Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

search redirects [Solved]

Started by jamie829 , May 24 2013 07:49 PM

  • This topic is locked This topic is locked

#1
jamie829
Posted 24 May 2013 - 07:49 PM

jamie829

    Member

  • Member
  • PipPip
  • 18 posts
I am having search redirects when I search in google and click on a search result it gets redirected to a different, random website. Ive tried running malwarebytes but it does not help. OTL log below. Thanks.

OTL logfile created on: 5/24/2013 9:40:08 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\_______\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 55.96% Memory free
7.90 Gb Paging File | 5.73 Gb Available in Paging File | 72.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.40 Gb Total Space | 539.65 Gb Free Space | 92.19% Space Free | Partition Type: NTFS

Computer Name: ___________VAIO | User Name: _________| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/24 21:39:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\_______\Desktop\OTL.exe
PRC - [2013/05/22 21:18:37 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/05/14 20:23:12 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
PRC - [2012/11/13 16:17:53 | 001,432,040 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
PRC - [2011/10/17 15:01:36 | 001,154,416 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Optimum\DigiDo\TrayApp.exe
PRC - [2011/10/17 15:01:36 | 000,587,120 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Optimum\DigiDo\AffinegyService.exe
PRC - [2011/10/17 15:01:34 | 007,909,232 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/03/05 19:42:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011/03/05 19:42:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2011/03/04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2011/02/15 14:47:02 | 002,757,312 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2011/02/14 16:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
PRC - [2011/02/14 02:15:46 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/14 02:15:14 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/01/29 08:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2010/12/01 08:05:38 | 000,495,832 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
PRC - [2010/11/27 03:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/27 03:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/11/06 02:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 02:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/05/20 19:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010/03/11 17:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/22 21:18:37 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/05/16 18:32:38 | 002,516,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\7a0945794677c70d5ec25b00493ece3f\System.Data.Linq.ni.dll
MOD - [2013/05/16 18:32:38 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\990123c5701a26f1d724150839811bce\System.Xml.Linq.ni.dll
MOD - [2013/05/16 18:31:14 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll
MOD - [2013/05/15 07:08:31 | 001,658,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\715dfc5c33a47180e0ddb5f2a98c116a\PresentationUI.ni.dll
MOD - [2013/05/15 07:08:30 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll
MOD - [2013/05/15 07:08:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/15 07:08:13 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll
MOD - [2013/05/15 07:08:04 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013/05/15 07:08:02 | 000,687,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\23673bbebe3c0ca7c894e614bb3ffd1a\System.Security.ni.dll
MOD - [2013/05/15 07:08:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/05/14 20:23:11 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
MOD - [2013/02/14 08:57:09 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll
MOD - [2013/02/14 08:53:10 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/01/12 12:31:56 | 000,888,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7badd9a67b9f34f7222697c220dfa88b\System.DirectoryServices.AccountManagement.ni.dll
MOD - [2013/01/12 12:31:20 | 000,082,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\4e9a3b9427dae6b94cb5ae1d134282ac\System.AddIn.Contract.ni.dll
MOD - [2013/01/10 23:24:43 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/10 23:24:42 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll
MOD - [2013/01/10 23:24:42 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll
MOD - [2013/01/10 23:24:29 | 000,634,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\1149dca3c109f46c30cf25cb34873dd4\System.AddIn.ni.dll
MOD - [2013/01/09 20:31:04 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll
MOD - [2013/01/09 09:00:44 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/09 09:00:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 09:00:24 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013/01/09 09:00:24 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013/01/09 09:00:23 | 006,610,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bd5f32f9081b6307cadda7422145553e\System.Data.ni.dll
MOD - [2013/01/09 09:00:19 | 001,117,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\abf5f0f6b5d995fb86b0529ac85e14ed\System.DirectoryServices.ni.dll
MOD - [2013/01/09 08:59:36 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 08:59:05 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 08:58:56 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 08:58:41 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/02/10 19:31:41 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2011/11/10 21:24:50 | 000,296,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
MOD - [2011/10/17 15:01:38 | 000,022,896 | ---- | M] () -- C:\Program Files (x86)\Optimum\DigiDo\AffinegyServicePS.dll
MOD - [2011/10/17 14:51:00 | 001,797,632 | ---- | M] () -- C:\Program Files (x86)\Optimum\DigiDo\gateways\NetgearWNDR3400LOC.dll
MOD - [2011/10/17 14:49:34 | 001,756,160 | ---- | M] () -- C:\Program Files (x86)\Optimum\DigiDo\gateways\NetgearWNR3500LOC.dll
MOD - [2011/10/17 14:45:44 | 000,335,360 | ---- | M] () -- C:\Program Files (x86)\Optimum\DigiDo\DigiDoFlavor.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/04 16:28:14 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Optimum\DigiDo\imageformats\qjpeg4.dll
MOD - [2010/12/01 08:05:48 | 000,086,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\Intel Corporation\WiDiAgent\WiDiLiveUpdate.dll
MOD - [2010/11/20 23:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/08/11 20:29:04 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Optimum\DigiDo\QtGui4.dll
MOD - [2010/08/11 20:29:02 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Optimum\DigiDo\QtXml4.dll
MOD - [2010/08/11 20:29:00 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Optimum\DigiDo\QtCore4.dll
MOD - [2010/08/11 20:29:00 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Optimum\DigiDo\QtNetwork4.dll
MOD - [2010/07/23 16:03:14 | 000,194,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\Intel Corporation\WiDiAgent\libgsoap.dll
MOD - [2010/07/23 15:41:58 | 000,377,856 | ---- | M] () -- C:\Program Files (x86)\Common Files\Intel Corporation\WiDiAgent\QtXml4.dll
MOD - [2010/07/23 15:41:46 | 002,202,624 | ---- | M] () -- C:\Program Files (x86)\Common Files\Intel Corporation\WiDiAgent\QtCore4.dll
MOD - [2010/07/23 14:56:32 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Common Files\Intel Corporation\WiDiAgent\zlib1.dll
MOD - [2009/06/10 17:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/03/30 12:09:12 | 001,021,112 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2011/02/28 13:29:18 | 000,852,160 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2011/02/19 01:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2011/02/19 01:10:06 | 000,546,608 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2011/02/19 01:02:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2011/02/14 16:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2011/01/29 08:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2011/01/20 15:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010/12/17 17:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/12/17 17:28:46 | 000,340,240 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/12/17 17:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/22 21:18:37 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/14 20:23:12 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/10/17 15:01:36 | 000,587,120 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Optimum\DigiDo\AffinegyService.exe -- (AffinegyService)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/03/05 19:42:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2011/03/04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2011/02/21 15:55:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011/02/21 15:55:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2011/02/14 02:15:46 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/14 02:15:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/20 15:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010/11/27 03:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/11/06 02:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/05/20 19:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 14:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/11 17:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/12 16:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/09 16:21:12 | 012,312,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/23 07:12:58 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/03/28 03:48:44 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/08 23:28:52 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/03/04 13:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2011/02/21 13:43:52 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/02/17 15:42:12 | 000,174,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2011/02/17 15:42:06 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2011/02/17 15:42:04 | 000,075,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2011/02/15 03:42:50 | 001,388,592 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/02/14 02:15:10 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/02/11 04:48:34 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/12/21 12:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/12/01 08:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/04/26 16:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010/02/08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 16:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007/04/17 14:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = BA 95 B0 13 B9 72 F6 48 AC 42 B8 7F 0B B6 AF 49 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{B988C296-2D56-4683-B344-CA709B73FFD7}: "URL" = http://websearch.ask...4D-114A90200BE3
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/22 21:18:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/22 21:18:34 | 000,000,000 | ---D | M]

[2011/09/18 16:33:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\_______\AppData\Roaming\Mozilla\Extensions
[2011/09/18 16:33:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\_______\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/12/06 08:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\_______\AppData\Roaming\Mozilla\Firefox\Profiles\iyu5p2yk.default\extensions
[2012/12/04 23:59:40 | 000,002,308 | ---- | M] () -- C:\Users\_______\AppData\Roaming\Mozilla\Firefox\Profiles\iyu5p2yk.default\searchplugins\askcom.xml
[2013/05/22 21:18:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/22 21:18:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/05/24 20:50:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCUDelayStartup.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DigiDo] C:\Program Files (x86)\Optimum\DigiDo\TrayApp.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EECAD8D-E2C3-4F9C-91E3-7490C63E1274}: NameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86C4D35A-D780-473D-ADA1-68017ABABF54}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/24 21:39:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\_______\Desktop\OTL.exe
[2013/05/24 21:21:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/05/24 20:53:52 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/05/24 20:50:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/05/24 20:43:32 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/05/22 21:18:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/11 17:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimum
[2013/05/07 21:30:28 | 000,000,000 | ---D | C] -- C:\Users\_______\Documents\CEQ 515
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/24 21:39:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\_______\Desktop\OTL.exe
[2013/05/24 21:29:53 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/24 21:29:53 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/24 21:28:23 | 000,780,156 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/24 21:28:23 | 000,660,982 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/24 21:28:23 | 000,121,620 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/24 21:23:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/24 21:21:58 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\zikwnbic.job
[2013/05/24 21:21:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/24 21:21:44 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/24 21:02:10 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/24 20:50:43 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/05/24 07:39:02 | 000,379,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/23 18:37:04 | 000,212,992 | RHS- | M] () -- C:\Windows\SysWow64\pt-PTD.dll
[2013/05/11 17:18:27 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\DigiDo.lnk
[2013/05/07 17:54:21 | 000,000,864 | ---- | M] () -- C:\Users\_______\.powerschool_gradebook.properties
[2013/04/29 23:02:45 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013/04/28 07:26:58 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/24 07:38:55 | 000,379,216 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/23 18:37:04 | 000,212,992 | RHS- | C] () -- C:\Windows\SysWow64\pt-PTD.dll
[2013/05/23 18:37:04 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\zikwnbic.job
[2013/03/27 20:48:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/27 20:48:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/27 20:48:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/27 20:48:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/27 20:48:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/09 16:21:22 | 000,963,884 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/08/09 16:21:16 | 000,221,264 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/08/09 16:21:10 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/08/09 16:21:04 | 013,913,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/05/05 20:17:15 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012/01/24 22:05:37 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/01/24 22:05:37 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2040.DAT
[2012/01/02 21:41:42 | 000,008,652 | -HS- | C] () -- C:\Users\_______\AppData\Local\mqp87jk86dn8ghuowkuc508728v7etd444p63iucxp7
[2012/01/02 21:41:42 | 000,008,652 | -HS- | C] () -- C:\ProgramData\mqp87jk86dn8ghuowkuc508728v7etd444p63iucxp7
[2011/07/02 10:02:04 | 000,000,864 | ---- | C] () -- C:\Users\_______\.powerschool_gradebook.properties
[2011/07/02 09:47:13 | 000,000,012 | ---- | C] () -- C:\Users\_______\.gradebook_userdict.tlx
[2011/06/01 17:19:27 | 000,000,226 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/07/11 22:51:34 | 000,000,000 | ---D | M] -- C:\Users\_______\AppData\Roaming\SoftGrid Client
[2011/09/18 16:33:55 | 000,000,000 | ---D | M] -- C:\Users\_______\AppData\Roaming\TomTom
[2011/07/11 20:54:11 | 000,000,000 | ---D | M] -- C:\Users\_______\AppData\Roaming\TP
[2013/01/17 22:50:30 | 000,000,000 | ---D | M] -- C:\Users\_______\AppData\Roaming\Youtube Downloader HD

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
gringo_pr
Posted 24 May 2013 - 08:00 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello jamie829

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo
  • 0

#3
jamie829
Posted 25 May 2013 - 08:23 AM

jamie829

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thanks Gringo, I ran the tests, here are the logs. I haven't had much chance to use the computer after running those programs, so I'm not sure if the problem is gone yet, but I thought I'd post the logs so you could see the results. Thanks
ADW LOG:

# AdwCleaner v2.301 - Logfile created 05/25/2013 at 10:14:04
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ______ - ______-VAIO
# Boot Mode : Normal
# Running from : C:\Users\______\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\______\AppData\Roaming\Mozilla\Firefox\Profiles\iyu5p2yk.default\searchplugins\Askcom.xml
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Users\______\AppData\Local\PackageAware

***** [Registry] *****

Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\______\AppData\Roaming\Mozilla\Firefox\Profiles\iyu5p2yk.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");

*************************

AdwCleaner[R1].txt - [1326 octets] - [25/05/2013 10:11:57]
AdwCleaner[S1].txt - [1273 octets] - [25/05/2013 10:14:04]

########## EOF - C:\AdwCleaner[S1].txt - [1333 octets] ##########



JRT LOG:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by ______ on Sat 05/25/2013 at 10:16:34.74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B988C296-2D56-4683-B344-CA709B73FFD7}



~~~ Files

Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\Users\______\appdata\local\best buy pc app"



~~~ FireFox

Emptied folder: C:\Users\______\AppData\Roaming\mozilla\firefox\profiles\iyu5p2yk.default\minidumps [214 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 05/25/2013 at 10:19:33.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#4
gringo_pr
Posted 25 May 2013 - 12:01 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello jamie829

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
jamie829
Posted 25 May 2013 - 01:20 PM

jamie829

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
It seems to still be redirecting. He'res the combofix log.

ComboFix 13-05-25.02 - ________ 05/25/2013 14:59:31.13.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2438 [GMT -4:00]
Running from: c:\users\________\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MICHEL~1\AppData\Local\Temp\AFF1.tmp\F_IN_BOX.dll
c:\users\________\AppData\Local\Temp\AFF1.tmp\F_IN_BOX.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-04-25 to 2013-05-25 )))))))))))))))))))))))))))))))
.
.
2013-05-25 19:07 . 2013-05-25 19:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-05-25 19:07 . 2013-05-25 19:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-25 14:16 . 2013-05-25 14:16 -------- d-----w- c:\windows\ERUNT
2013-05-25 14:16 . 2013-05-25 14:16 -------- d-----w- C:\JRT
2013-05-25 02:03 . 2013-05-25 02:03 -------- d-----w- C:\_OTM
2013-05-25 01:21 . 2013-05-25 01:21 -------- d-----w- C:\TDSSKiller_Quarantine
2013-05-23 22:37 . 2013-05-23 22:37 212992 --sha-r- c:\windows\SysWow64\pt-PTD.dll
2013-05-21 21:47 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{91BD79FF-BDD7-4F62-87D9-2FD1C996361A}\mpengine.dll
2013-05-14 20:36 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 21:19 . 2012-07-17 19:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-15 00:23 . 2012-06-18 22:24 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 00:23 . 2011-07-12 11:40 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 06:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-14 20:36 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-14 20:36 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-14 20:36 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-14 20:36 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-14 20:36 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-14 20:36 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 20:52 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-04 18:50 . 2011-07-22 21:34 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 20:30 . 2013-04-02 20:30 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-02 20:30 . 2013-04-02 20:30 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-02 20:30 . 2013-04-02 20:30 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-02 20:30 . 2013-04-02 20:30 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-02 20:30 . 2013-04-02 20:30 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-02 20:30 . 2013-04-02 20:30 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-02 20:30 . 2013-04-02 20:30 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-02 20:30 . 2013-04-02 20:30 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-02 20:30 . 2013-04-02 20:30 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-02 20:30 . 2013-04-02 20:30 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-02 20:30 . 2013-04-02 20:30 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-02 20:30 . 2013-04-02 20:30 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-02 20:30 . 2013-04-02 20:30 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-02 20:30 . 2013-04-02 20:30 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-02 20:30 . 2013-04-02 20:30 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-02 20:30 . 2013-04-02 20:30 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-02 20:30 . 2013-04-02 20:30 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-02 20:30 . 2013-04-02 20:30 441856 ----a-w- c:\windows\system32\html.iec
2013-04-02 20:30 . 2013-04-02 20:30 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-02 20:30 . 2013-04-02 20:30 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-02 20:30 . 2013-04-02 20:30 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-02 20:30 . 2013-04-02 20:30 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-02 20:30 . 2013-04-02 20:30 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-02 20:30 . 2013-04-02 20:30 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-02 20:30 . 2013-04-02 20:30 235008 ----a-w- c:\windows\system32\url.dll
2013-04-02 20:30 . 2013-04-02 20:30 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-02 20:30 . 2013-04-02 20:30 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-02 20:30 . 2013-04-02 20:30 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-02 20:30 . 2013-04-02 20:30 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-02 20:30 . 2013-04-02 20:30 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-02 20:30 . 2013-04-02 20:30 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-02 20:30 . 2013-04-02 20:30 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-02 20:30 . 2013-04-02 20:30 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-02 20:30 . 2013-04-02 20:30 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-02 20:30 . 2013-04-02 20:30 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-02 20:30 . 2013-04-02 20:30 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-02 20:30 . 2013-04-02 20:30 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-02 20:30 . 2013-04-02 20:30 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-02 20:30 . 2013-04-02 20:30 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-02 20:30 . 2013-04-02 20:30 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-02 20:30 . 2013-04-02 20:30 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-02 20:30 . 2013-04-02 20:30 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-02 20:30 . 2013-04-02 20:30 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-02 20:30 . 2013-04-02 20:30 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-02 20:30 . 2013-04-02 20:30 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-02 20:30 . 2013-04-02 20:30 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-02 20:30 . 2013-04-02 20:30 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-02 20:30 . 2013-04-02 20:30 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-02 20:30 . 2013-04-02 20:30 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-19 06:04 . 2013-04-11 01:30 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-11 01:30 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-11 01:30 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-11 01:30 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-11 01:30 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-11 01:30 112640 ----a-w- c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-16 22:39 220632 ----a-w- c:\users\________\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-16 22:39 220632 ----a-w- c:\users\________\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-16 22:39 220632 ----a-w- c:\users\________\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"DigiDo"="c:\program files (x86)\Optimum\DigiDo\TrayApp.exe" [2011-10-17 1154416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
2;2 SampleCollector;VAIO Care Performance Service [x]
R2 ACDaemon32;ArcSoft Connect Daemon ;c:\programdata\hcproviders32.exe [x]
R2 ACDaemon3232;ArcSoft Connect Daemon ;c:\programdata\WindowsCodecsExt32.exe [x]
R2 ACDaemon323232;ArcSoft Connect Daemon ;c:\programdata\fdWNet32.exe [x]
R2 ACDaemon32323232;ArcSoft Connect Daemon ;c:\programdata\KBDA132.exe [x]
R2 AeLookupSvc32;Application Experience ;c:\programdata\IconCodecService32.exe [x]
R2 AeLookupSvc3232;Application Experience ;c:\programdata\sscore32.exe [x]
R2 AeLookupSvc323232;Application Experience ;c:\programdata\PerfCenterCPL32.exe [x]
R2 AeLookupSvc32323232;Application Experience ;c:\programdata\mfc100rus32.exe [x]
R2 ALG3232;Application Layer Gateway Service ;c:\programdata\comsvcs32.exe [x]
R2 ALG323232;Application Layer Gateway Service ;c:\programdata\secproc32.exe [x]
R2 AppIDSvc32;Application Identity ;c:\programdata\usbperf32.exe [x]
R2 AppIDSvc3232;Application Identity ;c:\programdata\tvratings32.exe [x]
R2 AppIDSvc323232;Application Identity ;c:\programdata\synceng32.exe [x]
R2 Appinfo32;Application Information ;c:\programdata\mscoree32.exe [x]
R2 Appinfo3232;Application Information ;c:\programdata\KBDIT32.exe [x]
R2 aspnet_state32;ASP.NET State Service ;c:\programdata\d3d10_132.exe [x]
R2 aspnet_state3232;ASP.NET State Service ;c:\programdata\ExplorerFrame32.exe [x]
R2 aspnet_state323232;ASP.NET State Service ;c:\programdata\KBDCZ232.exe [x]
R2 aspnet_state32323232;ASP.NET State Service ;c:\programdata\pots32.exe [x]
R2 aspnet_state3232323232;ASP.NET State Service ;c:\programdata\hcproviders32.exe [x]
R2 aspnet_state323232323232;ASP.NET State Service ;c:\programdata\C_ISCII32.exe [x]
R2 aspnet_state32323232323232;ASP.NET State Service ;c:\programdata\PresentationHostProxy32.exe [x]
R2 AudioEndpointBuilder32;Windows Audio Endpoint Builder ;c:\programdata\KBDHEPT32.exe [x]
R2 AudioEndpointBuilder3232;Windows Audio Endpoint Builder ;c:\programdata\srhelper32.exe [x]
R2 AudioEndpointBuilder323232;Windows Audio Endpoint Builder ;c:\programdata\aspnet_counters32.exe [x]
R2 AudioEndpointBuilder32323232;Windows Audio Endpoint Builder ;c:\programdata\pstorsvc32.exe [x]
R2 AudioEndpointBuilder3232323232;Windows Audio Endpoint Builder ;c:\programdata\IPHLPAPI32.exe [x]
R2 AudioEndpointBuilder323232323232;Windows Audio Endpoint Builder ;c:\programdata\olethk3232.exe [x]
R2 AudioEndpointBuilder32323232323232;Windows Audio Endpoint Builder ;c:\programdata\eventcls32.exe [x]
R2 AudioEndpointBuilder3232323232323232;Windows Audio Endpoint Builder ;c:\programdata\SyncInfrastructure32.exe [x]
R2 AudioEndpointBuilder323232323232323232;Windows Audio Endpoint Builder ;c:\programdata\p2pcollab32.exe [x]
R2 AudioSrv32;Windows Audio ;c:\programdata\deskperf32.exe [x]
R2 AudioSrv3232;Windows Audio ;c:\programdata\wsock3232.exe [x]
R2 AudioSrv323232;Windows Audio ;c:\programdata\WABSyncProvider32.exe [x]
R2 AxInstSV32;ActiveX Installer (AxInstSV) ;c:\programdata\olethk3232.exe [x]
R2 AxInstSV3232;ActiveX Installer (AxInstSV) ;c:\programdata\dot3api32.exe [x]
R2 AxInstSV323232;ActiveX Installer (AxInstSV) ;c:\programdata\iTVData32.exe [x]
R2 BDESVC32;BitLocker Drive Encryption Service ;c:\programdata\advapi3232.exe [x]
R2 BDESVC3232;BitLocker Drive Encryption Service ;c:\programdata\propsys32.exe [x]
R2 BDESVC323232;BitLocker Drive Encryption Service ;c:\programdata\winusb32.exe [x]
R2 BDESVC32323232;BitLocker Drive Encryption Service ;c:\programdata\wuapi32.exe [x]
R2 BDESVC3232323232;BitLocker Drive Encryption Service ;c:\programdata\ureg32.exe [x]
R2 BDESVC323232323232;BitLocker Drive Encryption Service ;c:\programdata\mscat3232.exe [x]
R2 BDESVC32323232323232;BitLocker Drive Encryption Service ;c:\programdata\KBDTURME32.exe [x]
R2 BFE32;Base Filtering Engine ;c:\programdata\COLORCNV32.exe [x]
R2 BFE3232;Base Filtering Engine ;c:\programdata\KBDURDU32.exe [x]
R2 BITS3232;Background Intelligent Transfer Service ;c:\programdata\kbd106n32.exe [x]
R2 BITS323232;Background Intelligent Transfer Service ;c:\programdata\api-ms-win-core-synch-l1-1-032.exe [x]
R2 BITS32323232;Background Intelligent Transfer Service ;c:\programdata\dpx32.exe [x]
R2 BITS3232323232;Background Intelligent Transfer Service ;c:\programdata\AuthFWGP32.exe [x]
R2 BITS323232323232;Background Intelligent Transfer Service ;c:\programdata\docprop32.exe [x]
R2 BITS32323232323232;Background Intelligent Transfer Service ;c:\programdata\NlsData001032.exe [x]
R2 Browser32;Computer Browser ;c:\programdata\mscms32.exe [x]
R2 Browser3232;Computer Browser ;c:\programdata\ds32gt32.exe [x]
R2 Browser323232;Computer Browser ;c:\programdata\KBDSG32.exe [x]
R2 Browser32323232;Computer Browser ;c:\programdata\dpapiprovider32.exe [x]
R2 Browser3232323232;Computer Browser ;c:\programdata\d3d832.exe [x]
R2 Browser323232323232;Computer Browser ;c:\programdata\ncryptui32.exe [x]
R2 Browser32323232323232;Computer Browser ;c:\programdata\spwizimg32.exe [x]
R2 Browser3232323232323232;Computer Browser ;c:\programdata\KBDGKL32.exe [x]
R2 Browser323232323232323232;Computer Browser ;c:\programdata\XAPOFX1_532.exe [x]
R2 Browser32323232323232323232;Computer Browser ;c:\programdata\iprop32.exe [x]
R2 bthserv32;Bluetooth Support Service ;c:\programdata\dskquota32.exe [x]
R2 bthserv3232;Bluetooth Support Service ;c:\programdata\ipsmsnap32.exe [x]
R2 bthserv323232;Bluetooth Support Service ;c:\programdata\mgmtapi32.exe [x]
R2 bthserv32323232;Bluetooth Support Service ;c:\programdata\sas32.exe [x]
R2 CertPropSvc32;Certificate Propagation ;c:\programdata\compstui32.exe [x]
R2 CertPropSvc3232;Certificate Propagation ;c:\programdata\wshcon32.exe [x]
R2 CertPropSvc323232;Certificate Propagation ;c:\programdata\prnfldr32.exe [x]
R2 clr_optimization_v2.0.50727_323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\programdata\rpcnsh32.exe [x]
R2 clr_optimization_v2.0.50727_32323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\programdata\puiapi32.exe [x]
R2 clr_optimization_v2.0.50727_3232323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\programdata\KBDES32.exe [x]
R2 clr_optimization_v2.0.50727_323232323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\programdata\MFPlay32.exe [x]
R2 clr_optimization_v2.0.50727_32323232323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\programdata\PortableDeviceTypes32.exe [x]
R2 clr_optimization_v2.0.50727_6432;Microsoft .NET Framework NGEN v2.0.50727_X64 ;c:\programdata\mfAACEnc32.exe [x]
R2 clr_optimization_v2.0.50727_643232;Microsoft .NET Framework NGEN v2.0.50727_X64 ;c:\programdata\KBDLT232.exe [x]
R2 clr_optimization_v2.0.50727_64323232;Microsoft .NET Framework NGEN v2.0.50727_X64 ;c:\programdata\davhlpr32.exe [x]
R2 clr_optimization_v2.0.50727_6432323232;Microsoft .NET Framework NGEN v2.0.50727_X64 ;c:\programdata\sppcomapi32.exe [x]
R2 clr_optimization_v2.0.50727_643232323232;Microsoft .NET Framework NGEN v2.0.50727_X64 ;c:\programdata\w32topl32.exe [x]
R2 clr_optimization_v2.0.50727_64323232323232;Microsoft .NET Framework NGEN v2.0.50727_X64 ;c:\programdata\nlhtml32.exe [x]
R2 clr_optimization_v4.0.30319_3232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;c:\programdata\api-ms-win-core-util-l1-1-032.exe [x]
R2 clr_optimization_v4.0.30319_323232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;c:\programdata\untfs32.exe [x]
R2 clr_optimization_v4.0.30319_32323232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;c:\programdata\ole232.exe [x]
R2 clr_optimization_v4.0.30319_3232323232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;c:\programdata\KBDLV32.exe [x]
R2 clr_optimization_v4.0.30319_323232323232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;c:\programdata\KBDUSL32.exe [x]
R2 clr_optimization_v4.0.30319_32323232323232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;c:\programdata\olesvr3232.exe [x]
R2 clr_optimization_v4.0.30319_3232323232323232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;c:\programdata\hbaapi32.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 clr_optimization_v4.0.30319_6432;Microsoft .NET Framework NGEN v4.0.30319_X64 ;c:\programdata\KBDRU32.exe [x]
R2 clr_optimization_v4.0.30319_643232;Microsoft .NET Framework NGEN v4.0.30319_X64 ;c:\programdata\DDACLSys32.exe [x]
R2 clr_optimization_v4.0.30319_64323232;Microsoft .NET Framework NGEN v4.0.30319_X64 ;c:\programdata\cewmdm32.exe [x]
R2 clr_optimization_v4.0.30319_6432323232;Microsoft .NET Framework NGEN v4.0.30319_X64 ;c:\programdata\FXSCOM32.exe [x]
R2 clr_optimization_v4.0.30319_643232323232;Microsoft .NET Framework NGEN v4.0.30319_X64 ;c:\programdata\webio32.exe [x]
R2 clr_optimization_v4.0.30319_64323232323232;Microsoft .NET Framework NGEN v4.0.30319_X64 ;c:\programdata\fmifs32.exe [x]
R2 clr_optimization_v4.0.30319_6432323232323232;Microsoft .NET Framework NGEN v4.0.30319_X64 ;c:\programdata\drmv2clt32.exe [x]
R2 clr_optimization_v4.0.30319_643232323232323232;Microsoft .NET Framework NGEN v4.0.30319_X64 ;c:\programdata\KBDINBE232.exe [x]
R2 clr_optimization_v4.0.30319_64323232323232323232;Microsoft .NET Framework NGEN v4.0.30319_X64 ;c:\programdata\KBDHU132.exe [x]
R2 COMSysApp3232;COM+ System Application ;c:\programdata\wscmisetup32.exe [x]
R2 COMSysApp323232;COM+ System Application ;c:\programdata\scrrun32.exe [x]
R2 COMSysApp32323232;COM+ System Application ;c:\programdata\drmmgrtn32.exe [x]
R2 COMSysApp3232323232;COM+ System Application ;c:\programdata\NlsData041632.exe [x]
R2 COMSysApp323232323232;COM+ System Application ;c:\programdata\uudf32.exe [x]
R2 CryptSvc32;Cryptographic Services ;c:\programdata\whealogr32.exe [x]
R2 CryptSvc3232;Cryptographic Services ;c:\programdata\virtdisk32.exe [x]
R2 CryptSvc323232;Cryptographic Services ;c:\programdata\wpcao32.exe [x]
R2 CryptSvc32323232;Cryptographic Services ;c:\programdata\efsadu32.exe [x]
R2 CryptSvc3232323232;Cryptographic Services ;c:\programdata\themeui32.exe [x]
R2 CryptSvc323232323232;Cryptographic Services ;c:\programdata\upnp32.exe [x]
R2 CryptSvc32323232323232;Cryptographic Services ;c:\programdata\api-ms-win-core-localregistry-l1-1-032.exe [x]
R2 cvhsvc32;Client Virtualization Handler ;c:\programdata\iesysprep32.exe [x]
R2 cvhsvc3232;Client Virtualization Handler ;c:\programdata\KBDTH332.exe [x]
R2 cvhsvc323232;Client Virtualization Handler ;c:\programdata\compstui32.exe [x]
R2 cvhsvc32323232;Client Virtualization Handler ;c:\programdata\odexl3232.exe [x]
R2 cvhsvc3232323232;Client Virtualization Handler ;c:\programdata\secproc_isv32.exe [x]
R2 cvhsvc323232323232;Client Virtualization Handler ;c:\programdata\ktmw3232.exe [x]
R2 cvhsvc32323232323232;Client Virtualization Handler ;c:\programdata\KBDDA32.exe [x]
R2 DcomLaunch32;DCOM Server Process Launcher ;c:\programdata\iashlpr32.exe [x]
R2 DcomLaunch3232;DCOM Server Process Launcher ;c:\programdata\KBDFC32.exe [x]
R2 DcomLaunch323232;DCOM Server Process Launcher ;c:\programdata\winrssrv32.exe [x]
R2 DcomLaunch32323232;DCOM Server Process Launcher ;c:\programdata\KBDRO32.exe [x]
R2 DcomLaunch3232323232;DCOM Server Process Launcher ;c:\programdata\serialui32.exe [x]
R2 DcomLaunch323232323232;DCOM Server Process Launcher ;c:\programdata\icm3232.exe [x]
R2 DcomLaunch32323232323232;DCOM Server Process Launcher ;c:\programdata\filemgmt32.exe [x]
R2 defragsvc32;Disk Defragmenter ;c:\programdata\azroles32.exe [x]
R2 defragsvc3232;Disk Defragmenter ;c:\programdata\cic32.exe [x]
R2 defragsvc323232;Disk Defragmenter ;c:\programdata\pdhui32.exe [x]
R2 defragsvc32323232;Disk Defragmenter ;c:\programdata\spnet32.exe [x]
R2 Dhcp3232;DHCP Client ;c:\programdata\DeviceCenter32.exe [x]
R2 Dhcp323232;DHCP Client ;c:\programdata\miguiresource32.exe [x]
R2 Dhcp32323232;DHCP Client ;c:\programdata\KBDLV132.exe [x]
R2 DMAgent32;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service ;c:\programdata\uxtheme32.exe [x]
R2 DMAgent3232;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service ;c:\programdata\mstext4032.exe [x]
R2 DMAgent323232;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service ;c:\programdata\sas32.exe [x]
R2 DMAgent32323232;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service ;c:\programdata\NlsLexicons002232.exe [x]
R2 Dnscache3232;DNS Client ;c:\programdata\rasppp32.exe [x]
R2 Dnscache323232;DNS Client ;c:\programdata\ndfetw32.exe [x]
R2 DPS32;Diagnostic Policy Service ;c:\programdata\IPBusEnumProxy32.exe [x]
R2 EapHost32;Extensible Authentication Protocol ;c:\programdata\dmloader32.exe [x]
R2 EapHost3232;Extensible Authentication Protocol ;c:\programdata\D3DCompiler_4132.exe [x]
R2 EapHost323232;Extensible Authentication Protocol ;c:\programdata\SyncHostps32.exe [x]
R2 EapHost32323232;Extensible Authentication Protocol ;c:\programdata\btpanui32.exe [x]
R2 EapHost3232323232;Extensible Authentication Protocol ;c:\programdata\bcryptprimitives32.exe [x]
R2 EapHost323232323232;Extensible Authentication Protocol ;c:\programdata\KBDMLT4732.exe [x]
R2 EapHost32323232323232;Extensible Authentication Protocol ;c:\programdata\msvcr7132.exe [x]
R2 EFS32;Encrypting File System (EFS) ;c:\programdata\KBDGRLND32.exe [x]
R2 EFS3232;Encrypting File System (EFS) ;c:\programdata\iprtrmgr32.exe [x]
R2 EFS323232;Encrypting File System (EFS) ;c:\programdata\syssetup32.exe [x]
R2 EFS32323232;Encrypting File System (EFS) ;c:\programdata\apss32.exe [x]
R2 EFS3232323232;Encrypting File System (EFS) ;c:\programdata\comrepl32.exe [x]
R2 ehRecvr32;Windows Media Center Receiver Service ;c:\programdata\netcorehc32.exe [x]
R2 ehRecvr3232;Windows Media Center Receiver Service ;c:\programdata\mssphtb32.exe [x]
R2 ehRecvr323232;Windows Media Center Receiver Service ;c:\programdata\WinSyncProviders32.exe [x]
R2 ehRecvr32323232;Windows Media Center Receiver Service ;c:\programdata\kbd101a32.exe [x]
R2 ehSched32;Windows Media Center Scheduler Service ;c:\programdata\sti32.exe [x]
R2 ehSched3232;Windows Media Center Scheduler Service ;c:\programdata\tlscsp32.exe [x]
R2 ehSched323232;Windows Media Center Scheduler Service ;c:\programdata\NlsLexicons004932.exe [x]
R2 ehSched32323232;Windows Media Center Scheduler Service ;c:\programdata\ir50_qcx32.exe [x]
R2 eventlog32;Windows Event Log ;c:\programdata\wmdrmnet32.exe [x]
R2 eventlog3232;Windows Event Log ;c:\programdata\nsi32.exe [x]
R2 eventlog323232;Windows Event Log ;c:\programdata\pnpsetup32.exe [x]
R2 eventlog32323232;Windows Event Log ;c:\programdata\d3dx9_3232.exe [x]
R2 eventlog3232323232;Windows Event Log ;c:\programdata\prncache32.exe [x]
R2 eventlog323232323232;Windows Event Log ;c:\programdata\SearchFolder32.exe [x]
R2 eventlog32323232323232;Windows Event Log ;c:\programdata\msvcrt2032.exe [x]
R2 eventlog3232323232323232;Windows Event Log ;c:\programdata\wlanpref32.exe [x]
R2 eventlog323232323232323232;Windows Event Log ;c:\programdata\loghours32.exe [x]
R2 eventlog32323232323232323232;Windows Event Log ;c:\programdata\bidispl32.exe [x]
R2 eventlog3232323232323232323232;Windows Event Log ;c:\programdata\mshtmled32.exe [x]
R2 EventSystem32;COM+ Event System ;c:\programdata\msmpeg2vdec32.exe [x]
R2 EventSystem3232;COM+ Event System ;c:\programdata\msswch32.exe [x]
R2 EventSystem323232;COM+ Event System ;c:\programdata\igdumdx3232.exe [x]
R2 EventSystem32323232;COM+ Event System ;c:\programdata\mmci32.exe [x]
R2 EventSystem3232323232;COM+ Event System ;c:\programdata\WMVENCOD32.exe [x]
R2 EvtEng32;Intel® PROSet/Wireless Event Log ;c:\programdata\WinSync32.exe [x]
R2 EvtEng3232;Intel® PROSet/Wireless Event Log ;c:\programdata\crypt3232.exe [x]
R2 EvtEng323232;Intel® PROSet/Wireless Event Log ;c:\programdata\adsldp32.exe [x]
R2 EvtEng32323232;Intel® PROSet/Wireless Event Log ;c:\programdata\ds32gt32.exe [x]
R2 EvtEng3232323232;Intel® PROSet/Wireless Event Log ;c:\programdata\KBDUR32.exe [x]
R2 Fax32;Fax ;c:\programdata\certmgr32.exe [x]
R2 Fax3232;Fax ;c:\programdata\netmsg32.exe [x]
R2 Fax323232;Fax ;c:\programdata\framedyn32.exe [x]
R2 Fax32323232;Fax ;c:\programdata\cdosys32.exe [x]
R2 Fax3232323232;Fax ;c:\programdata\fdPnp32.exe [x]
R2 Fax323232323232;Fax ;c:\programdata\cmstplua32.exe [x]
R2 Fax32323232323232;Fax ;c:\programdata\wow3232.exe [x]
R2 Fax3232323232323232;Fax ;c:\programdata\KBDUR132.exe [x]
R2 Fax323232323232323232;Fax ;c:\programdata\iasrad32.exe [x]
R2 fdPHost32;Function Discovery Provider Host ;c:\programdata\iasnap32.exe [x]
R2 fdPHost3232;Function Discovery Provider Host ;c:\programdata\netcfgx32.exe [x]
R2 fdPHost323232;Function Discovery Provider Host ;c:\programdata\vdsvd32.exe [x]
R2 fdPHost32323232;Function Discovery Provider Host ;c:\programdata\PortableDeviceClassExtension32.exe [x]
R2 fdPHost3232323232;Function Discovery Provider Host ;c:\programdata\linkinfo32.exe [x]
R2 fdPHost323232323232;Function Discovery Provider Host ;c:\programdata\SynCOM32.exe [x]
R2 FDResPub32;Function Discovery Resource Publication ;c:\programdata\wuwebv32.exe [x]
R2 FontCache3.0.0.032;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\getuname32.exe [x]
R2 FontCache3.0.0.03232;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\sppcext32.exe [x]
R2 FontCache3.0.0.0323232;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\WlanMM32.exe [x]
R2 FontCache3.0.0.032323232;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\kbd101b32.exe [x]
R2 FontCache3.0.0.03232323232;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\w32topl32.exe [x]
R2 FontCache3.0.0.0323232323232;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\mstime32.exe [x]
R2 FontCache3.0.0.032323232323232;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\mssha32.exe [x]
R2 FontCache3.0.0.03232323232323232;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\KBDFI32.exe [x]
R2 FontCache3.0.0.0323232323232323232;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\EhStorShell32.exe [x]
R2 FontCache32;Windows Font Cache Service ;c:\programdata\VAN32.exe [x]
R2 FontCache3232;Windows Font Cache Service ;c:\programdata\dimsroam32.exe [x]
R2 FontCache323232;Windows Font Cache Service ;c:\programdata\msihnd32.exe [x]
R2 FontCache32323232;Windows Font Cache Service ;c:\programdata\onexui32.exe [x]
R2 FontCache3232323232;Windows Font Cache Service ;c:\programdata\keyiso32.exe [x]
R2 FontCache323232323232;Windows Font Cache Service ;c:\programdata\WfHC32.exe [x]
R2 FontCache32323232323232;Windows Font Cache Service ;c:\programdata\ksuser32.exe [x]
R2 gpsvc32;Group Policy Client ;c:\programdata\efscore32.exe [x]
R2 gpsvc3232;Group Policy Client ;c:\programdata\xactengine3_732.exe [x]
R2 gpsvc323232;Group Policy Client ;c:\programdata\msxml4r32.exe [x]
R2 gpsvc32323232;Group Policy Client ;c:\programdata\TSpkg32.exe [x]
R2 hidserv32;Human Interface Device Access ;c:\programdata\NlsData001932.exe [x]
R2 hidserv3232;Human Interface Device Access ;c:\programdata\WlanMM32.exe [x]
R2 hidserv323232;Human Interface Device Access ;c:\programdata\usp1032.exe [x]
R2 hidserv32323232;Human Interface Device Access ;c:\programdata\odfox3232.exe [x]
R2 hkmsvc32;Health Key and Certificate Management ;c:\programdata\msjetoledb4032.exe [x]
R2 hkmsvc3232;Health Key and Certificate Management ;c:\programdata\KBDTAT32.exe [x]
R2 hkmsvc323232;Health Key and Certificate Management ;c:\programdata\mimefilt32.exe [x]
R2 hkmsvc32323232;Health Key and Certificate Management ;c:\programdata\qmgrprxy32.exe [x]
R2 hkmsvc3232323232;Health Key and Certificate Management ;c:\programdata\sbe32.exe [x]
R2 hkmsvc323232323232;Health Key and Certificate Management ;c:\programdata\qedit32.exe [x]
R2 hkmsvc32323232323232;Health Key and Certificate Management ;c:\programdata\licmgr1032.exe [x]
R2 HomeGroupListener32;HomeGroup Listener ;c:\programdata\ntdsapi32.exe [x]
R2 HomeGroupListener3232;HomeGroup Listener ;c:\programdata\wmdmps32.exe [x]
R2 HomeGroupListener323232;HomeGroup Listener ;c:\programdata\WsmSvc32.exe [x]
R2 HomeGroupListener32323232;HomeGroup Listener ;c:\programdata\KBDA232.exe [x]
R2 HomeGroupProvider32;HomeGroup Provider ;c:\programdata\api-ms-win-core-util-l1-1-032.exe [x]
R2 HomeGroupProvider3232;HomeGroup Provider ;c:\programdata\authz32.exe [x]
R2 HomeGroupProvider323232;HomeGroup Provider ;c:\programdata\mswmdm32.exe [x]
R2 HomeGroupProvider32323232;HomeGroup Provider ;c:\programdata\NlsLexicons004732.exe [x]
R2 HomeGroupProvider3232323232;HomeGroup Provider ;c:\programdata\wscproxystub32.exe [x]
R2 HomeGroupProvider323232323232;HomeGroup Provider ;c:\programdata\KBDINUK232.exe [x]
R2 HomeGroupProvider32323232323232;HomeGroup Provider ;c:\programdata\dssec32.exe [x]
R2 IAStorDataMgrSvc32;Intel® Rapid Storage Technology ;c:\programdata\sqlcese3032.exe [x]
R2 IAStorDataMgrSvc3232;Intel® Rapid Storage Technology ;c:\programdata\wsmplpxy32.exe [x]
R2 IAStorDataMgrSvc323232;Intel® Rapid Storage Technology ;c:\programdata\wlanutil32.exe [x]
R2 IAStorDataMgrSvc32323232;Intel® Rapid Storage Technology ;c:\programdata\pcwum32.exe [x]
R2 IAStorDataMgrSvc3232323232;Intel® Rapid Storage Technology ;c:\programdata\vdsvd32.exe [x]
R2 IAStorDataMgrSvc323232323232;Intel® Rapid Storage Technology ;c:\programdata\drtprov32.exe [x]
R2 IconMan_R32;IconMan_R ;c:\programdata\NlsLexicons002632.exe [x]
R2 IconMan_R3232;IconMan_R ;c:\programdata\ws2_3232.exe [x]
R2 IconMan_R323232;IconMan_R ;c:\programdata\ACCTRES32.exe [x]
R2 IconMan_R32323232;IconMan_R ;c:\programdata\vsstrace32.exe [x]
R2 IconMan_R3232323232;IconMan_R ;c:\programdata\iprtprio32.exe [x]
R2 IconMan_R323232323232;IconMan_R ;c:\programdata\netid32.exe [x]
R2 idsvc32;Windows CardSpace ;c:\programdata\iprtrmgr32.exe [x]
R2 idsvc3232;Windows CardSpace ;c:\programdata\uxlibres32.exe [x]
R2 idsvc323232;Windows CardSpace ;c:\programdata\dmsynth32.exe [x]
R2 idsvc32323232;Windows CardSpace ;c:\programdata\ocsetapi32.exe [x]
R2 idsvc3232323232;Windows CardSpace ;c:\programdata\dhcpcsvc32.exe [x]
R2 idsvc323232323232;Windows CardSpace ;c:\programdata\IMJP10K32.exe [x]
R2 IKEEXT32;IKE and AuthIP IPsec Keying Modules ;c:\programdata\fwcfg32.exe [x]
R2 IKEEXT3232;IKE and AuthIP IPsec Keying Modules ;c:\programdata\NlsData000232.exe [x]
R2 IKEEXT323232;IKE and AuthIP IPsec Keying Modules ;c:\programdata\dmscript32.exe [x]
R2 IPBusEnum32;PnP-X IP Bus Enumerator ;c:\programdata\d3dim32.exe [x]
R2 IPBusEnum3232;PnP-X IP Bus Enumerator ;c:\programdata\PlaySndSrv32.exe [x]
R2 IPBusEnum323232;PnP-X IP Bus Enumerator ;c:\programdata\chtbrkr32.exe [x]
R2 IPBusEnum32323232;PnP-X IP Bus Enumerator ;c:\programdata\mtxlegih32.exe [x]
R2 IPBusEnum3232323232;PnP-X IP Bus Enumerator ;c:\programdata\NlsLexicons0c1a32.exe [x]
R2 IPBusEnum323232323232;PnP-X IP Bus Enumerator ;c:\programdata\slwga32.exe [x]
R2 iphlpsvc32;IP Helper ;c:\programdata\netbios32.exe [x]
R2 iphlpsvc3232;IP Helper ;c:\programdata\ndfapi32.exe [x]
R2 iphlpsvc323232;IP Helper ;c:\programdata\msscp32.exe [x]
R2 iphlpsvc32323232;IP Helper ;c:\programdata\nddeapi32.exe [x]
R2 iphlpsvc3232323232;IP Helper ;c:\programdata\catsrvut32.exe [x]
R2 IviRegMgr32;IviRegMgr ;c:\programdata\dfscli32.exe [x]
R2 IviRegMgr3232;IviRegMgr ;c:\programdata\resutils32.exe [x]
R2 IviRegMgr323232;IviRegMgr ;c:\programdata\dwmcore32.exe [x]
R2 IviRegMgr32323232;IviRegMgr ;c:\programdata\KBDEST32.exe [x]
R2 IviRegMgr3232323232;IviRegMgr ;c:\programdata\rnr2032.exe [x]
R2 IviRegMgr323232323232;IviRegMgr ;c:\programdata\TimeDateMUICallback32.exe [x]
R2 IviRegMgr32323232323232;IviRegMgr ;c:\programdata\NAPMONTR32.exe [x]
R2 IviRegMgr3232323232323232;IviRegMgr ;c:\programdata\kerberos32.exe [x]
R2 KeyIso32;CNG Key Isolation ;c:\programdata\dmsynth32.exe [x]
R2 KtmRm32;KtmRm for Distributed Transaction Coordinator ;c:\programdata\wlanutil32.exe [x]
R2 KtmRm3232;KtmRm for Distributed Transaction Coordinator ;c:\programdata\NlsLexicons004b32.exe [x]
R2 LanmanServer32;Server ;c:\programdata\fontsub32.exe [x]
R2 LanmanServer3232;Server ;c:\programdata\profapi32.exe [x]
R2 LanmanServer323232;Server ;c:\programdata\msxml432.exe [x]
R2 LanmanServer32323232;Server ;c:\programdata\elslad32.exe [x]
R2 LanmanServer3232323232;Server ;c:\programdata\QSHVHOST32.exe [x]
R2 LanmanServer323232323232;Server ;c:\programdata\PortableDeviceClassExtension32.exe [x]
R2 LanmanServer32323232323232;Server ;c:\programdata\wkscli32.exe [x]
R2 LanmanServer3232323232323232;Server ;c:\programdata\d3d10_132.exe [x]
R2 LanmanWorkstation3232;Workstation ;c:\programdata\wmdmps32.exe [x]
R2 LanmanWorkstation323232;Workstation ;c:\programdata\dxmasf32.exe [x]
R2 LanmanWorkstation32323232;Workstation ;c:\programdata\dataclen32.exe [x]
R2 LanmanWorkstation3232323232;Workstation ;c:\programdata\avifil3232.exe [x]
R2 LanmanWorkstation323232323232;Workstation ;c:\programdata\pstorec32.exe [x]
R2 LanmanWorkstation32323232323232;Workstation ;c:\programdata\wmpcm32.exe [x]
R2 LanmanWorkstation3232323232323232;Workstation ;c:\programdata\esentprf32.exe [x]
R2 LanmanWorkstation323232323232323232;Workstation ;c:\programdata\wsnmp3232.exe [x]
R2 LanmanWorkstation32323232323232323232;Workstation ;c:\programdata\EhStorPwdMgr32.exe [x]
R2 LanmanWorkstation3232323232323232323232;Workstation ;c:\programdata\NlsLexicons004c32.exe [x]
R2 LanmanWorkstation323232323232323232323232;Workstation ;c:\programdata\ir41_qcx32.exe [x]
R2 LanmanWorkstation32323232323232323232323232;Workstation ;c:\programdata\iashlpr32.exe [x]
R2 LanmanWorkstation3232323232323232323232323232;Workstation ;c:\programdata\expsrv32.exe [x]
R2 LanmanWorkstation323232323232323232323232323232;Workstation ;c:\programdata\DevicePairingFolder32.exe [x]
R2 lltdsvc32;Link-Layer Topology Discovery Mapper ;c:\programdata\netshell32.exe [x]
R2 lltdsvc3232;Link-Layer Topology Discovery Mapper ;c:\programdata\iedkcs3232.exe [x]
R2 lmhosts3232;TCP/IP NetBIOS Helper ;c:\programdata\DeviceDisplayStatusManager32.exe [x]
R2 lmhosts323232;TCP/IP NetBIOS Helper ;c:\programdata\sppwmi32.exe [x]
R2 lmhosts32323232;TCP/IP NetBIOS Helper ;c:\programdata\NlsData004e32.exe [x]
R2 lmhosts3232323232;TCP/IP NetBIOS Helper ;c:\programdata\NlsData002232.exe [x]
R2 lmhosts323232323232;TCP/IP NetBIOS Helper ;c:\programdata\msexch4032.exe [x]
R2 LMS32;Intel® Management and Security Application Local Management Service ;c:\programdata\dbnetlib32.exe [x]
R2 Mcx2Svc32;Media Center Extender Service ;c:\programdata\dmusic32.exe [x]
R2 Mcx2Svc3232;Media Center Extender Service ;c:\programdata\msjet4032.exe [x]
R2 Mcx2Svc323232;Media Center Extender Service ;c:\programdata\batmeter32.exe [x]
R2 Mcx2Svc32323232;Media Center Extender Service ;c:\programdata\ogldrv32.exe [x]
R2 Mcx2Svc3232323232;Media Center Extender Service ;c:\programdata\wlanmsm32.exe [x]
R2 Mcx2Svc323232323232;Media Center Extender Service ;c:\programdata\NcdProp32.exe [x]
R2 MMCSS32;Multimedia Class Scheduler ;c:\programdata\api-ms-win-security-base-l1-1-032.exe [x]
R2 MMCSS3232;Multimedia Class Scheduler ;c:\programdata\COLORCNV32.exe [x]
R2 MMCSS323232;Multimedia Class Scheduler ;c:\programdata\utildll32.exe [x]
R2 MMCSS32323232;Multimedia Class Scheduler ;c:\programdata\KBDEST32.exe [x]
R2 MpsSvc32;Windows Firewall ;c:\programdata\api-ms-win-core-xstate-l1-1-032.exe [x]
R2 MpsSvc3232;Windows Firewall ;c:\programdata\udhisapi32.exe [x]
R2 MpsSvc323232;Windows Firewall ;c:\programdata\KBDUSA32.exe [x]
R2 MpsSvc32323232;Windows Firewall ;c:\programdata\NlsLexicons001832.exe [x]
R2 MpsSvc3232323232;Windows Firewall ;c:\programdata\WMPEncEn32.exe [x]
R2 MpsSvc323232323232;Windows Firewall ;c:\programdata\prflbmsg32.exe [x]
R2 MpsSvc32323232323232;Windows Firewall ;c:\programdata\KBDSL132.exe [x]
R2 MSDTC32;Distributed Transaction Coordinator ;c:\programdata\dhcpcmonitor32.exe [x]
R2 MSDTC3232;Distributed Transaction Coordinator ;c:\programdata\dot3hc32.exe [x]
R2 MSDTC323232;Distributed Transaction Coordinator ;c:\programdata\PortableDeviceConnectApi32.exe [x]
R2 MSDTC32323232;Distributed Transaction Coordinator ;c:\programdata\odtext3232.exe [x]
R2 MSDTC3232323232;Distributed Transaction Coordinator ;c:\programdata\netlogon32.exe [x]
R2 MSDTC323232323232;Distributed Transaction Coordinator ;c:\programdata\iesetup32.exe [x]
R2 MSDTC32323232323232;Distributed Transaction Coordinator ;c:\programdata\tsgqec32.exe [x]
R2 MSiSCSI32;Microsoft iSCSI Initiator Service ;c:\programdata\mprmsg32.exe [x]
R2 MSiSCSI3232;Microsoft iSCSI Initiator Service ;c:\programdata\api-ms-win-core-xstate-l1-1-032.exe [x]
R2 MSiSCSI323232;Microsoft iSCSI Initiator Service ;c:\programdata\mshtmled32.exe [x]
R2 MSiSCSI32323232;Microsoft iSCSI Initiator Service ;c:\programdata\ieakui32.exe [x]
R2 msiserver32;Windows Installer ;c:\programdata\d3dim70032.exe [x]
R2 msiserver3232;Windows Installer ;c:\programdata\NlsLexicons004932.exe [x]
R2 msiserver323232;Windows Installer ;c:\programdata\KBDTH332.exe [x]
R2 msiserver32323232;Windows Installer ;c:\programdata\networkmap32.exe [x]
R2 msiserver3232323232;Windows Installer ;c:\programdata\TaskSchdPS32.exe [x]
R2 msiserver323232323232;Windows Installer ;c:\programdata\ntmarta32.exe [x]
R2 msiserver32323232323232;Windows Installer ;c:\programdata\spwizres32.exe [x]
R2 msiserver3232323232323232;Windows Installer ;c:\programdata\d3dx10_4132.exe [x]
R2 msiserver323232323232323232;Windows Installer ;c:\programdata\d3dx10_4332.exe [x]
R2 MyWiFiDHCPDNS32;Wireless PAN DHCP Server ;c:\programdata\d3dx10_4232.exe [x]
R2 MyWiFiDHCPDNS3232;Wireless PAN DHCP Server ;c:\programdata\KBDTIPRC32.exe [x]
R2 MyWiFiDHCPDNS323232;Wireless PAN DHCP Server ;c:\programdata\asycfilt32.exe [x]
R2 MyWiFiDHCPDNS32323232;Wireless PAN DHCP Server ;c:\programdata\msafd32.exe [x]
R2 MyWiFiDHCPDNS3232323232;Wireless PAN DHCP Server ;c:\programdata\AuthFWGP32.exe [x]
R2 MyWiFiDHCPDNS323232323232;Wireless PAN DHCP Server ;c:\programdata\iasads32.exe [x]
R2 MyWiFiDHCPDNS32323232323232;Wireless PAN DHCP Server ;c:\programdata\cliconfg32.exe [x]
R2 napagent32;Network Access Protection Agent ;c:\programdata\ieakeng32.exe [x]
R2 napagent3232;Network Access Protection Agent ;c:\programdata\PresentationHostProxy32.exe [x]
R2 napagent323232;Network Access Protection Agent ;c:\programdata\d3dxof32.exe [x]
R2 napagent32323232;Network Access Protection Agent ;c:\programdata\iesysprep32.exe [x]
R2 Netlogon32;Netlogon ;c:\programdata\rasgcw32.exe [x]
R2 Netlogon3232;Netlogon ;c:\programdata\UIAutomationCore32.exe [x]
R2 Netlogon323232;Netlogon ;c:\programdata\XpsGdiConverter32.exe [x]
R2 Netlogon32323232;Netlogon ;c:\programdata\dmdlgs32.exe [x]
R2 Netlogon3232323232;Netlogon ;c:\programdata\nshhttp32.exe [x]
R2 Netlogon323232323232;Netlogon ;c:\programdata\ieakeng32.exe [x]
R2 Netlogon32323232323232;Netlogon ;c:\programdata\avicap3232.exe [x]
R2 Netlogon3232323232323232;Netlogon ;c:\programdata\adsldp32.exe [x]
R2 Netlogon323232323232323232;Netlogon ;c:\programdata\tquery32.exe [x]
R2 Netman3232;Network Connections ;c:\programdata\ctl3d3232.exe [x]
R2 Netman323232;Network Connections ;c:\programdata\KBDCA32.exe [x]
R2 Netman32323232;Network Connections ;c:\programdata\user3232.exe [x]
R2 NetMsmqActivator32;Net.Msmq Listener Adapter ;c:\programdata\Vault32.exe [x]
R2 NetMsmqActivator3232;Net.Msmq Listener Adapter ;c:\programdata\DDACLSys32.exe [x]
R2 NetMsmqActivator323232;Net.Msmq Listener Adapter ;c:\programdata\mshtmler32.exe [x]
R2 NetMsmqActivator32323232;Net.Msmq Listener Adapter ;c:\programdata\kbd101c32.exe [x]
R2 NetMsmqActivator3232323232;Net.Msmq Listener Adapter ;c:\programdata\msvcrt32.exe [x]
R2 NetMsmqActivator323232323232;Net.Msmq Listener Adapter ;c:\programdata\AltTab32.exe [x]
R2 NetPipeActivator32;Net.Pipe Listener Adapter ;c:\programdata\mcicda32.exe [x]
R2 NetPipeActivator3232;Net.Pipe Listener Adapter ;c:\programdata\tzres32.exe [x]
R2 NetPipeActivator323232;Net.Pipe Listener Adapter ;c:\programdata\msnetobj32.exe [x]
R2 NetPipeActivator32323232;Net.Pipe Listener Adapter ;c:\programdata\occache32.exe [x]
R2 NetPipeActivator3232323232;Net.Pipe Listener Adapter ;c:\programdata\cca32.exe [x]
R2 netprofm32;Network List Service ;c:\programdata\KBDLT232.exe [x]
R2 netprofm3232;Network List Service ;c:\programdata\wmvdspa32.exe [x]
R2 netprofm323232;Network List Service ;c:\programdata\nci32.exe [x]
R2 netprofm32323232;Network List Service ;c:\programdata\dpnhpast32.exe [x]
R2 netprofm3232323232;Network List Service ;c:\programdata\KBDBGPH32.exe [x]
R2 netprofm323232323232;Network List Service ;c:\programdata\RPCNDFP32.exe [x]
R2 netprofm32323232323232;Network List Service ;c:\programdata\dxtrans32.exe [x]
R2 netprofm3232323232323232;Network List Service ;c:\programdata\perfctrs32.exe [x]
R2 NetTcpActivator32;Net.Tcp Listener Adapter ;c:\programdata\api-ms-win-core-synch-l1-1-032.exe [x]
R2 NetTcpActivator3232;Net.Tcp Listener Adapter ;c:\programdata\ActionCenterCPL32.exe [x]
R2 NetTcpActivator323232;Net.Tcp Listener Adapter ;c:\programdata\wevtapi32.exe [x]
R2 NetTcpPortSharing32;Net.Tcp Port Sharing Service ;c:\programdata\wdi32.exe [x]
R2 NetTcpPortSharing3232;Net.Tcp Port Sharing Service ;c:\programdata\P2PGraph32.exe [x]
R2 NetTcpPortSharing323232;Net.Tcp Port Sharing Service ;c:\programdata\KBDNO32.exe [x]
R2 NlaSvc32;Network Location Awareness ;c:\programdata\KBDKHMR32.exe [x]
R2 NlaSvc3232;Network Location Awareness ;c:\programdata\srvcli32.exe [x]
R2 NlaSvc323232;Network Location Awareness ;c:\programdata\ir41_qc32.exe [x]
R2 NlaSvc32323232;Network Location Awareness ;c:\programdata\clbcatq32.exe [x]
R2 NlaSvc3232323232;Network Location Awareness ;c:\programdata\localsec32.exe [x]
R2 NlaSvc323232323232;Network Location Awareness ;c:\programdata\DWrite32.exe [x]
R2 NlaSvc32323232323232;Network Location Awareness ;c:\programdata\rasplap32.exe [x]
R2 NlaSvc3232323232323232;Network Location Awareness ;c:\programdata\bitsprx432.exe [x]
R2 NlaSvc323232323232323232;Network Location Awareness ;c:\programdata\sppcc32.exe [x]
R2 nsi32;Network Store Interface Service ;c:\programdata\setupcln32.exe [x]
R2 nsi3232;Network Store Interface Service ;c:\programdata\DevicePairingProxy32.exe [x]
R2 nsi323232;Network Store Interface Service ;c:\programdata\dot3gpclnt32.exe [x]
R2 nsi32323232;Network Store Interface Service ;c:\programdata\mferror32.exe [x]
R2 nsi3232323232;Network Store Interface Service ;c:\programdata\mstscax32.exe [x]
R2 nsi323232323232;Network Store Interface Service ;c:\programdata\msvcrt4032.exe [x]
R2 nsi32323232323232;Network Store Interface Service ;c:\programdata\mswstr1032.exe [x]
R2 nsi3232323232323232;Network Store Interface Service ;c:\programdata\KBDROPR32.exe [x]
R2 Oasis2Service32;Oasis2Service ;c:\programdata\RESAMPLEDMO32.exe [x]
R2 Oasis2Service3232;Oasis2Service ;c:\programdata\adsldpc32.exe [x]
R2 Oasis2Service323232;Oasis2Service ;c:\programdata\version32.exe [x]
R2 Oasis2Service32323232;Oasis2Service ;c:\programdata\Apphlpdm32.exe [x]
R2 Oasis2Service3232323232;Oasis2Service ;c:\programdata\netfxperf32.exe [x]
R2 Oasis2Service323232323232;Oasis2Service ;c:\programdata\dnscmmc32.exe [x]
R2 Oasis2Service32323232323232;Oasis2Service ;c:\programdata\napipsec32.exe [x]
R2 ose32;Office Source Engine ;c:\programdata\api-ms-win-core-interlocked-l1-1-032.exe [x]
R2 ose3232;Office Source Engine ;c:\programdata\wmdmps32.exe [x]
R2 ose323232;Office Source Engine ;c:\programdata\mssprxy32.exe [x]
R2 ose32323232;Office Source Engine ;c:\programdata\KBDLV132.exe [x]
R2 ose3232323232;Office Source Engine ;c:\programdata\taskcomp32.exe [x]
R2 osppsvc32;Office Software Protection Platform ;c:\programdata\netiohlp32.exe [x]
R2 osppsvc3232;Office Software Protection Platform ;c:\programdata\winsta32.exe [x]
R2 osppsvc323232;Office Software Protection Platform ;c:\programdata\dxtmsft32.exe [x]
R2 osppsvc32323232;Office Software Protection Platform ;c:\programdata\wmdrmdev32.exe [x]
R2 osppsvc3232323232;Office Software Protection Platform ;c:\programdata\tsbyuv32.exe [x]
R2 osppsvc323232323232;Office Software Protection Platform ;c:\programdata\NlsLexicons000332.exe [x]
R2 osppsvc32323232323232;Office Software Protection Platform ;c:\programdata\KBDTH132.exe [x]
R2 osppsvc3232323232323232;Office Software Protection Platform ;c:\programdata\icardres32.exe [x]
R2 p2pimsvc32;Peer Networking Identity Manager ;c:\programdata\spwmp32.exe [x]
R2 p2pimsvc3232;Peer Networking Identity Manager ;c:\programdata\RstrtMgr32.exe [x]
R2 p2pimsvc323232;Peer Networking Identity Manager ;c:\programdata\sqlwoa32.exe [x]
R2 p2pimsvc32323232;Peer Networking Identity Manager ;c:\programdata\StorageContextHandler32.exe [x]
R2 p2pimsvc3232323232;Peer Networking Identity Manager ;c:\programdata\shunimpl32.exe [x]
R2 p2pimsvc323232323232;Peer Networking Identity Manager ;c:\programdata\wshext32.exe [x]
R2 p2pimsvc32323232323232;Peer Networking Identity Manager ;c:\programdata\Faultrep32.exe [x]
R2 p2psvc32;Peer Networking Grouping ;c:\programdata\pnpsetup32.exe [x]
R2 p2psvc3232;Peer Networking Grouping ;c:\programdata\D3DX9_4232.exe [x]
R2 p2psvc323232;Peer Networking Grouping ;c:\programdata\KBDAZE32.exe [x]
R2 p2psvc32323232;Peer Networking Grouping ;c:\programdata\mssitlb32.exe [x]
R2 p2psvc3232323232;Peer Networking Grouping ;c:\programdata\netfxperf32.exe [x]
R2 p2psvc323232323232;Peer Networking Grouping ;c:\programdata\api-ms-win-core-libraryloader-l1-1-032.exe [x]
R2 PcaSvc32;Program Compatibility Assistant Service ;c:\programdata\Sens32.exe [x]
R2 PcaSvc3232;Program Compatibility Assistant Service ;c:\programdata\psisdecd32.exe [x]
R2 PcaSvc323232;Program Compatibility Assistant Service ;c:\programdata\accessibilitycpl32.exe [x]
R2 PcaSvc32323232;Program Compatibility Assistant Service ;c:\programdata\sberes32.exe [x]
R2 PerfHost32;Performance Counter DLL Host ;c:\programdata\mfc100kor32.exe [x]
R2 PerfHost3232;Performance Counter DLL Host ;c:\programdata\adsmsext32.exe [x]
R2 PerfHost323232;Performance Counter DLL Host ;c:\programdata\KBDMAC32.exe [x]
R2 PerfHost32323232;Performance Counter DLL Host ;c:\programdata\NlsLexicons002032.exe [x]
R2 PerfHost3232323232;Performance Counter DLL Host ;c:\programdata\XAudio2_532.exe [x]
R2 PerfHost323232323232;Performance Counter DLL Host ;c:\programdata\msasn132.exe [x]
R2 PerfHost32323232323232;Performance Counter DLL Host ;c:\programdata\api-ms-win-core-sysinfo-l1-1-032.exe [x]
R2 PerfHost3232323232323232;Performance Counter DLL Host ;c:\programdata\mfcm10032.exe [x]
R2 PerfHost323232323232323232;Performance Counter DLL Host ;c:\programdata\NlsLexicons000132.exe [x]
R2 PerfHost32323232323232323232;Performance Counter DLL Host ;c:\programdata\nsi32.exe [x]
R2 pla32;Performance Logs & Alerts ;c:\programdata\eventcls32.exe [x]
R2 pla3232;Performance Logs & Alerts ;c:\programdata\rdpencom32.exe [x]
R2 pla323232;Performance Logs & Alerts ;c:\programdata\tapi3232.exe [x]
R2 pla32323232;Performance Logs & Alerts ;c:\programdata\PortableDeviceWMDRM32.exe [x]
R2 pla3232323232;Performance Logs & Alerts ;c:\programdata\CertEnrollUI32.exe [x]
R2 PlugPlay32;Plug and Play ;c:\programdata\cliconfg32.exe [x]
R2 PlugPlay3232;Plug and Play ;c:\programdata\KBDROST32.exe [x]
R2 PlugPlay323232;Plug and Play ;c:\programdata\gameux32.exe [x]
R2 PlugPlay32323232;Plug and Play ;c:\programdata\fphc32.exe [x]
R2 PlugPlay3232323232;Plug and Play ;c:\programdata\QCLIPROV32.exe [x]
R2 PlugPlay323232323232;Plug and Play ;c:\programdata\migisol32.exe [x]
R2 PMBDeviceInfoProvider32;PMBDeviceInfoProvider ;c:\programdata\KBDTH332.exe [x]
R2 PMBDeviceInfoProvider3232;PMBDeviceInfoProvider ;c:\programdata\olecli3232.exe [x]
R2 PMBDeviceInfoProvider323232;PMBDeviceInfoProvider ;c:\programdata\KBDPL132.exe [x]
R2 PMBDeviceInfoProvider32323232;PMBDeviceInfoProvider ;c:\programdata\XInput9_1_032.exe [x]
R2 PMBDeviceInfoProvider3232323232;PMBDeviceInfoProvider ;c:\programdata\shell3232.exe [x]
R2 PMBDeviceInfoProvider323232323232;PMBDeviceInfoProvider ;c:\programdata\pidgenx32.exe [x]
R2 PMBDeviceInfoProvider32323232323232;PMBDeviceInfoProvider ;c:\programdata\softpub32.exe [x]
R2 PMBDeviceInfoProvider3232323232323232;PMBDeviceInfoProvider ;c:\programdata\npmproxy32.exe [x]
R2 PMBDeviceInfoProvider323232323232323232;PMBDeviceInfoProvider ;c:\programdata\dsuiext32.exe [x]
R2 PNRPAutoReg32;PNRP Machine Name Publication Service ;c:\programdata\umdmxfrm32.exe [x]
R2 PNRPAutoReg3232;PNRP Machine Name Publication Service ;c:\programdata\srclient32.exe [x]
R2 PNRPAutoReg323232;PNRP Machine Name Publication Service ;c:\programdata\vfpodbc32.exe [x]
R2 PNRPAutoReg32323232;PNRP Machine Name Publication Service ;c:\programdata\KBDURDU32.exe [x]
R2 PNRPAutoReg3232323232;PNRP Machine Name Publication Service ;c:\programdata\deskmon32.exe [x]
R2 PNRPAutoReg323232323232;PNRP Machine Name Publication Service ;c:\programdata\mtxex32.exe [x]
R2 PNRPAutoReg32323232323232;PNRP Machine Name Publication Service ;c:\programdata\SmartcardCredentialProvider32.exe [x]
R2 PNRPsvc32;Peer Name Resolution Protocol ;c:\programdata\rnr2032.exe [x]
R2 PNRPsvc3232;Peer Name Resolution Protocol ;c:\programdata\KBDINMAL32.exe [x]
R2 PNRPsvc323232;Peer Name Resolution Protocol ;c:\programdata\mfdvdec32.exe [x]
R2 PolicyAgent3232;IPsec Policy Agent ;c:\programdata\cabview32.exe [x]
R2 PolicyAgent323232;IPsec Policy Agent ;c:\programdata\shwebsvc32.exe [x]
R2 PolicyAgent32323232;IPsec Policy Agent ;c:\programdata\imapi2fs32.exe [x]
R2 Power32;Power ;c:\programdata\NlsData002032.exe [x]
R2 Power3232;Power ;c:\programdata\msdtcVSp1res32.exe [x]
R2 Power323232;Power ;c:\programdata\vssapi32.exe [x]
R2 Power32323232;Power ;c:\programdata\oleaut3232.exe [x]
R2 Power3232323232;Power ;c:\programdata\wpdwcn32.exe [x]
R2 ProfSvc32;User Profile Service ;c:\programdata\snmpapi32.exe [x]
R2 ProfSvc3232;User Profile Service ;c:\programdata\eapp3hst32.exe [x]
R2 ProfSvc323232;User Profile Service ;c:\programdata\glmf3232.exe [x]
R2 ProfSvc32323232;User Profile Service ;c:\programdata\wshrm32.exe [x]
R2 ProtectedStorage32;Protected Storage ;c:\programdata\wer32.exe [x]
R2 PSI_SVC_232;Protexis Licensing V2 ;c:\programdata\kbd10332.exe [x]
R2 PSI_SVC_23232;Protexis Licensing V2 ;c:\programdata\RESAMPLEDMO32.exe [x]
R2 PSI_SVC_2323232;Protexis Licensing V2 ;c:\programdata\ufat32.exe [x]
R2 QWAVE32;Quality Windows Audio Video Experience ;c:\programdata\perfnet32.exe [x]
R2 QWAVE3232;Quality Windows Audio Video Experience ;c:\programdata\tapisrv32.exe [x]
R2 QWAVE323232;Quality Windows Audio Video Experience ;c:\programdata\ncrypt32.exe [x]
R2 QWAVE32323232;Quality Windows Audio Video Experience ;c:\programdata\NlsLexicons000132.exe [x]
R2 QWAVE3232323232;Quality Windows Audio Video Experience ;c:\programdata\comsnap32.exe [x]
R2 QWAVE323232323232;Quality Windows Audio Video Experience ;c:\programdata\DevicePairingFolder32.exe [x]
R2 QWAVE32323232323232;Quality Windows Audio Video Experience ;c:\programdata\dpapiprovider32.exe [x]
R2 QWAVE3232323232323232;Quality Windows Audio Video Experience ;c:\programdata\ir32_3232.exe [x]
R2 QWAVE323232323232323232;Quality Windows Audio Video Experience ;c:\programdata\Apphlpdm32.exe [x]
R2 RasAuto32;Remote Access Auto Connection Manager ;c:\programdata\ndiscapCfg32.exe [x]
R2 RasAuto3232;Remote Access Auto Connection Manager ;c:\programdata\WebClnt32.exe [x]
R2 RasAuto323232;Remote Access Auto Connection Manager ;c:\programdata\api-ms-win-core-localization-l1-1-032.exe [x]
R2 RasAuto32323232;Remote Access Auto Connection Manager ;c:\programdata\iesetup32.exe [x]
R2 RasAuto3232323232;Remote Access Auto Connection Manager ;c:\programdata\mssvp32.exe [x]
R2 RasAuto323232323232;Remote Access Auto Connection Manager ;c:\programdata\iprtrmgr32.exe [x]
R2 RasAuto32323232323232;Remote Access Auto Connection Manager ;c:\programdata\networkexplorer32.exe [x]
R2 RasMan32;Remote Access Connection Manager ;c:\programdata\unimdmat32.exe [x]
R2 RasMan3232;Remote Access Connection Manager ;c:\programdata\KBDHE22032.exe [x]
R2 RegSrvc32;Intel® PROSet/Wireless Registry Service ;c:\programdata\dfshim32.exe [x]
R2 RegSrvc3232;Intel® PROSet/Wireless Registry Service ;c:\programdata\DevicePairingHandler32.exe [x]
R2 RegSrvc323232;Intel® PROSet/Wireless Registry Service ;c:\programdata\NlsData000332.exe [x]
R2 RegSrvc32323232;Intel® PROSet/Wireless Registry Service ;c:\programdata\ole3232.exe [x]
R2 RegSrvc3232323232;Intel® PROSet/Wireless Registry Service ;c:\programdata\secproc_ssp_isv32.exe [x]
R2 RegSrvc323232323232;Intel® PROSet/Wireless Registry Service ;c:\programdata\CPFilters32.exe [x]
R2 RegSrvc32323232323232;Intel® PROSet/Wireless Registry Service ;c:\programdata\storage32.exe [x]
R2 RegSrvc3232323232323232;Intel® PROSet/Wireless Registry Service ;c:\programdata\opengl3232.exe [x]
R2 RemoteAccess32;Routing and Remote Access ;c:\programdata\inetcomm32.exe [x]
R2 RemoteAccess3232;Routing and Remote Access ;c:\programdata\KBDHEB32.exe [x]
R2 RemoteAccess323232;Routing and Remote Access ;c:\programdata\imapi232.exe [x]
R2 RemoteAccess32323232;Routing and Remote Access ;c:\programdata\SensorsCpl32.exe [x]
R2 RemoteAccess3232323232;Routing and Remote Access ;c:\programdata\WiaExtensionHost6432.exe [x]
R2 RemoteAccess323232323232;Routing and Remote Access ;c:\programdata\dxtrans32.exe [x]
R2 RemoteAccess32323232323232;Routing and Remote Access ;c:\programdata\NlsLexicons002632.exe [x]
R2 RemoteAccess3232323232323232;Routing and Remote Access ;c:\programdata\lz3232.exe [x]
R2 RemoteRegistry3232;Remote Registry ;c:\programdata\devobj32.exe [x]
R2 RemoteRegistry323232;Remote Registry ;c:\programdata\syncui32.exe [x]
R2 RemoteRegistry32323232;Remote Registry ;c:\programdata\msvcr7132.exe [x]
R2 RemoteRegistry3232323232;Remote Registry ;c:\programdata\KBDGRLND32.exe [x]
R2 RemoteRegistry323232323232;Remote Registry ;c:\programdata\kbd106n32.exe [x]
R2 RemoteRegistry32323232323232;Remote Registry ;c:\programdata\nsi32.exe [x]
R2 RemoteRegistry3232323232323232;Remote Registry ;c:\programdata\WsmRes32.exe [x]
R2 RemoteRegistry323232323232323232;Remote Registry ;c:\programdata\PortableDeviceStatus32.exe [x]
R2 RemoteRegistry32323232323232323232;Remote Registry ;c:\programdata\shellstyle32.exe [x]
R2 RemoteRegistry3232323232323232323232;Remote Registry ;c:\programdata\provsvc32.exe [x]
R2 RemoteRegistry323232323232323232323232;Remote Registry ;c:\programdata\stclient32.exe [x]
R2 RpcEptMapper32;RPC Endpoint Mapper ;c:\programdata\chtbrkr32.exe [x]
R2 RpcEptMapper3232;RPC Endpoint Mapper ;c:\programdata\ieaksie32.exe [x]
R2 RpcEptMapper323232;RPC Endpoint Mapper ;c:\programdata\amxread32.exe [x]
R2 RpcEptMapper32323232;RPC Endpoint Mapper ;c:\programdata\d3dramp32.exe [x]
R2 RpcLocator3232;Remote Procedure Call (RPC) Locator ;c:\programdata\msports32.exe [x]
R2 RpcLocator323232;Remote Procedure Call (RPC) Locator ;c:\programdata\cdosys32.exe [x]
R2 RpcLocator32323232;Remote Procedure Call (RPC) Locator ;c:\programdata\pwrshplugin32.exe [x]
R2 RpcSs3232;Remote Procedure Call (RPC) ;c:\programdata\winhttp32.exe [x]
R2 RpcSs323232;Remote Procedure Call (RPC) ;c:\programdata\iprtprio32.exe [x]
R2 RpcSs32323232;Remote Procedure Call (RPC) ;c:\programdata\xwizards32.exe [x]
R2 RpcSs3232323232;Remote Procedure Call (RPC) ;c:\programdata\PhotoMetadataHandler32.exe [x]
R2 RpcSs323232323232;Remote Procedure Call (RPC) ;c:\programdata\WcnEapPeerProxy32.exe [x]
R2 SampleCollector32;VAIO Care Performance Service ;c:\programdata\msacm3232.exe [x]
R2 SampleCollector3232;VAIO Care Performance Service ;c:\programdata\api-ms-win-core-fibers-l1-1-032.exe [x]
R2 SampleCollector323232;VAIO Care Performance Service ;c:\programdata\win32spl32.exe [x]
R2 SampleCollector32323232;VAIO Care Performance Service ;c:\programdata\icmui32.exe [x]
R2 SampleCollector3232323232;VAIO Care Performance Service ;c:\programdata\puiobj32.exe [x]
R2 SamSs32;Security Accounts Manager ;c:\programdata\FirewallAPI32.exe [x]
R2 SamSs3232;Security Accounts Manager ;c:\programdata\KBDINDEV32.exe [x]
R2 SamSs323232;Security Accounts Manager ;c:\programdata\ndishc32.exe [x]
R2 SamSs32323232;Security Accounts Manager ;c:\programdata\wiadefui32.exe [x]
R2 SamSs3232323232;Security Accounts Manager ;c:\programdata\msimtf32.exe [x]
R2 SCardSvr32;Smart Card ;c:\programdata\KBDMAORI32.exe [x]
R2 SCardSvr3232;Smart Card ;c:\programdata\NlsData081a32.exe [x]
R2 SCardSvr323232;Smart Card ;c:\programdata\KBDHEPT32.exe [x]
R2 SCardSvr32323232;Smart Card ;c:\programdata\Faultrep32.exe [x]
R2 SCardSvr3232323232;Smart Card ;c:\programdata\RtsPStorIcon32.exe [x]
R2 SCardSvr323232323232;Smart Card ;c:\programdata\atl10032.exe [x]
R2 SCardSvr32323232323232;Smart Card ;c:\programdata\netprofm32.exe [x]
R2 SCardSvr3232323232323232;Smart Card ;c:\programdata\TapiSysprep32.exe [x]
R2 SCardSvr323232323232323232;Smart Card ;c:\programdata\wintrust32.exe [x]
R2 Schedule3232;Task Scheduler ;c:\programdata\FXSCOMEX32.exe [x]
R2 Schedule323232;Task Scheduler ;c:\programdata\KBDBHC32.exe [x]
R2 Schedule32323232;Task Scheduler ;c:\programdata\sqlceqp3032.exe [x]
R2 Schedule3232323232;Task Scheduler ;c:\programdata\d3dx9_3232.exe [x]
R2 SCPolicySvc32;Smart Card Removal Policy ;c:\programdata\mapistub32.exe [x]
R2 SCPolicySvc3232;Smart Card Removal Policy ;c:\programdata\wcnwiz32.exe [x]
R2 SCPolicySvc323232;Smart Card Removal Policy ;c:\programdata\InkEd32.exe [x]
R2 SCPolicySvc32323232;Smart Card Removal Policy ;c:\programdata\rasgcw32.exe [x]
R2 SDRSVC32;Windows Backup ;c:\programdata\p2pnetsh32.exe [x]
R2 SDRSVC3232;Windows Backup ;c:\programdata\authui32.exe [x]
R2 SDRSVC323232;Windows Backup ;c:\programdata\packager32.exe [x]
R2 SDRSVC32323232;Windows Backup ;c:\programdata\oleprn32.exe [x]
R2 SDRSVC3232323232;Windows Backup ;c:\programdata\iasrad32.exe [x]
R2 SDRSVC323232323232;Windows Backup ;c:\programdata\KBDSL132.exe [x]
R2 SDRSVC32323232323232;Windows Backup ;c:\programdata\uicom32.exe [x]
R2 SDRSVC3232323232323232;Windows Backup ;c:\programdata\oleacc32.exe [x]
R2 SDRSVC323232323232323232;Windows Backup ;c:\programdata\msmpeg2vdec32.exe [x]
R2 SDRSVC32323232323232323232;Windows Backup ;c:\programdata\mscoree32.exe [x]
R2 seclogon3232;Secondary Logon ;c:\programdata\findnetprinters32.exe [x]
R2 seclogon323232;Secondary Logon ;c:\programdata\catsrvut32.exe [x]
R2 seclogon32323232;Secondary Logon ;c:\programdata\KBDTIPRC32.exe [x]
R2 SENS32;System Event Notification Service ;c:\programdata\nvwgf2um32.exe [x]
R2 SENS3232;System Event Notification Service ;c:\programdata\pngfilt32.exe [x]
R2 SENS323232;System Event Notification Service ;c:\programdata\keyiso32.exe [x]
R2 SENS32323232;System Event Notification Service ;c:\programdata\aaclient32.exe [x]
R2 SENS3232323232;System Event Notification Service ;c:\programdata\wlandlg32.exe [x]
R2 SensrSvc32;Adaptive Brightness ;c:\programdata\winnsi32.exe [x]
R2 SensrSvc3232;Adaptive Brightness ;c:\programdata\WindowsCodecsExt32.exe [x]
R2 SensrSvc323232;Adaptive Brightness ;c:\programdata\onex32.exe [x]
R2 SensrSvc32323232;Adaptive Brightness ;c:\programdata\dsquery32.exe [x]
R2 SensrSvc3232323232;Adaptive Brightness ;c:\programdata\cryptnet32.exe [x]
R2 SensrSvc323232323232;Adaptive Brightness ;c:\programdata\umdmxfrm32.exe [x]
R2 SessionEnv32;Remote Desktop Configuration ;c:\programdata\KBDMLT4732.exe [x]
R2 SessionEnv3232;Remote Desktop Configuration ;c:\programdata\winsta32.exe [x]
R2 SessionEnv323232;Remote Desktop Configuration ;c:\programdata\eventcls32.exe [x]
R2 SessionEnv32323232;Remote Desktop Configuration ;c:\programdata\winipsec32.exe [x]
R2 SessionEnv3232323232;Remote Desktop Configuration ;c:\programdata\KBDCZ132.exe [x]
R2 SessionEnv323232323232;Remote Desktop Configuration ;c:\programdata\txflog32.exe [x]
R2 SessionEnv32323232323232;Remote Desktop Configuration ;c:\programdata\compobj32.exe [x]
R2 SessionEnv3232323232323232;Remote Desktop Configuration ;c:\programdata\odbcconf32.exe [x]
R2 SessionEnv323232323232323232;Remote Desktop Configuration ;c:\programdata\wshirda32.exe [x]
R2 sftlist32;Application Virtualization Client ;c:\programdata\vssapi32.exe [x]
R2 sftlist3232;Application Virtualization Client ;c:\programdata\winnsi32.exe [x]
R2 sftlist323232;Application Virtualization Client ;c:\programdata\wscisvif32.exe [x]
R2 sftlist32323232;Application Virtualization Client ;c:\programdata\dataclen32.exe [x]
R2 sftlist3232323232;Application Virtualization Client ;c:\programdata\mfc100cht32.exe [x]
R2 sftvsa32;Application Virtualization Service Agent ;c:\programdata\msls3132.exe [x]
R2 sftvsa3232;Application Virtualization Service Agent ;c:\programdata\d3d10warp32.exe [x]
R2 sftvsa323232;Application Virtualization Service Agent ;c:\programdata\BOOTVID32.exe [x]
R2 SharedAccess3232;Internet Connection Sharing (ICS) ;c:\programdata\dskquota32.exe [x]
R2 SharedAccess323232;Internet Connection Sharing (ICS) ;c:\programdata\api-ms-win-core-datetime-l1-1-032.exe [x]
R2 SharedAccess32323232;Internet Connection Sharing (ICS) ;c:\programdata\mshtmpgr32.exe [x]
R2 SharedAccess3232323232;Internet Connection Sharing (ICS) ;c:\windows\system32\WMSPDMOD32.exe [x]
R2 ShellHWDetection32;Shell Hardware Detection ;c:\programdata\wlanapi32.exe [x]
R2 ShellHWDetection3232;Shell Hardware Detection ;c:\programdata\catsrv32.exe [x]
R2 ShellHWDetection323232;Shell Hardware Detection ;c:\programdata\msvcrt2032.exe [x]
R2 ShellHWDetection32323232;Shell Hardware Detection ;c:\programdata\dfshim32.exe [x]
R2 ShellHWDetection3232323232;Shell Hardware Detection ;c:\programdata\schannel32.exe [x]
R2 SNMPTRAP32;SNMP Trap ;c:\programdata\kbd101c32.exe [x]
R2 SNMPTRAP3232;SNMP Trap ;c:\programdata\dmloader32.exe [x]
R2 SOHCImp32;VAIO Content Importer ;c:\programdata\ieframe32.exe [x]
R2 SOHCImp3232;VAIO Content Importer ;c:\programdata\mfc100chs32.exe [x]
R2 SOHCImp323232;VAIO Content Importer ;c:\programdata\wshelper32.exe [x]
R2 SOHCImp32323232;VAIO Content Importer ;c:\programdata\winbrand32.exe [x]
R2 SOHCImp3232323232;VAIO Content Importer ;c:\programdata\NlsData002432.exe [x]
R2 SOHCImp323232323232;VAIO Content Importer ;c:\programdata\NlsData002232.exe [x]
R2 SOHCImp32323232323232;VAIO Content Importer ;c:\programdata\xwtpdui32.exe [x]
R2 SOHCImp3232323232323232;VAIO Content Importer ;c:\programdata\NaturalLanguage632.exe [x]
R2 SOHCImp323232323232323232;VAIO Content Importer ;c:\programdata\KBDHELA332.exe [x]
R2 SOHCImp32323232323232323232;VAIO Content Importer ;c:\programdata\xpssvcs32.exe [x]
R2 SOHCImp3232323232323232323232;VAIO Content Importer ;c:\programdata\bitsprx232.exe [x]
R2 SOHDs32;VAIO Device Searcher ;c:\programdata\ACCTRES32.exe [x]
R2 SOHDs3232;VAIO Device Searcher ;c:\programdata\onexui32.exe [x]
R2 SOHDs323232;VAIO Device Searcher ;c:\programdata\NlsLexicons000332.exe [x]
R2 SpfService32;VAIO Entertainment Common Service ;c:\programdata\cabview32.exe [x]
R2 SpfService3232;VAIO Entertainment Common Service ;c:\programdata\davhlpr32.exe [x]
R2 SpfService323232;VAIO Entertainment Common Service ;c:\programdata\RacEngn32.exe [x]
R2 Spooler32;Print Spooler ;c:\programdata\WSManMigrationPlugin32.exe [x]
R2 sppsvc32;Software Protection ;c:\programdata\iaspolcy32.exe [x]
R2 sppsvc3232;Software Protection ;c:\programdata\mswstr1032.exe [x]
R2 sppsvc323232;Software Protection ;c:\programdata\esent32.exe [x]
R2 sppsvc32323232;Software Protection ;c:\programdata\odbccp3232.exe [x]
R2 sppsvc3232323232;Software Protection ;c:\programdata\imapi232.exe [x]
R2 sppsvc323232323232;Software Protection ;c:\programdata\gdi3232.exe [x]
R2 sppuinotify32;SPP Notification Service ;c:\programdata\KBDMLT4832.exe [x]
R2 sppuinotify3232;SPP Notification Service ;c:\programdata\DeviceCenter32.exe [x]
R2 sppuinotify323232;SPP Notification Service ;c:\programdata\uxtheme32.exe [x]
R2 sppuinotify32323232;SPP Notification Service ;c:\programdata\msident32.exe [x]
R2 sppuinotify3232323232;SPP Notification Service ;c:\programdata\dpnathlp32.exe [x]
R2 SSDPSRV3232;SSDP Discovery ;c:\programdata\fms32.exe [x]
R2 SSDPSRV323232;SSDP Discovery ;c:\programdata\certCredProvider32.exe [x]
R2 SSDPSRV32323232;SSDP Discovery ;c:\programdata\msfeedsbs32.exe [x]
R2 SSDPSRV3232323232;SSDP Discovery ;c:\programdata\msltus4032.exe [x]
R2 SSDPSRV323232323232;SSDP Discovery ;c:\programdata\wuwebv32.exe [x]
R2 SSDPSRV32323232323232;SSDP Discovery ;c:\programdata\msctfui32.exe [x]
R2 SSDPSRV3232323232323232;SSDP Discovery ;c:\programdata\ieakeng32.exe [x]
R2 SSDPSRV323232323232323232;SSDP Discovery ;c:\programdata\NlsLexicons081632.exe [x]
R2 SSDPSRV32323232323232323232;SSDP Discovery ;c:\programdata\sspicli32.exe [x]
R2 SstpSvc32;Secure Socket Tunneling Protocol Service ;c:\programdata\ole2disp32.exe [x]
R2 SstpSvc3232;Secure Socket Tunneling Protocol Service ;c:\programdata\KBDGAE32.exe [x]
R2 SstpSvc323232;Secure Socket Tunneling Protocol Service ;c:\programdata\rpchttp32.exe [x]
R2 SstpSvc32323232;Secure Socket Tunneling Protocol Service ;c:\programdata\sud32.exe [x]
R2 SstpSvc3232323232;Secure Socket Tunneling Protocol Service ;c:\programdata\NlsData004c32.exe [x]
R2 SstpSvc323232323232;Secure Socket Tunneling Protocol Service ;c:\programdata\fmifs32.exe [x]
R2 SstpSvc32323232323232;Secure Socket Tunneling Protocol Service ;c:\programdata\avifil3232.exe [x]
R2 stisvc3232;Windows Image Acquisition (WIA) ;c:\programdata\KBDRO32.exe [x]
R2 stisvc323232;Windows Image Acquisition (WIA) ;c:\programdata\mshtml32.exe [x]
R2 stisvc32323232;Windows Image Acquisition (WIA) ;c:\programdata\sdiageng32.exe [x]
R2 swprv32;Microsoft Software Shadow Copy Provider ;c:\programdata\FM20ESP32.exe [x]
R2 swprv3232;Microsoft Software Shadow Copy Provider ;c:\programdata\ufat32.exe [x]
R2 swprv323232;Microsoft Software Shadow Copy Provider ;c:\programdata\netevent32.exe [x]
R2 swprv32323232;Microsoft Software Shadow Copy Provider ;c:\programdata\comuid32.exe [x]
R2 swprv3232323232;Microsoft Software Shadow Copy Provider ;c:\programdata\signdrv32.exe [x]
R2 swprv323232323232;Microsoft Software Shadow Copy Provider ;c:\programdata\KBDBULG32.exe [x]
R2 SysMain32;Superfetch ;c:\windows\system32\KBDHAU32.exe [x]
R2 SysMain3232;Superfetch ;c:\programdata\webcheck32.exe [x]
R2 SysMain323232;Superfetch ;c:\programdata\tlscsp32.exe [x]
R2 SysMain32323232;Superfetch ;c:\programdata\KBDFO32.exe [x]
R2 SysMain3232323232;Superfetch ;c:\programdata\KBDDIV232.exe [x]
R2 SysMain323232323232;Superfetch ;c:\programdata\FWPUCLNT32.exe [x]
R2 SysMain32323232323232;Superfetch ;c:\programdata\WWanAPI32.exe [x]
R2 SysMain3232323232323232;Superfetch ;c:\programdata\qmgrprxy32.exe [x]
R2 SysMain323232323232323232;Superfetch ;c:\programdata\KBDCZ232.exe [x]
R2 TabletInputService32;Tablet PC Input Service ;c:\programdata\winrssrv32.exe [x]
R2 TabletInputService3232;Tablet PC Input Service ;c:\programdata\XAPOFX1_332.exe [x]
R2 TabletInputService323232;Tablet PC Input Service ;c:\programdata\KBDBULG32.exe [x]
R2 TabletInputService32323232;Tablet PC Input Service ;c:\programdata\devobj32.exe [x]
R2 TapiSrv32;Telephony ;c:\programdata\winrssrv32.exe [x]
R2 TBS32;TPM Base Services ;c:\programdata\pdh32.exe [x]
R2 TBS3232;TPM Base Services ;c:\programdata\webio32.exe [x]
R2 TBS323232;TPM Base Services ;c:\programdata\mtxdm32.exe [x]
R2 TBS32323232;TPM Base Services ;c:\programdata\wdscore32.exe [x]
R2 TBS3232323232;TPM Base Services ;c:\programdata\DeviceUxRes32.exe [x]
R2 TermService3232;Remote Desktop Services ;c:\programdata\cabinet32.exe [x]
R2 TermService323232;Remote Desktop Services ;c:\programdata\appidapi32.exe [x]
R2 Themes32;Themes ;c:\programdata\srchadmin32.exe [x]
R2 Themes3232;Themes ;c:\programdata\KBDAL32.exe [x]
R2 Themes323232;Themes ;c:\programdata\werdiagcontroller32.exe [x]
R2 Themes32323232;Themes ;c:\programdata\dhcpcmonitor32.exe [x]
R2 THREADORDER32;Thread Ordering Server ;c:\programdata\oleaut3232.exe [x]
R2 THREADORDER3232;Thread Ordering Server ;c:\programdata\wdscore32.exe [x]
R2 THREADORDER323232;Thread Ordering Server ;c:\programdata\RESAMPLEDMO32.exe [x]
R2 THREADORDER32323232;Thread Ordering Server ;c:\programdata\wwapi32.exe [x]
R2 THREADORDER3232323232;Thread Ordering Server ;c:\programdata\KBDSORST32.exe [x]
R2 THREADORDER323232323232;Thread Ordering Server ;c:\programdata\wiadefui32.exe [x]
R2 THREADORDER32323232323232;Thread Ordering Server ;c:\programdata\snmpapi32.exe [x]
R2 THREADORDER3232323232323232;Thread Ordering Server ;c:\programdata\spwizeng32.exe [x]
R2 THREADORDER323232323232323232;Thread Ordering Server ;c:\programdata\KBDYCC32.exe [x]
R2 TrkWks32;Distributed Link Tracking Client ;c:\programdata\shacct32.exe [x]
R2 TrkWks3232;Distributed Link Tracking Client ;c:\programdata\wship632.exe [x]
R2 TrkWks323232;Distributed Link Tracking Client ;c:\programdata\eapphost32.exe [x]
R2 TrustedInstaller32;Windows Modules Installer ;c:\programdata\KBDSORST32.exe [x]
R2 TrustedInstaller3232;Windows Modules Installer ;c:\programdata\rasadhlp32.exe [x]
R2 TrustedInstaller323232;Windows Modules Installer ;c:\programdata\napipsec32.exe [x]
R2 TrustedInstaller32323232;Windows Modules Installer ;c:\programdata\NlsLexicons000332.exe [x]
R2 TrustedInstaller3232323232;Windows Modules Installer ;c:\programdata\qasf32.exe [x]
R2 TrustedInstaller323232323232;Windows Modules Installer ;c:\programdata\msctfp32.exe [x]
R2 TrustedInstaller32323232323232;Windows Modules Installer ;c:\programdata\Syncreg32.exe [x]
R2 TrustedInstaller3232323232323232;Windows Modules Installer ;c:\programdata\wow3232.exe [x]
R2 TrustedInstaller323232323232323232;Windows Modules Installer ;c:\programdata\racpldlg32.exe [x]
R2 UI0Detect32;Interactive Services Detection ;c:\programdata\mfc42u32.exe [x]
R2 UI0Detect3232;Interactive Services Detection ;c:\programdata\mapi3232.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-14 2656280]
R2 UNS32;Intel® Management and Security Application User Notification Service ;c:\programdata\wscapi32.exe [x]
R2 UNS3232;Intel® Management and Security Application User Notification Service ;c:\programdata\shpafact32.exe [x]
R2 UNS323232;Intel® Management and Security Application User Notification Service ;c:\programdata\aeevts32.exe [x]
R2 UNS32323232;Intel® Management and Security Application User Notification Service ;c:\programdata\wiatrace32.exe [x]
R2 UNS3232323232;Intel® Management and Security Application User Notification Service ;c:\programdata\WsmSvc32.exe [x]
R2 UNS323232323232;Intel® Management and Security Application User Notification Service ;c:\programdata\KBDBU32.exe [x]
R2 UNS32323232323232;Intel® Management and Security Application User Notification Service ;c:\programdata\XAudio2_732.exe [x]
R2 UNS3232323232323232;Intel® Management and Security Application User Notification Service ;c:\programdata\NlsLexicons002432.exe [x]
R2 upnphost32;UPnP Device Host ;c:\programdata\pots32.exe [x]
R2 upnphost3232;UPnP Device Host ;c:\programdata\fdProxy32.exe [x]
R2 upnphost323232;UPnP Device Host ;c:\programdata\msclmd32.exe [x]
R2 upnphost32323232;UPnP Device Host ;c:\programdata\msisip32.exe [x]
R2 upnphost3232323232;UPnP Device Host ;c:\programdata\TSWorkspace32.exe [x]
R2 UxSms32;Desktop Window Manager Session Manager ;c:\programdata\IPHLPAPI32.exe [x]
R2 UxSms3232;Desktop Window Manager Session Manager ;c:\programdata\SessEnv32.exe [x]
R2 UxSms323232;Desktop Window Manager Session Manager ;c:\programdata\dmstyle32.exe [x]
R2 VAIO Event Service32;VAIO Event Service ;c:\programdata\shlwapi32.exe [x]
R2 VAIO Event Service3232;VAIO Event Service ;c:\programdata\whealogr32.exe [x]
R2 VAIO Event Service323232;VAIO Event Service ;c:\programdata\dot3ui32.exe [x]
R2 VAIO Event Service32323232;VAIO Event Service ;c:\programdata\infocardapi32.exe [x]
R2 VAIO Event Service3232323232;VAIO Event Service ;c:\programdata\photowiz32.exe [x]
R2 VAIO Event Service323232323232;VAIO Event Service ;c:\programdata\XInput9_1_032.exe [x]
R2 VaultSvc32;Credential Manager ;c:\programdata\olepro3232.exe [x]
R2 VaultSvc3232;Credential Manager ;c:\programdata\XpsGdiConverter32.exe [x]
R2 VaultSvc323232;Credential Manager ;c:\programdata\WinSATAPI32.exe [x]
R2 VCFw32;VAIO Content Folder Watcher ;c:\programdata\wlanhlp32.exe [x]
R2 VCFw3232;VAIO Content Folder Watcher ;c:\programdata\LAPRXY32.exe [x]
R2 VcmIAlzMgr32;VAIO Content Metadata Intelligent Analyzing Manager ;c:\programdata\ucmhc32.exe [x]
R2 VcmIAlzMgr3232;VAIO Content Metadata Intelligent Analyzing Manager ;c:\programdata\twext32.exe [x]
R2 VcmIAlzMgr323232;VAIO Content Metadata Intelligent Analyzing Manager ;c:\programdata\kbd10332.exe [x]
R2 VcmIAlzMgr32323232;VAIO Content Metadata Intelligent Analyzing Manager ;c:\programdata\crtdll32.exe [x]
R2 VcmINSMgr32;VAIO Content Metadata Intelligent Network Service Manager ;c:\programdata\wshcon32.exe [x]
R2 VcmINSMgr3232;VAIO Content Metadata Intelligent Network Service Manager ;c:\programdata\KBDVNTC32.exe [x]
R2 VcmINSMgr323232;VAIO Content Metadata Intelligent Network Service Manager ;c:\programdata\davclnt32.exe [x]
R2 VcmINSMgr32323232;VAIO Content Metadata Intelligent Network Service Manager ;c:\programdata\KBDSF32.exe [x]
R2 VcmINSMgr3232323232;VAIO Content Metadata Intelligent Network Service Manager ;c:\programdata\BWContextHandler32.exe [x]
R2 VcmXmlIfHelper32;VAIO Content Metadata XML Interface ;c:\programdata\docprop32.exe [x]
R2 VcmXmlIfHelper3232;VAIO Content Metadata XML Interface ;c:\programdata\dmocx32.exe [x]
R2 VcmXmlIfHelper323232;VAIO Content Metadata XML Interface ;c:\programdata\OobeFldr32.exe [x]
R2 VcmXmlIfHelper32323232;VAIO Content Metadata XML Interface ;c:\programdata\mtxdm32.exe [x]
R2 VcmXmlIfHelper3232323232;VAIO Content Metadata XML Interface ;c:\programdata\WMSPDMOE32.exe [x]
R2 VcmXmlIfHelper323232323232;VAIO Content Metadata XML Interface ;c:\programdata\NlsData041632.exe [x]
R2 VcmXmlIfHelper32323232323232;VAIO Content Metadata XML Interface ;c:\programdata\msidcrl3032.exe [x]
R2 VCService32;VCService ;c:\programdata\rasppp32.exe [x]
R2 VCService3232;VCService ;c:\programdata\korwbrkr32.exe [x]
R2 VCService323232;VCService ;c:\programdata\sdohlp32.exe [x]
R2 VCService32323232;VCService ;c:\programdata\MsRdpWebAccess32.exe [x]
R2 vds32;Virtual Disk ;c:\programdata\wmerror32.exe [x]
R2 vds3232;Virtual Disk ;c:\programdata\luainstall32.exe [x]
R2 vds323232;Virtual Disk ;c:\programdata\MsRdpWebAccess32.exe [x]
R2 vds32323232;Virtual Disk ;c:\programdata\NlsData001932.exe [x]
R2 vds3232323232;Virtual Disk ;c:\programdata\msutb32.exe [x]
R2 vds323232323232;Virtual Disk ;c:\programdata\NlsLexicons041432.exe [x]
R2 vds32323232323232;Virtual Disk ;c:\programdata\RpcNs432.exe [x]
R2 vds3232323232323232;Virtual Disk ;c:\programdata\cmlua32.exe [x]
R2 VSNService32;VSNService ;c:\programdata\ieapfltr32.exe [x]
R2 VSNService3232;VSNService ;c:\programdata\DevicePairingFolder32.exe [x]
R2 VSNService323232;VSNService ;c:\programdata\pifmgr32.exe [x]
R2 VSNService32323232;VSNService ;c:\programdata\wiascanprofiles32.exe [x]
R2 VSNService3232323232;VSNService ;c:\programdata\KBDMLT4832.exe [x]
R2 VSNService323232323232;VSNService ;c:\programdata\mfc100ita32.exe [x]
R2 VSNService32323232323232;VSNService ;c:\programdata\mmres32.exe [x]
R2 VSNService3232323232323232;VSNService ;c:\programdata\KBDINBE232.exe [x]
R2 VSS32;Volume Shadow Copy ;c:\programdata\apphelp32.exe [x]
R2 VSS3232;Volume Shadow Copy ;c:\programdata\uxtheme32.exe [x]
R2 VSS323232;Volume Shadow Copy ;c:\programdata\whhelper32.exe [x]
R2 VSS32323232;Volume Shadow Copy ;c:\programdata\inseng32.exe [x]
R2 VSS3232323232;Volume Shadow Copy ;c:\programdata\NlsLexicons002432.exe [x]
R2 VSS323232323232;Volume Shadow Copy ;c:\programdata\loadperf32.exe [x]
R2 VSS32323232323232;Volume Shadow Copy ;c:\programdata\hhsetup32.exe [x]
R2 VUAgent32;VUAgent ;c:\programdata\duser32.exe [x]
R2 VUAgent3232;VUAgent ;c:\programdata\netapi3232.exe [x]
R2 VUAgent323232;VUAgent ;c:\programdata\KBDUZB32.exe [x]
R2 VUAgent32323232;VUAgent ;c:\programdata\wscisvif32.exe [x]
R2 VUAgent3232323232;VUAgent ;c:\programdata\puiobj32.exe [x]
R2 VUAgent323232323232;VUAgent ;c:\programdata\hnetmon32.exe [x]
R2 VUAgent32323232323232;VUAgent ;c:\programdata\xpsservices32.exe [x]
R2 W32Time3232;Windows Time ;c:\programdata\CertEnrollUI32.exe [x]
R2 W32Time323232;Windows Time ;c:\programdata\msfeeds32.exe [x]
R2 W32Time32323232;Windows Time ;c:\programdata\cryptext32.exe [x]
R2 W32Time3232323232;Windows Time ;c:\programdata\msoert232.exe [x]
R2 W32Time323232323232;Windows Time ;c:\programdata\FM20ENU32.exe [x]
R2 W32Time32323232323232;Windows Time ;c:\programdata\msaudite32.exe [x]
R2 W32Time3232323232323232;Windows Time ;c:\programdata\NlsData000032.exe [x]
R2 WatAdminSvc32;Windows Activation Technologies Service ;c:\programdata\authui32.exe [x]
R2 WatAdminSvc3232;Windows Activation Technologies Service ;c:\programdata\esent32.exe [x]
R2 WatAdminSvc323232;Windows Activation Technologies Service ;c:\programdata\ole232.exe [x]
R2 WatAdminSvc32323232;Windows Activation Technologies Service ;c:\programdata\els32.exe [x]
R2 WatAdminSvc3232323232;Windows Activation Technologies Service ;c:\programdata\NlsLexicons001932.exe [x]
R2 wbengine32;Block Level Backup Engine Service ;c:\programdata\upnphost32.exe [x]
R2 wbengine3232;Block Level Backup Engine Service ;c:\programdata\imm3232.exe [x]
R2 wbengine323232;Block Level Backup Engine Service ;c:\programdata\mtxclu32.exe [x]
R2 WbioSrvc32;Windows Biometric Service ;c:\programdata\actxprxy32.exe [x]
R2 WbioSrvc3232;Windows Biometric Service ;c:\programdata\SearchFolder32.exe [x]
R2 WbioSrvc323232;Windows Biometric Service ;c:\programdata\ndiscapCfg32.exe [x]
R2 WbioSrvc32323232;Windows Biometric Service ;c:\programdata\api-ms-win-core-fibers-l1-1-032.exe [x]
R2 WbioSrvc3232323232;Windows Biometric Service ;c:\programdata\crypt3232.exe [x]
R2 WbioSrvc323232323232;Windows Biometric Service ;c:\programdata\api-ms-win-core-fibers-l1-1-032.exe [x]
R2 WbioSrvc32323232323232;Windows Biometric Service ;c:\programdata\XAPOFX1_332.exe [x]
R2 wcncsvc32;Windows Connect Now - Config Registrar ;c:\programdata\wecapi32.exe [x]
R2 wcncsvc3232;Windows Connect Now - Config Registrar ;c:\programdata\dssenh32.exe [x]
R2 wcncsvc323232;Windows Connect Now - Config Registrar ;c:\programdata\sppcext32.exe [x]
R2 WcsPlugInService32;Windows Color System ;c:\programdata\XpsRasterService32.exe [x]
R2 WcsPlugInService3232;Windows Color System ;c:\programdata\mmres32.exe [x]
R2 WdiServiceHost32;Diagnostic Service Host ;c:\programdata\dataclen32.exe [x]
R2 WdiServiceHost3232;Diagnostic Service Host ;c:\programdata\KBDUSR32.exe [x]
R2 WdiServiceHost323232;Diagnostic Service Host ;c:\programdata\TSpkg32.exe [x]
R2 WdiServiceHost32323232;Diagnostic Service Host ;c:\programdata\msorc32r32.exe [x]
R2 WdiServiceHost3232323232;Diagnostic Service Host ;c:\programdata\mfreadwrite32.exe [x]
R2 WdiSystemHost32;Diagnostic System Host ;c:\programdata\KBDHELA232.exe [x]
R2 WdiSystemHost3232;Diagnostic System Host ;c:\programdata\gptext32.exe [x]
R2 WdiSystemHost323232;Diagnostic System Host ;c:\programdata\mscoree32.exe [x]
R2 WdiSystemHost32323232;Diagnostic System Host ;c:\programdata\adsnt32.exe [x]
R2 WebClient32;WebClient ;c:\programdata\rshx3232.exe [x]
R2 WebClient3232;WebClient ;c:\programdata\mfcm10032.exe [x]
R2 WebClient323232;WebClient ;c:\programdata\NlsLexicons000732.exe [x]
R2 WebrootSpySweeperService32;Webroot Spy Sweeper Engine ;c:\programdata\KBDBHC32.exe [x]
R2 WebrootSpySweeperService3232;Webroot Spy Sweeper Engine ;c:\programdata\WindowsCodecs32.exe [x]
R2 WebrootSpySweeperService323232;Webroot Spy Sweeper Engine ;c:\programdata\napdsnap32.exe [x]
R2 WebrootSpySweeperService32323232;Webroot Spy Sweeper Engine ;c:\programdata\KBDAZEL32.exe [x]
R2 WebrootSpySweeperService3232323232;Webroot Spy Sweeper Engine ;c:\programdata\ndproxystub32.exe [x]
R2 WebrootSpySweeperService323232323232;Webroot Spy Sweeper Engine ;c:\programdata\stclient32.exe [x]
R2 WebrootSpySweeperService32323232323232;Webroot Spy Sweeper Engine ;c:\programdata\NlsData041632.exe [x]
R2 WebrootSpySweeperService3232323232323232;Webroot Spy Sweeper Engine ;c:\programdata\KBDDIV132.exe [x]
R2 WebrootSpySweeperService323232323232323232;Webroot Spy Sweeper Engine ;c:\programdata\cryptsp32.exe [x]
R2 Wecsvc32;Windows Event Collector ;c:\programdata\vfwwdm3232.exe [x]
R2 Wecsvc3232;Windows Event Collector ;c:\programdata\KBDTH132.exe [x]
R2 Wecsvc323232;Windows Event Collector ;c:\programdata\ctl3d3232.exe [x]
R2 Wecsvc32323232;Windows Event Collector ;c:\programdata\KernelBase32.exe [x]
R2 Wecsvc3232323232;Windows Event Collector ;c:\programdata\bcryptprimitives32.exe [x]
R2 Wecsvc323232323232;Windows Event Collector ;c:\programdata\LIVESSP32.exe [x]
R2 Wecsvc32323232323232;Windows Event Collector ;c:\programdata\SynTPCOM32.exe [x]
R2 Wecsvc3232323232323232;Windows Event Collector ;c:\programdata\wshcon32.exe [x]
R2 Wecsvc323232323232323232;Windows Event Collector ;c:\programdata\KBDINASA32.exe [x]
R2 wercplsupport32;Problem Reports and Solutions Control Panel Support ;c:\programdata\NlsLexicons002232.exe [x]
R2 wercplsupport3232;Problem Reports and Solutions Control Panel Support ;c:\programdata\msv1_032.exe [x]
R2 wercplsupport323232;Problem Reports and Solutions Control Panel Support ;c:\programdata\oleprn32.exe [x]
R2 wercplsupport32323232;Problem Reports and Solutions Control Panel Support ;c:\programdata\dot3ui32.exe [x]
R2 wercplsupport3232323232;Problem Reports and Solutions Control Panel Support ;c:\programdata\wlanutil32.exe [x]
R2 WerSvc32;Windows Error Reporting Service ;c:\programdata\msrdc32.exe [x]
R2 WerSvc3232;Windows Error Reporting Service ;c:\programdata\urlmon32.exe [x]
R2 WerSvc323232;Windows Error Reporting Service ;c:\programdata\RASMM32.exe [x]
R2 WerSvc32323232;Windows Error Reporting Service ;c:\programdata\msdtcprx32.exe [x]
R2 WiMAXAppSrv32;Intel® PROSet/Wireless WiMAX Service ;c:\programdata\ir50_qcx32.exe [x]
R2 WiMAXAppSrv3232;Intel® PROSet/Wireless WiMAX Service ;c:\programdata\iologmsg32.exe [x]
R2 WiMAXAppSrv323232;Intel® PROSet/Wireless WiMAX Service ;c:\programdata\dbnetlib32.exe [x]
R2 WiMAXAppSrv32323232;Intel® PROSet/Wireless WiMAX Service ;c:\programdata\winbrand32.exe [x]
R2 WiMAXAppSrv3232323232;Intel® PROSet/Wireless WiMAX Service ;c:\programdata\UIRibbonRes32.exe [x]
R2 WiMAXAppSrv323232323232;Intel® PROSet/Wireless WiMAX Service ;c:\programdata\WinSyncMetastore32.exe [x]
R2 WiMAXAppSrv32323232323232;Intel® PROSet/Wireless WiMAX Service ;c:\programdata\comsnap32.exe [x]
R2 WiMAXAppSrv3232323232323232;Intel® PROSet/Wireless WiMAX Service ;c:\programdata\WsmAuto32.exe [x]
R2 WinDefend32;Windows Defender ;c:\programdata\clfsw3232.exe [x]
R2 WinHttpAutoProxySvc32;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\mssph32.exe [x]
R2 WinHttpAutoProxySvc3232;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\wlansec32.exe [x]
R2 WinHttpAutoProxySvc323232;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\KBDSORS132.exe [x]
R2 WinHttpAutoProxySvc32323232;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\wsecedit32.exe [x]
R2 WinHttpAutoProxySvc3232323232;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\NlsLexicons000c32.exe [x]
R2 Winmgmt32;Windows Management Instrumentation ;c:\programdata\NlsLexicons001d32.exe [x]
R2 Winmgmt3232;Windows Management Instrumentation ;c:\programdata\KBDNE32.exe [x]
R2 Winmgmt323232;Windows Management Instrumentation ;c:\programdata\BWUnpairElevated32.exe [x]
R2 Winmgmt32323232;Windows Management Instrumentation ;c:\programdata\pcwum32.exe [x]
R2 WinRM32;Windows Remote Management (WS-Management) ;c:\programdata\framedynos32.exe [x]
R2 WinRM3232;Windows Remote Management (WS-Management) ;c:\programdata\ctl3d3232.exe [x]
R2 WinRM323232;Windows Remote Management (WS-Management) ;c:\programdata\Vault32.exe [x]
R2 WinRM32323232;Windows Remote Management (WS-Management) ;c:\programdata\odbctrac32.exe [x]
R2 WinRM3232323232;Windows Remote Management (WS-Management) ;c:\programdata\KBDFC32.exe [x]
R2 Wlansvc32;WLAN AutoConfig ;c:\programdata\qmgrprxy32.exe [x]
R2 wlcrasvc32;Windows Live Mesh remote connections service ;c:\programdata\ntdsapi32.exe [x]
R2 wlcrasvc3232;Windows Live Mesh remote connections service ;c:\programdata\mprmsg32.exe [x]
R2 wlcrasvc323232;Windows Live Mesh remote connections service ;c:\programdata\mfds32.exe [x]
R2 wlidsvc32;Windows Live ID Sign-in Assistant ;c:\programdata\sqlcese3032.exe [x]
R2 wlidsvc3232;Windows Live ID Sign-in Assistant ;c:\programdata\msvcrt4032.exe [x]
R2 wlidsvc323232;Windows Live ID Sign-in Assistant ;c:\programdata\msvcrt4032.exe [x]
R2 wlidsvc32323232;Windows Live ID Sign-in Assistant ;c:\programdata\NlsLexicons041632.exe [x]
R2 wlidsvc3232323232;Windows Live ID Sign-in Assistant ;c:\programdata\NlsLexicons002032.exe [x]
R2 wmiApSrv3232;WMI Performance Adapter ;c:\programdata\NlsLexicons001d32.exe [x]
R2 wmiApSrv323232;WMI Performance Adapter ;c:\programdata\RASMM32.exe [x]
R2 wmiApSrv32323232;WMI Performance Adapter ;c:\programdata\secproc32.exe [x]
R2 wmiApSrv3232323232;WMI Performance Adapter ;c:\programdata\bcryptprimitives32.exe [x]
R2 wmiApSrv323232323232;WMI Performance Adapter ;c:\programdata\msclmd32.exe [x]
R2 wmiApSrv32323232323232;WMI Performance Adapter ;c:\programdata\msctf32.exe [x]
R2 WMPNetworkSvc32;Windows Media Player Network Sharing Service ;c:\programdata\dot3msm32.exe [x]
R2 WMPNetworkSvc3232;Windows Media Player Network Sharing Service ;c:\programdata\KBDINTAM32.exe [x]
R2 WPCSvc32;Parental Controls ;c:\programdata\xmllite32.exe [x]
R2 WPCSvc3232;Parental Controls ;c:\programdata\PortableDeviceWiaCompat32.exe [x]
R2 WPCSvc323232;Parental Controls ;c:\programdata\msvcr100_clr040032.exe [x]
R2 WPCSvc32323232;Parental Controls ;c:\programdata\dssenh32.exe [x]
R2 WPCSvc3232323232;Parental Controls ;c:\programdata\oleaut3232.exe [x]
R2 WPCSvc323232323232;Parental Controls ;c:\programdata\winbio32.exe [x]
R2 WPDBusEnum32;Portable Device Enumerator Service ;c:\programdata\ig4icd3232.exe [x]
R2 WPDBusEnum3232;Portable Device Enumerator Service ;c:\programdata\KBDBENE32.exe [x]
R2 WPDBusEnum323232;Portable Device Enumerator Service ;c:\programdata\NlsData001332.exe [x]
R2 WRConsumerService32;Webroot Client Service ;c:\programdata\rastapi32.exe [x]
R2 WRConsumerService3232;Webroot Client Service ;c:\programdata\NlsData041432.exe [x]
R2 WRConsumerService323232;Webroot Client Service ;c:\programdata\sdiagprv32.exe [x]
R2 WRConsumerService32323232;Webroot Client Service ;c:\programdata\qwave32.exe [x]
R2 WRConsumerService3232323232;Webroot Client Service ;c:\programdata\tzres32.exe [x]
R2 wscsvc32;Security Center ;c:\programdata\wlaninst32.exe [x]
R2 wscsvc3232;Security Center ;c:\programdata\rasadhlp32.exe [x]
R2 wscsvc323232;Security Center ;c:\programdata\WinSCard32.exe [x]
R2 wscsvc32323232;Security Center ;c:\programdata\adsldpc32.exe [x]
R2 wscsvc3232323232;Security Center ;c:\programdata\msshavmsg32.exe [x]
R2 wscsvc323232323232;Security Center ;c:\programdata\api-ms-win-core-namedpipe-l1-1-032.exe [x]
R2 WSearch32;Windows Search ;c:\programdata\msimtf32.exe [x]
R2 WSearch3232;Windows Search ;c:\programdata\KBDIR32.exe [x]
R2 wuauserv3232;Windows Update ;c:\programdata\compstui32.exe [x]
R2 wuauserv323232;Windows Update ;c:\programdata\vdmdbg32.exe [x]
R2 wuauserv32323232;Windows Update ;c:\programdata\networkmap32.exe [x]
R2 wuauserv3232323232;Windows Update ;c:\programdata\ocsetapi32.exe [x]
R2 wuauserv323232323232;Windows Update ;c:\programdata\winusb32.exe [x]
R2 wudfsvc32;Windows Driver Foundation - User-mode Driver Framework ;c:\programdata\devenum32.exe [x]
R2 wudfsvc3232;Windows Driver Foundation - User-mode Driver Framework ;c:\programdata\XpsRasterService32.exe [x]
R2 wudfsvc323232;Windows Driver Foundation - User-mode Driver Framework ;c:\programdata\rtutils32.exe [x]
R2 wudfsvc32323232;Windows Driver Foundation - User-mode Driver Framework ;c:\programdata\IDStore32.exe [x]
R2 wudfsvc3232323232;Windows Driver Foundation - User-mode Driver Framework ;c:\programdata\api-ms-win-core-rtlsupport-l1-1-032.exe [x]
R2 wudfsvc323232323232;Windows Driver Foundation - User-mode Driver Framework ;c:\programdata\vdsbas32.exe [x]
R2 wudfsvc32323232323232;Windows Driver Foundation - User-mode Driver Framework ;c:\programdata\kbd101c32.exe [x]
R2 wudfsvc3232323232323232;Windows Driver Foundation - User-mode Driver Framework ;c:\programdata\provthrd32.exe [x]
R2 WwanSvc32;WWAN AutoConfig ;c:\programdata\umdmxfrm32.exe [x]
R2 WwanSvc3232;WWAN AutoConfig ;c:\programdata\ndfetw32.exe [x]
R2 WwanSvc323232;WWAN AutoConfig ;c:\programdata\NlsData000a32.exe [x]
R2 WwanSvc32323232;WWAN AutoConfig ;c:\programdata\d3d10_132.exe [x]
R2 WwanSvc3232323232;WWAN AutoConfig ;c:\programdata\deployJava132.exe [x]
R2 WwanSvc323232323232;WWAN AutoConfig ;c:\programdata\KBDINTEL32.exe [x]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-02-19 546608]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2011-03-30 1021112]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-02 1255736]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-02-28 852160]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-02-17 75264]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-02-17 174080]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-02-17 81920]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-02-11 76912]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-03-28 333928]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-04-26 12032]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 00:23]
.
2013-05-25 c:\windows\Tasks\zikwnbic.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-16 22:39 244696 ----a-w- c:\users\________\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-16 22:39 244696 ----a-w- c:\users\________\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-16 22:39 244696 ----a-w- c:\users\________\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-03-09 518784]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCUDelayStartup.exe" [2011-03-02 718336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 167744]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 392512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 417088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{5EECAD8D-E2C3-4F9C-91E3-7490C63E1274}: NameServer = 0.0.0.0
FF - ProfilePath - c:\users\________\AppData\Roaming\Mozilla\Firefox\Profiles\iyu5p2yk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-79054404.sys
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-947907804-1673121893-2589414172-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-947907804-1673121893-2589414172-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Optimum\DigiDo\AffinegyService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files\Sony\VAIO Care\listener.exe
c:\program files (x86)\DDNi\Oasis\VAIO Messenger.exe
.
**************************************************************************
.
Completion time: 2013-05-25 15:11:58 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-25 19:11
ComboFix2.txt 2013-05-25 00:53
ComboFix3.txt 2013-05-24 11:43
ComboFix4.txt 2013-03-28 00:57
ComboFix5.txt 2013-05-25 18:58
.
Pre-Run: 579,613,192,192 bytes free
Post-Run: 579,538,276,352 bytes free
.
- - End Of File - - AF6F039A30BD9089A98C5291585A435E
  • 0

#6
gringo_pr
Posted 25 May 2013 - 02:27 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello jamie829

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================

and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+

send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
  • 0

#7
jamie829
Posted 25 May 2013 - 03:16 PM

jamie829

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : ________ [Admin rights]
Mode : Remove -- Date : 05/25/2013 17:08:33
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 17 ¤¤¤
[Services][BLACKLIST] HKLM\[...]\ControlSet001\Services\aspnet_state32 (C:\ProgramData\d3d10_132.exe) [x] -> DELETED
[Services][BLACKLIST] HKLM\[...]\ControlSet001\Services\eventlog32323232 (C:\ProgramData\d3dx9_3232.exe) [x] -> DELETED
[Services][BLACKLIST] HKLM\[...]\ControlSet001\Services\LanmanServer3232323232323232 (C:\ProgramData\d3d10_132.exe) [x] -> DELETED
[Services][BLACKLIST] HKLM\[...]\ControlSet001\Services\p2psvc3232 (C:\ProgramData\D3DX9_4232.exe) [x] -> DELETED
[Services][BLACKLIST] HKLM\[...]\ControlSet001\Services\Schedule3232323232 (C:\ProgramData\d3dx9_3232.exe) [x] -> DELETED
[Services][BLACKLIST] HKLM\[...]\ControlSet001\Services\WwanSvc32323232 (C:\ProgramData\d3d10_132.exe) [x] -> DELETED
[Services][BLACKLIST] HKLM\[...]\ControlSet002\Services\aspnet_state32 (C:\ProgramData\d3d10_132.exe) [x] -> DELETED
[Services][BLACKLIST] HKLM\[...]\ControlSet002\Services\eventlog32323232 (C:\ProgramData\d3dx9_3232.exe) [x] -> DELETED
[Services][BLACKLIST] HKLM\[...]\ControlSet002\Services\LanmanServer3232323232323232 (C:\ProgramData\d3d10_132.exe) [x] -> DELETED
[Services][BLACKLIST] HKLM\[...]\ControlSet002\Services\p2psvc3232 (C:\ProgramData\D3DX9_4232.exe) [x] -> DELETED
[Services][BLACKLIST] HKLM\[...]\ControlSet002\Services\Schedule3232323232 (C:\ProgramData\d3dx9_3232.exe) [x] -> DELETED
[Services][BLACKLIST] HKLM\[...]\ControlSet002\Services\WwanSvc32323232 (C:\ProgramData\d3d10_132.exe) [x] -> DELETED
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{5EECAD8D-E2C3-4F9C-91E3-7490C63E1274} : NameServer (0.0.0.0) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{5EECAD8D-E2C3-4F9C-91E3-7490C63E1274} : NameServer (0.0.0.0) -> NOT REMOVED, USE DNSFIX
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM641JI +++++
--- User ---
[MBR] 630b42c710546a7e77b5b2dba55c2aa4
[BSP] 30e1a918cf70d0ab87572cf8770a8fb9 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10930 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 22386688 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 22591488 | Size: 599448 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_05252013_02d1708.txt >>
RKreport[1]_S_05252013_02d1707.txt ; RKreport[2]_D_05252013_02d1708.txt
Attached File  TDSSKiller.2.8.16.0_25.05.2013_16.57.58_log.txt   1.87MB   83 downloads



Still redirecting unfortunately

Edited by jamie829, 25 May 2013 - 03:17 PM.

  • 0

#8
gringo_pr
Posted 25 May 2013 - 04:50 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
in which browser does it happen in


gringo
  • 0

#9
jamie829
Posted 25 May 2013 - 06:32 PM

jamie829

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
firefox
  • 0

#10
gringo_pr
Posted 25 May 2013 - 07:34 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello jamie829

I want you to reset firefox back to defaults, this will remove everything from Firefox

I will let you keep your bookmarks so to do that you can go here - Export BookMarks

Now to reset firefox do the following.

  • At the top of the Firefox window, click the "Firefox" button,
  • go over to the "Help" sub-menu
    • (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".
  • Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
  • click "Reset Firefox" in the confirmation window that opens.
  • Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.

restart the computer and check firefox for me now

Gringo
  • 0

Advertisements

#11
jamie829
Posted 25 May 2013 - 09:37 PM

jamie829

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
still having the redirects
  • 0

#12
gringo_pr
Posted 25 May 2013 - 10:31 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello jamie829

I would like you to rerun OTL for me and send me the fresh scan for me.

Run New OTL Scan


  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
  • 0

#13
jamie829
Posted 26 May 2013 - 09:35 PM

jamie829

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
hi Gringo, still having problems, here's the latest scan
OTL logfile created on: 5/26/2013 11:29:05 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\___\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 47.07% Memory free
7.90 Gb Paging File | 5.26 Gb Available in Paging File | 66.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.40 Gb Total Space | 539.72 Gb Free Space | 92.20% Space Free | Partition Type: NTFS

Computer Name: ___-VAIO | User Name: ___ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\___\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe (Digital Delivery Networks, Inc.)
PRC - C:\Program Files (x86)\Optimum\DigiDo\TrayApp.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Optimum\DigiDo\AffinegyService.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Sony\VAIO Care\listener.exe (Sony of America Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\7a0945794677c70d5ec25b00493ece3f\System.Data.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\990123c5701a26f1d724150839811bce\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\23673bbebe3c0ca7c894e614bb3ffd1a\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7badd9a67b9f34f7222697c220dfa88b\System.DirectoryServices.AccountManagement.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\4e9a3b9427dae6b94cb5ae1d134282ac\System.AddIn.Contract.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\1149dca3c109f46c30cf25cb34873dd4\System.AddIn.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bd5f32f9081b6307cadda7422145553e\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\abf5f0f6b5d995fb86b0529ac85e14ed\System.DirectoryServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll ()
MOD - C:\Program Files (x86)\Optimum\DigiDo\AffinegyServicePS.dll ()
MOD - C:\Program Files (x86)\Optimum\DigiDo\gateways\NetgearWNDR3400LOC.dll ()
MOD - C:\Program Files (x86)\Optimum\DigiDo\gateways\NetgearWNR3500LOC.dll ()
MOD - C:\Program Files (x86)\Optimum\DigiDo\DigiDoFlavor.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Optimum\DigiDo\imageformats\qjpeg4.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\Optimum\DigiDo\QtGui4.dll ()
MOD - C:\Program Files (x86)\Optimum\DigiDo\QtXml4.dll ()
MOD - C:\Program Files (x86)\Optimum\DigiDo\QtCore4.dll ()
MOD - C:\Program Files (x86)\Optimum\DigiDo\QtNetwork4.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation)
SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV:64bit: - (VCService) -- C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
SRV:64bit: - (SpfService) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AffinegyService) -- C:\Program Files (x86)\Optimum\DigiDo\AffinegyService.exe (Affinegy, Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (bpmp) -- C:\Windows\SysNative\drivers\bpmp.sys (Intel Corporation)
DRV:64bit: - (bpusb) -- C:\Windows\SysNative\drivers\bpusb.sys (Intel Corporation)
DRV:64bit: - (bpenum) -- C:\Windows\SysNative\drivers\bpenum.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = BA 95 B0 13 B9 72 F6 48 AC 42 B8 7F 0B B6 AF 49 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = BA 95 B0 13 B9 72 F6 48 AC 42 B8 7F 0B B6 AF 49 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = BA 95 B0 13 B9 72 F6 48 AC 42 B8 7F 0B B6 AF 49 [binary data]
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = BA 95 B0 13 B9 72 F6 48 AC 42 B8 7F 0B B6 AF 49 [binary data]
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-947907804-1673121893-2589414172-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-947907804-1673121893-2589414172-1001\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = BA 95 B0 13 B9 72 F6 48 AC 42 B8 7F 0B B6 AF 49 [binary data]
IE - HKU\S-1-5-21-947907804-1673121893-2589414172-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-947907804-1673121893-2589414172-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-947907804-1673121893-2589414172-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/22 21:18:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/22 21:18:34 | 000,000,000 | ---D | M]

[2011/09/18 16:33:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\___\AppData\Roaming\Mozilla\Extensions
[2011/09/18 16:33:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\___\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/05/22 21:18:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/22 21:18:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/05/25 15:08:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-947907804-1673121893-2589414172-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCUDelayStartup.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DigiDo] C:\Program Files (x86)\Optimum\DigiDo\TrayApp.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-947907804-1673121893-2589414172-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-947907804-1673121893-2589414172-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EECAD8D-E2C3-4F9C-91E3-7490C63E1274}: NameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86C4D35A-D780-473D-ADA1-68017ABABF54}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/25 23:27:09 | 000,000,000 | ---D | C] -- C:\Users\___\Desktop\Old Firefox Data-1
[2013/05/25 23:21:14 | 000,000,000 | ---D | C] -- C:\Users\___\Desktop\Old Firefox Data
[2013/05/25 17:06:07 | 000,000,000 | ---D | C] -- C:\Users\___\Desktop\RK_Quarantine
[2013/05/25 16:54:08 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\___\Desktop\tdsskiller.exe
[2013/05/25 15:12:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/05/25 15:08:14 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/05/25 14:57:48 | 005,071,432 | R--- | C] (Swearware) -- C:\Users\___\Desktop\ComboFix.exe
[2013/05/25 10:16:33 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/05/25 10:16:26 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/25 10:09:44 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\___\Desktop\JRT.exe
[2013/05/24 22:07:29 | 000,000,000 | ---D | C] -- C:\Users\___\Desktop\GooredFix Backups
[2013/05/24 22:03:34 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/05/24 22:01:59 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\___\Desktop\OTM.exe
[2013/05/24 21:39:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\___\Desktop\OTL.exe
[2013/05/24 21:21:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/05/22 21:18:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/15 05:38:44 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/15 05:38:44 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/15 05:38:43 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/05/15 05:38:42 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/15 05:38:42 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/05/15 05:38:42 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/15 05:38:42 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/05/15 05:38:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/15 05:38:42 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/05/15 05:38:42 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/15 05:38:42 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/05/15 05:38:42 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/15 05:38:40 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/15 05:38:40 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/15 05:38:39 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/14 16:36:26 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/05/14 16:36:26 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/05/14 16:36:15 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/05/14 16:36:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/05/14 16:36:13 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/05/14 16:36:13 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/05/14 16:36:06 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013/05/11 17:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimum
[2013/05/07 21:30:28 | 000,000,000 | ---D | C] -- C:\Users\___\Documents\CEQ 515

========== Files - Modified Within 30 Days ==========

[2013/05/26 23:28:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/26 23:28:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/25 23:36:01 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/25 23:36:01 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/25 23:33:39 | 000,780,156 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/25 23:33:39 | 000,660,982 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/25 23:33:39 | 000,121,620 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/25 23:28:33 | 000,379,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/25 23:28:25 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\zikwnbic.job
[2013/05/25 23:27:56 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/25 23:20:04 | 000,063,919 | ---- | M] () -- C:\Users\___\Desktop\bookmarks.html
[2013/05/25 17:05:29 | 000,816,128 | ---- | M] () -- C:\Users\___\Desktop\RogueKiller.exe
[2013/05/25 16:54:09 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\___\Desktop\tdsskiller.exe
[2013/05/25 15:08:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/05/25 14:57:49 | 005,071,432 | R--- | M] (Swearware) -- C:\Users\___\Desktop\ComboFix.exe
[2013/05/25 10:10:11 | 000,632,031 | ---- | M] () -- C:\Users\___\Desktop\AdwCleaner.exe
[2013/05/25 10:09:44 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\___\Desktop\JRT.exe
[2013/05/24 22:08:54 | 002,218,636 | ---- | M] () -- C:\Users\___\Desktop\tdsskiller.zip
[2013/05/24 22:02:28 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\___\Desktop\OTM.exe
[2013/05/24 21:39:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\___\Desktop\OTL.exe
[2013/05/24 21:02:10 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/23 18:37:04 | 000,212,992 | RHS- | M] () -- C:\Windows\SysWow64\pt-PTD.dll
[2013/05/14 20:23:12 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/14 20:23:12 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/11 17:18:27 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\DigiDo.lnk
[2013/05/07 17:54:21 | 000,000,864 | ---- | M] () -- C:\Users\___\.powerschool_gradebook.properties
[2013/04/29 23:02:45 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013/04/28 07:26:58 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2013/05/25 23:27:59 | 000,379,216 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/25 23:20:04 | 000,063,919 | ---- | C] () -- C:\Users\___\Desktop\bookmarks.html
[2013/05/25 17:05:28 | 000,816,128 | ---- | C] () -- C:\Users\___\Desktop\RogueKiller.exe
[2013/05/25 10:10:11 | 000,632,031 | ---- | C] () -- C:\Users\___\Desktop\AdwCleaner.exe
[2013/05/24 22:08:51 | 002,218,636 | ---- | C] () -- C:\Users\___\Desktop\tdsskiller.zip
[2013/05/23 18:37:04 | 000,212,992 | RHS- | C] () -- C:\Windows\SysWow64\pt-PTD.dll
[2013/05/23 18:37:04 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\zikwnbic.job
[2013/03/27 20:48:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/27 20:48:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/27 20:48:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/27 20:48:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/27 20:48:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/09 16:21:22 | 000,963,884 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/08/09 16:21:16 | 000,221,264 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/08/09 16:21:10 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/08/09 16:21:04 | 013,913,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/05/05 20:17:15 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012/01/24 22:05:37 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/01/24 22:05:37 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2040.DAT
[2012/01/02 21:41:42 | 000,008,652 | -HS- | C] () -- C:\Users\___\AppData\Local\mqp87jk86dn8ghuowkuc508728v7etd444p63iucxp7
[2012/01/02 21:41:42 | 000,008,652 | -HS- | C] () -- C:\ProgramData\mqp87jk86dn8ghuowkuc508728v7etd444p63iucxp7
[2011/07/02 10:02:04 | 000,000,864 | ---- | C] () -- C:\Users\___\.powerschool_gradebook.properties
[2011/07/02 09:47:13 | 000,000,012 | ---- | C] () -- C:\Users\___\.gradebook_userdict.tlx
[2011/06/01 17:19:27 | 000,000,226 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  • 0

#14
gringo_pr
Posted 27 May 2013 - 01:25 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello jamie829

I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image text box.
    :OTL
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-947907804-1673121893-2589414172-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
:Files
ipconfig /flushdns /c
C:\Windows\tasks\zikwnbic.job 
:Commands
[PURITY]
[emptyjava]
[EMPTYFLASH]
[reboot]
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

    Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFiles

    It will be named - mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.

Let me know How things are doing

Gringo
  • 0

#15
jamie829
Posted 28 May 2013 - 05:21 AM

jamie829

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-947907804-1673121893-2589414172-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\___\Desktop\cmd.bat deleted successfully.
C:\Users\___\Desktop\cmd.txt deleted successfully.
C:\Windows\tasks\zikwnbic.job moved successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: ___
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: ___
->Flash cache emptied: 492 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05282013_070630


Still being redirected
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP