDNi\Oasis\VAIO Messenger.exe
.
**************************************************************************
.
Completion time: 2011-08-17 17:55:16 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-17 21:55
.
Pre-Run: 585,372,913,664 bytes free
Post-Run: 585,098,309,632 bytes free
.
- - End Of File - - 5B2047612BF7229DAF17084D3B66FD78
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi brick928,

Please test your system for redirection after this step.

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

Advertisements


#11
brick928

brick928

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
no threats detected, I haven't noticed any redirects lately but I haven't been using the computer much the past couple days and the problem was never really constant, more sort of random redirects, so I don't know if its gone yet or not, but so far so good.
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi brick928,

OK. Please test your system for one more day then come back with results. I'll be here :)
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi brick928,

How is your system now? Any problems?
  • 0

#14
brick928

brick928

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Not that I have detected. Seems like so far so good.
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP