gringo
search redirects [Solved]
Started by
jamie829
, May 24 2013 07:49 PM
#16
Posted 28 May 2013 - 11:55 AM
gringo
#17
Posted 28 May 2013 - 08:53 PM
I typically only use firefox so that is where it is occurring. I actually used IE for a bit tonight and got redirected there as well.
Edited by jamie829, 28 May 2013 - 08:59 PM.
#18
Posted 28 May 2013 - 10:15 PM
Hello jamie829
At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.
:Run CFScript:
Please start by opening Notepad and copy/paste the text in the box into the window:
Save it to your desktop as CFScript.txt
Referring to the picture above, drag CFScript.txt into ComboFix.exe
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer
"information and logs"
Gringo
At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.
:Run CFScript:
Please start by opening Notepad and copy/paste the text in the box into the window:
ClearJavaCache:: Driver:: SampleCollector ACDaemon32 ACDaemon3232 ACDaemon323232 ACDaemon32323232 AeLookupSvc32 AeLookupSvc3232 AeLookupSvc323232 AeLookupSvc32323232 ALG3232 ALG323232 AppIDSvc32 AppIDSvc3232 AppIDSvc323232 Appinfo32 Appinfo3232 aspnet_state32 aspnet_state3232 aspnet_state323232 aspnet_state32323232 aspnet_state3232323232 aspnet_state323232323232 aspnet_state32323232323232 AudioEndpointBuilder32 AudioEndpointBuilder3232 AudioEndpointBuilder323232 AudioEndpointBuilder32323232 AudioEndpointBuilder3232323232 AudioEndpointBuilder323232323232 AudioEndpointBuilder32323232323232 AudioEndpointBuilder3232323232323232 AudioEndpointBuilder323232323232323232 AudioSrv32 AudioSrv3232 AudioSrv323232 AxInstSV32 AxInstSV3232 AxInstSV323232 BDESVC32 BDESVC3232 BDESVC323232 BDESVC32323232 BDESVC3232323232 BDESVC323232323232 BDESVC32323232323232 BFE32 BFE3232 BITS3232 BITS323232 BITS32323232 BITS3232323232 BITS323232323232 BITS32323232323232 Browser32 Browser3232 Browser323232 Browser32323232 Browser3232323232 Browser323232323232 Browser32323232323232 Browser3232323232323232 Browser323232323232323232 Browser32323232323232323232 bthserv32 bthserv3232 bthserv323232 bthserv32323232 CertPropSvc32 CertPropSvc3232 CertPropSvc323232 clr_optimization_v2.0.50727_323232 clr_optimization_v2.0.50727_32323232 clr_optimization_v2.0.50727_3232323232 clr_optimization_v2.0.50727_323232323232 clr_optimization_v2.0.50727_32323232323232 clr_optimization_v2.0.50727_6432 clr_optimization_v2.0.50727_643232 clr_optimization_v2.0.50727_64323232 clr_optimization_v2.0.50727_6432323232 clr_optimization_v2.0.50727_643232323232 clr_optimization_v2.0.50727_64323232323232 clr_optimization_v4.0.30319_3232 clr_optimization_v4.0.30319_323232 clr_optimization_v4.0.30319_32323232 clr_optimization_v4.0.30319_3232323232 clr_optimization_v4.0.30319_323232323232 clr_optimization_v4.0.30319_32323232323232 clr_optimization_v4.0.30319_3232323232323232 clr_optimization_v4.0.30319_6432 clr_optimization_v4.0.30319_643232 clr_optimization_v4.0.30319_64323232 clr_optimization_v4.0.30319_6432323232 clr_optimization_v4.0.30319_643232323232 clr_optimization_v4.0.30319_64323232323232 clr_optimization_v4.0.30319_6432323232323232 clr_optimization_v4.0.30319_643232323232323232 clr_optimization_v4.0.30319_64323232323232323232 COMSysApp3232 COMSysApp323232 COMSysApp32323232 COMSysApp3232323232 COMSysApp323232323232 CryptSvc32 CryptSvc3232 CryptSvc323232 CryptSvc32323232 CryptSvc3232323232 CryptSvc323232323232 CryptSvc32323232323232 cvhsvc32 cvhsvc3232 cvhsvc323232 cvhsvc32323232 cvhsvc3232323232 cvhsvc323232323232 cvhsvc32323232323232 DcomLaunch32 DcomLaunch3232 DcomLaunch323232 DcomLaunch32323232 DcomLaunch3232323232 DcomLaunch323232323232 DcomLaunch32323232323232 defragsvc32 defragsvc3232 defragsvc323232 defragsvc32323232 Dhcp3232 Dhcp323232 Dhcp32323232 DMAgent32 DMAgent3232 DMAgent323232 DMAgent32323232 Dnscache3232 Dnscache323232 DPS32 EapHost32 EapHost3232 EapHost323232 EapHost32323232 EapHost3232323232 EapHost323232323232 EapHost32323232323232 EFS32 EFS3232 EFS323232 EFS32323232 EFS3232323232 ehRecvr32 ehRecvr3232 ehRecvr323232 ehRecvr32323232 ehSched32 ehSched3232 ehSched323232 ehSched32323232 eventlog32 eventlog3232 eventlog323232 eventlog32323232 eventlog3232323232 eventlog323232323232 eventlog32323232323232 eventlog3232323232323232 eventlog323232323232323232 eventlog32323232323232323232 eventlog3232323232323232323232 EventSystem32 EventSystem3232 EventSystem323232 EventSystem32323232 EventSystem3232323232 EvtEng32 EvtEng3232 EvtEng323232 EvtEng32323232 EvtEng3232323232 Fax32 Fax3232 Fax323232 Fax32323232 Fax3232323232 Fax323232323232 Fax32323232323232 Fax3232323232323232 Fax323232323232323232 fdPHost32 fdPHost3232 fdPHost323232 fdPHost32323232 fdPHost3232323232 fdPHost323232323232 FDResPub32 FontCache3.0.0.032 FontCache3.0.0.03232 FontCache3.0.0.0323232 FontCache3.0.0.032323232 FontCache3.0.0.03232323232 FontCache3.0.0.0323232323232 FontCache3.0.0.032323232323232 FontCache3.0.0.03232323232323232 FontCache3.0.0.0323232323232323232 FontCache32 FontCache3232 FontCache323232 FontCache32323232 FontCache3232323232 FontCache323232323232 FontCache32323232323232 gpsvc32 gpsvc3232 gpsvc323232 gpsvc32323232 hidserv32 hidserv3232 hidserv323232 hidserv32323232 hkmsvc32 hkmsvc3232 hkmsvc323232 hkmsvc32323232 hkmsvc3232323232 hkmsvc323232323232 hkmsvc32323232323232 HomeGroupListener32 HomeGroupListener3232 HomeGroupListener323232 HomeGroupListener32323232 HomeGroupProvider32 HomeGroupProvider3232 HomeGroupProvider323232 HomeGroupProvider32323232 HomeGroupProvider3232323232 HomeGroupProvider323232323232 HomeGroupProvider32323232323232 IAStorDataMgrSvc32 IAStorDataMgrSvc3232 IAStorDataMgrSvc323232 IAStorDataMgrSvc32323232 IAStorDataMgrSvc3232323232 IAStorDataMgrSvc323232323232 IconMan_R32 IconMan_R3232 IconMan_R323232 IconMan_R32323232 IconMan_R3232323232 IconMan_R323232323232 idsvc32 idsvc3232 idsvc323232 idsvc32323232 idsvc3232323232 idsvc323232323232 IKEEXT32 IKEEXT3232 IKEEXT323232 IPBusEnum32 IPBusEnum3232 IPBusEnum323232 IPBusEnum32323232 IPBusEnum3232323232 IPBusEnum323232323232 iphlpsvc32 iphlpsvc3232 iphlpsvc323232 iphlpsvc32323232 iphlpsvc3232323232 IviRegMgr32 IviRegMgr3232 IviRegMgr323232 IviRegMgr32323232 IviRegMgr3232323232 IviRegMgr323232323232 IviRegMgr32323232323232 IviRegMgr3232323232323232 KeyIso32 KtmRm32 KtmRm3232 LanmanServer32 LanmanServer3232 LanmanServer323232 LanmanServer32323232 LanmanServer3232323232 LanmanServer323232323232 LanmanServer32323232323232 LanmanServer3232323232323232 LanmanWorkstation3232 LanmanWorkstation323232 LanmanWorkstation32323232 LanmanWorkstation3232323232 LanmanWorkstation323232323232 LanmanWorkstation32323232323232 LanmanWorkstation3232323232323232 LanmanWorkstation323232323232323232 LanmanWorkstation32323232323232323232 LanmanWorkstation3232323232323232323232 LanmanWorkstation323232323232323232323232 LanmanWorkstation32323232323232323232323232 LanmanWorkstation3232323232323232323232323232 LanmanWorkstation323232323232323232323232323232 lltdsvc32 lltdsvc3232 lmhosts3232 lmhosts323232 lmhosts32323232 lmhosts3232323232 lmhosts323232323232 LMS32 Mcx2Svc32 Mcx2Svc3232 Mcx2Svc323232 Mcx2Svc32323232 Mcx2Svc3232323232 Mcx2Svc323232323232 MMCSS32 MMCSS3232 MMCSS323232 MMCSS32323232 MpsSvc32 MpsSvc3232 MpsSvc323232 MpsSvc32323232 MpsSvc3232323232 MpsSvc323232323232 MpsSvc32323232323232 MSDTC32 MSDTC3232 MSDTC323232 MSDTC32323232 MSDTC3232323232 MSDTC323232323232 MSDTC32323232323232 MSiSCSI32 MSiSCSI3232 MSiSCSI323232 MSiSCSI32323232 msiserver32 msiserver3232 msiserver323232 msiserver32323232 msiserver3232323232 msiserver323232323232 msiserver32323232323232 msiserver3232323232323232 msiserver323232323232323232 MyWiFiDHCPDNS32 MyWiFiDHCPDNS3232 MyWiFiDHCPDNS323232 MyWiFiDHCPDNS32323232 MyWiFiDHCPDNS3232323232 MyWiFiDHCPDNS323232323232 MyWiFiDHCPDNS32323232323232 napagent32 napagent3232 napagent323232 napagent32323232 Netlogon32 Netlogon3232 Netlogon323232 Netlogon32323232 Netlogon3232323232 Netlogon323232323232 Netlogon32323232323232 Netlogon3232323232323232 Netlogon323232323232323232 Netman3232 Netman323232 Netman32323232 NetMsmqActivator32 NetMsmqActivator3232 NetMsmqActivator323232 NetMsmqActivator32323232 NetMsmqActivator3232323232 NetMsmqActivator323232323232 NetPipeActivator32 NetPipeActivator3232 NetPipeActivator323232 NetPipeActivator32323232 NetPipeActivator3232323232 netprofm32 netprofm3232 netprofm323232 netprofm32323232 netprofm3232323232 netprofm323232323232 netprofm32323232323232 netprofm3232323232323232 NetTcpActivator32 NetTcpActivator3232 NetTcpActivator323232 NetTcpPortSharing32 NetTcpPortSharing3232 NetTcpPortSharing323232 NlaSvc32 NlaSvc3232 NlaSvc323232 NlaSvc32323232 NlaSvc3232323232 NlaSvc323232323232 NlaSvc32323232323232 NlaSvc3232323232323232 NlaSvc323232323232323232 nsi32 nsi3232 nsi323232 nsi32323232 nsi3232323232 nsi323232323232 nsi32323232323232 nsi3232323232323232 Oasis2Service32 Oasis2Service3232 Oasis2Service323232 Oasis2Service32323232 Oasis2Service3232323232 Oasis2Service323232323232 Oasis2Service32323232323232 ose32 ose3232 ose323232 ose32323232 ose3232323232 osppsvc32 osppsvc3232 osppsvc323232 osppsvc32323232 osppsvc3232323232 osppsvc323232323232 osppsvc32323232323232 osppsvc3232323232323232 p2pimsvc32 p2pimsvc3232 p2pimsvc323232 p2pimsvc32323232 p2pimsvc3232323232 p2pimsvc323232323232 p2pimsvc32323232323232 p2psvc32 p2psvc3232 p2psvc323232 p2psvc32323232 p2psvc3232323232 p2psvc323232323232 PcaSvc32 PcaSvc3232 PcaSvc323232 PcaSvc32323232 PerfHost32 PerfHost3232 PerfHost323232 PerfHost32323232 PerfHost3232323232 PerfHost323232323232 PerfHost32323232323232 PerfHost3232323232323232 PerfHost323232323232323232 PerfHost32323232323232323232 pla32 pla3232 pla323232 pla32323232 pla3232323232 PlugPlay32 PlugPlay3232 PlugPlay323232 PlugPlay32323232 PlugPlay3232323232 PlugPlay323232323232 PMBDeviceInfoProvider32 PMBDeviceInfoProvider3232 PMBDeviceInfoProvider323232 PMBDeviceInfoProvider32323232 PMBDeviceInfoProvider3232323232 PMBDeviceInfoProvider323232323232 PMBDeviceInfoProvider32323232323232 PMBDeviceInfoProvider3232323232323232 PMBDeviceInfoProvider323232323232323232 PNRPAutoReg32 PNRPAutoReg3232 PNRPAutoReg323232 PNRPAutoReg32323232 PNRPAutoReg3232323232 PNRPAutoReg323232323232 PNRPAutoReg32323232323232 PNRPsvc32 PNRPsvc3232 PNRPsvc323232 PolicyAgent3232 PolicyAgent323232 PolicyAgent32323232 Power32 Power3232 Power323232 Power32323232 Power3232323232 ProfSvc32 ProfSvc3232 ProfSvc323232 ProfSvc32323232 ProtectedStorage32 PSI_SVC_232 PSI_SVC_23232 PSI_SVC_2323232 QWAVE32 QWAVE3232 QWAVE323232 QWAVE32323232 QWAVE3232323232 QWAVE323232323232 QWAVE32323232323232 QWAVE3232323232323232 QWAVE323232323232323232 RasAuto32 RasAuto3232 RasAuto323232 RasAuto32323232 RasAuto3232323232 RasAuto323232323232 RasAuto32323232323232 RasMan32 RasMan3232 RegSrvc32 RegSrvc3232 RegSrvc323232 RegSrvc32323232 RegSrvc3232323232 RegSrvc323232323232 RegSrvc32323232323232 RegSrvc3232323232323232 RemoteAccess32 RemoteAccess3232 RemoteAccess323232 RemoteAccess32323232 RemoteAccess3232323232 RemoteAccess323232323232 RemoteAccess32323232323232 RemoteAccess3232323232323232 RemoteRegistry3232 RemoteRegistry323232 RemoteRegistry32323232 RemoteRegistry3232323232 RemoteRegistry323232323232 RemoteRegistry32323232323232 RemoteRegistry3232323232323232 RemoteRegistry323232323232323232 RemoteRegistry32323232323232323232 RemoteRegistry3232323232323232323232 RemoteRegistry323232323232323232323232 RpcEptMapper32 RpcEptMapper3232 RpcEptMapper323232 RpcEptMapper32323232 RpcLocator3232 RpcLocator323232 RpcLocator32323232 RpcSs3232 RpcSs323232 RpcSs32323232 RpcSs3232323232 RpcSs323232323232 SampleCollector32 SampleCollector3232 SampleCollector323232 SampleCollector32323232 SampleCollector3232323232 SamSs32 SamSs3232 SamSs323232 SamSs32323232 SamSs3232323232 SCardSvr32 SCardSvr3232 SCardSvr323232 SCardSvr32323232 SCardSvr3232323232 SCardSvr323232323232 SCardSvr32323232323232 SCardSvr3232323232323232 SCardSvr323232323232323232 Schedule3232 Schedule323232 Schedule32323232 Schedule3232323232 SCPolicySvc32 SCPolicySvc3232 SCPolicySvc323232 SCPolicySvc32323232 SDRSVC32 SDRSVC3232 SDRSVC323232 SDRSVC32323232 SDRSVC3232323232 SDRSVC323232323232 SDRSVC32323232323232 SDRSVC3232323232323232 SDRSVC323232323232323232 SDRSVC32323232323232323232 seclogon3232 seclogon323232 seclogon32323232 SENS32 SENS3232 SENS323232 SENS32323232 SENS3232323232 SensrSvc32 SensrSvc3232 SensrSvc323232 SensrSvc32323232 SensrSvc3232323232 SensrSvc323232323232 SessionEnv32 SessionEnv3232 SessionEnv323232 SessionEnv32323232 SessionEnv3232323232 SessionEnv323232323232 SessionEnv32323232323232 SessionEnv3232323232323232 SessionEnv323232323232323232 sftlist32 sftlist3232 sftlist323232 sftlist32323232 sftlist3232323232 sftvsa32 sftvsa3232 sftvsa323232 SharedAccess3232 SharedAccess323232 SharedAccess32323232 SharedAccess3232323232 ShellHWDetection32 ShellHWDetection3232 ShellHWDetection323232 ShellHWDetection32323232 ShellHWDetection3232323232 SNMPTRAP32 SNMPTRAP3232 SOHCImp32 SOHCImp3232 SOHCImp323232 SOHCImp32323232 SOHCImp3232323232 SOHCImp323232323232 SOHCImp32323232323232 SOHCImp3232323232323232 SOHCImp323232323232323232 SOHCImp32323232323232323232 SOHCImp3232323232323232323232 SOHDs32 SOHDs3232 SOHDs323232 SpfService32 SpfService3232 SpfService323232 Spooler32 sppsvc32 sppsvc3232 sppsvc323232 sppsvc32323232 sppsvc3232323232 sppsvc323232323232 sppuinotify32 sppuinotify3232 sppuinotify323232 sppuinotify32323232 sppuinotify3232323232 SSDPSRV3232 SSDPSRV323232 SSDPSRV32323232 SSDPSRV3232323232 SSDPSRV323232323232 SSDPSRV32323232323232 SSDPSRV3232323232323232 SSDPSRV323232323232323232 SSDPSRV32323232323232323232 SstpSvc32 SstpSvc3232 SstpSvc323232 SstpSvc32323232 SstpSvc3232323232 SstpSvc323232323232 SstpSvc32323232323232 stisvc3232 stisvc323232 stisvc32323232 swprv32 swprv3232 swprv323232 swprv32323232 swprv3232323232 swprv323232323232 SysMain32 SysMain3232 SysMain323232 SysMain32323232 SysMain3232323232 SysMain323232323232 SysMain32323232323232 SysMain3232323232323232 SysMain323232323232323232 TabletInputService32 TabletInputService3232 TabletInputService323232 TabletInputService32323232 TapiSrv32 TBS32 TBS3232 TBS323232 TBS32323232 TBS3232323232 TermService3232 TermService323232 Themes32 Themes3232 Themes323232 Themes32323232 THREADORDER32 THREADORDER3232 THREADORDER323232 THREADORDER32323232 THREADORDER3232323232 THREADORDER323232323232 THREADORDER32323232323232 THREADORDER3232323232323232 THREADORDER323232323232323232 TrkWks32 TrkWks3232 TrkWks323232 TrustedInstaller32 TrustedInstaller3232 TrustedInstaller323232 TrustedInstaller32323232 TrustedInstaller3232323232 TrustedInstaller323232323232 TrustedInstaller32323232323232 TrustedInstaller3232323232323232 TrustedInstaller323232323232323232 UI0Detect32 UI0Detect3232 UNS32 UNS3232 UNS323232 UNS32323232 UNS3232323232 UNS323232323232 UNS32323232323232 UNS3232323232323232 upnphost32 upnphost3232 upnphost323232 upnphost32323232 upnphost3232323232 UxSms32 UxSms3232 UxSms323232 VAIO Event Service32 VAIO Event Service3232 VAIO Event Service323232 VAIO Event Service32323232 VAIO Event Service3232323232 VAIO Event Service323232323232 VaultSvc32 VaultSvc3232 VaultSvc323232 VCFw32 VCFw3232 VcmIAlzMgr32 VcmIAlzMgr3232 VcmIAlzMgr323232 VcmIAlzMgr32323232 VcmINSMgr32 VcmINSMgr3232 VcmINSMgr323232 VcmINSMgr32323232 VcmINSMgr3232323232 VcmXmlIfHelper32 VcmXmlIfHelper3232 VcmXmlIfHelper323232 VcmXmlIfHelper32323232 VcmXmlIfHelper3232323232 VcmXmlIfHelper323232323232 VcmXmlIfHelper32323232323232 VCService32 VCService3232 VCService323232 VCService32323232 vds32 vds3232 vds323232 vds32323232 vds3232323232 vds323232323232 vds32323232323232 vds3232323232323232 VSNService32 VSNService3232 VSNService323232 VSNService32323232 VSNService3232323232 VSNService323232323232 VSNService32323232323232 VSNService3232323232323232 VSS32 VSS3232 VSS323232 VSS32323232 VSS3232323232 VSS323232323232 VSS32323232323232 VUAgent32 VUAgent3232 VUAgent323232 VUAgent32323232 VUAgent3232323232 VUAgent323232323232 VUAgent32323232323232 W32Time3232 W32Time323232 W32Time32323232 W32Time3232323232 W32Time323232323232 W32Time32323232323232 W32Time3232323232323232 WatAdminSvc32 WatAdminSvc3232 WatAdminSvc323232 WatAdminSvc32323232 WatAdminSvc3232323232 wbengine32 wbengine3232 wbengine323232 WbioSrvc32 WbioSrvc3232 WbioSrvc323232 WbioSrvc32323232 WbioSrvc3232323232 WbioSrvc323232323232 WbioSrvc32323232323232 wcncsvc32 wcncsvc3232 wcncsvc323232 WcsPlugInService32 WcsPlugInService3232 WdiServiceHost32 WdiServiceHost3232 WdiServiceHost323232 WdiServiceHost32323232 WdiServiceHost3232323232 WdiSystemHost32 WdiSystemHost3232 WdiSystemHost323232 WdiSystemHost32323232 WebClient32 WebClient3232 WebClient323232 WebrootSpySweeperService32 WebrootSpySweeperService3232 WebrootSpySweeperService323232 WebrootSpySweeperService32323232 WebrootSpySweeperService3232323232 WebrootSpySweeperService323232323232 WebrootSpySweeperService32323232323232 WebrootSpySweeperService3232323232323232 WebrootSpySweeperService323232323232323232 Wecsvc32 Wecsvc3232 Wecsvc323232 Wecsvc32323232 Wecsvc3232323232 Wecsvc323232323232 Wecsvc32323232323232 Wecsvc3232323232323232 Wecsvc323232323232323232 wercplsupport32 wercplsupport3232 wercplsupport323232 wercplsupport32323232 wercplsupport3232323232 WerSvc32 WerSvc3232 WerSvc323232 WerSvc32323232 WiMAXAppSrv32 WiMAXAppSrv3232 WiMAXAppSrv323232 WiMAXAppSrv32323232 WiMAXAppSrv3232323232 WiMAXAppSrv323232323232 WiMAXAppSrv32323232323232 WiMAXAppSrv3232323232323232 WinDefend32 WinHttpAutoProxySvc32 WinHttpAutoProxySvc3232 WinHttpAutoProxySvc323232 WinHttpAutoProxySvc32323232 WinHttpAutoProxySvc3232323232 Winmgmt32 Winmgmt3232 Winmgmt323232 Winmgmt32323232 WinRM32 WinRM3232 WinRM323232 WinRM32323232 WinRM3232323232 Wlansvc32 wlcrasvc32 wlcrasvc3232 wlcrasvc323232 wlidsvc32 wlidsvc3232 wlidsvc323232 wlidsvc32323232 wlidsvc3232323232 wmiApSrv3232 wmiApSrv323232 wmiApSrv32323232 wmiApSrv3232323232 wmiApSrv323232323232 wmiApSrv32323232323232 WMPNetworkSvc32 WMPNetworkSvc3232 WPCSvc32 WPCSvc3232 WPCSvc323232 WPCSvc32323232 WPCSvc3232323232 WPCSvc323232323232 WPDBusEnum32 WPDBusEnum3232 WPDBusEnum323232 WRConsumerService32 WRConsumerService3232 WRConsumerService323232 WRConsumerService32323232 WRConsumerService3232323232 wscsvc32 wscsvc3232 wscsvc323232 wscsvc32323232 wscsvc3232323232 wscsvc323232323232 WSearch32 WSearch3232 wuauserv3232 wuauserv323232 wuauserv32323232 wuauserv3232323232 wuauserv323232323232 wudfsvc32 wudfsvc3232 wudfsvc323232 wudfsvc32323232 wudfsvc3232323232 wudfsvc323232323232 wudfsvc32323232323232 wudfsvc3232323232323232 WwanSvc32 WwanSvc3232 WwanSvc323232 WwanSvc32323232 WwanSvc3232323232 WwanSvc323232323232
Save it to your desktop as CFScript.txt
Referring to the picture above, drag CFScript.txt into ComboFix.exe
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer
"information and logs"
- In your next post I need the following
- report from Combofix
- let me know of any problems you may have had
- How is the computer doing now after running the script?
Gringo
#19
Posted 29 May 2013 - 06:10 AM
ComboFix 13-05-29.01 - ___ 05/29/2013 7:31.14.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2360 [GMT -4:00]
Running from: c:\users\___\Desktop\ComboFix.exe
Command switches used :: c:\users\___\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MICHEL~1\AppData\Local\Temp\AFF1.tmp\F_IN_BOX.dll
c:\users\___\111djtkudzw4b.exe
c:\users\___\AppData\Local\Temp\AFF1.tmp\F_IN_BOX.dll
c:\users\___\AppData\Roaming\SoftGrid Client\WIN7574.exe
c:\users\___\bgbobip46w2g8.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ACDaemon32
-------\Service_ACDaemon3232
-------\Service_ACDaemon323232
-------\Service_ACDaemon32323232
-------\Service_AeLookupSvc32
-------\Service_AeLookupSvc3232
-------\Service_AeLookupSvc323232
-------\Service_AeLookupSvc32323232
-------\Service_ALG3232
-------\Service_ALG323232
-------\Service_AppIDSvc32
-------\Service_AppIDSvc3232
-------\Service_AppIDSvc323232
-------\Service_Appinfo32
-------\Service_Appinfo3232
-------\Service_aspnet_state3232
-------\Service_aspnet_state323232
-------\Service_aspnet_state32323232
-------\Service_aspnet_state3232323232
-------\Service_aspnet_state323232323232
-------\Service_aspnet_state32323232323232
-------\Service_AudioEndpointBuilder32
-------\Service_AudioEndpointBuilder3232
-------\Service_AudioEndpointBuilder323232
-------\Service_AudioEndpointBuilder32323232
-------\Service_AudioEndpointBuilder3232323232
-------\Service_AudioEndpointBuilder323232323232
-------\Service_AudioEndpointBuilder32323232323232
-------\Service_AudioEndpointBuilder3232323232323232
-------\Service_AudioEndpointBuilder323232323232323232
-------\Service_AudioSrv32
-------\Service_AudioSrv3232
-------\Service_AudioSrv323232
-------\Service_AxInstSV32
-------\Service_AxInstSV3232
-------\Service_AxInstSV323232
-------\Service_BDESVC32
-------\Service_BDESVC3232
-------\Service_BDESVC323232
-------\Service_BDESVC32323232
-------\Service_BDESVC3232323232
-------\Service_BDESVC323232323232
-------\Service_BDESVC32323232323232
-------\Service_BFE32
-------\Service_BFE3232
-------\Service_BITS3232
-------\Service_BITS323232
-------\Service_BITS32323232
-------\Service_BITS3232323232
-------\Service_BITS323232323232
-------\Service_BITS32323232323232
-------\Service_Browser32
-------\Service_Browser3232
-------\Service_Browser323232
-------\Service_Browser32323232
-------\Service_Browser3232323232
-------\Service_Browser323232323232
-------\Service_Browser32323232323232
-------\Service_Browser3232323232323232
-------\Service_Browser323232323232323232
-------\Service_Browser32323232323232323232
-------\Service_bthserv32
-------\Service_bthserv3232
-------\Service_bthserv323232
-------\Service_bthserv32323232
-------\Service_CertPropSvc32
-------\Service_CertPropSvc3232
-------\Service_CertPropSvc323232
-------\Service_clr_optimization_v2.0.50727_323232
-------\Service_clr_optimization_v2.0.50727_32323232
-------\Service_clr_optimization_v2.0.50727_3232323232
-------\Service_clr_optimization_v2.0.50727_323232323232
-------\Service_clr_optimization_v2.0.50727_32323232323232
-------\Service_clr_optimization_v2.0.50727_6432
-------\Service_clr_optimization_v2.0.50727_643232
-------\Service_clr_optimization_v2.0.50727_64323232
-------\Service_clr_optimization_v2.0.50727_6432323232
-------\Service_clr_optimization_v2.0.50727_643232323232
-------\Service_clr_optimization_v2.0.50727_64323232323232
-------\Service_clr_optimization_v4.0.30319_3232
-------\Service_clr_optimization_v4.0.30319_323232
-------\Service_clr_optimization_v4.0.30319_32323232
-------\Service_clr_optimization_v4.0.30319_3232323232
-------\Service_clr_optimization_v4.0.30319_323232323232
-------\Service_clr_optimization_v4.0.30319_32323232323232
-------\Service_clr_optimization_v4.0.30319_3232323232323232
-------\Service_clr_optimization_v4.0.30319_6432
-------\Service_clr_optimization_v4.0.30319_643232
-------\Service_clr_optimization_v4.0.30319_64323232
-------\Service_clr_optimization_v4.0.30319_6432323232
-------\Service_clr_optimization_v4.0.30319_643232323232
-------\Service_clr_optimization_v4.0.30319_64323232323232
-------\Service_clr_optimization_v4.0.30319_6432323232323232
-------\Service_clr_optimization_v4.0.30319_643232323232323232
-------\Service_clr_optimization_v4.0.30319_64323232323232323232
-------\Service_COMSysApp3232
-------\Service_COMSysApp323232
-------\Service_COMSysApp32323232
-------\Service_COMSysApp3232323232
-------\Service_COMSysApp323232323232
-------\Service_CryptSvc32
-------\Service_CryptSvc3232
-------\Service_CryptSvc323232
-------\Service_CryptSvc32323232
-------\Service_CryptSvc3232323232
-------\Service_CryptSvc323232323232
-------\Service_CryptSvc32323232323232
-------\Service_cvhsvc32
-------\Service_cvhsvc3232
-------\Service_cvhsvc323232
-------\Service_cvhsvc32323232
-------\Service_cvhsvc3232323232
-------\Service_cvhsvc323232323232
-------\Service_cvhsvc32323232323232
-------\Service_DcomLaunch32
-------\Service_DcomLaunch3232
-------\Service_DcomLaunch323232
-------\Service_DcomLaunch32323232
-------\Service_DcomLaunch3232323232
-------\Service_DcomLaunch323232323232
-------\Service_DcomLaunch32323232323232
-------\Service_defragsvc32
-------\Service_defragsvc3232
-------\Service_defragsvc323232
-------\Service_defragsvc32323232
-------\Service_Dhcp3232
-------\Service_Dhcp323232
-------\Service_Dhcp32323232
-------\Service_DMAgent32
-------\Service_DMAgent3232
-------\Service_DMAgent323232
-------\Service_DMAgent32323232
-------\Service_Dnscache3232
-------\Service_Dnscache323232
-------\Service_DPS32
-------\Service_EapHost32
-------\Service_EapHost3232
-------\Service_EapHost323232
-------\Service_EapHost32323232
-------\Service_EapHost3232323232
-------\Service_EapHost323232323232
-------\Service_EapHost32323232323232
-------\Service_EFS32
-------\Service_EFS3232
-------\Service_EFS323232
-------\Service_EFS32323232
-------\Service_EFS3232323232
-------\Service_ehRecvr32
-------\Service_ehRecvr3232
-------\Service_ehRecvr323232
-------\Service_ehRecvr32323232
-------\Service_ehSched32
-------\Service_ehSched3232
-------\Service_ehSched323232
-------\Service_ehSched32323232
-------\Service_eventlog32
-------\Service_eventlog3232
-------\Service_eventlog323232
-------\Service_eventlog3232323232
-------\Service_eventlog323232323232
-------\Service_eventlog32323232323232
-------\Service_eventlog3232323232323232
-------\Service_eventlog323232323232323232
-------\Service_eventlog32323232323232323232
-------\Service_eventlog3232323232323232323232
-------\Service_EventSystem32
-------\Service_EventSystem3232
-------\Service_EventSystem323232
-------\Service_EventSystem32323232
-------\Service_EventSystem3232323232
-------\Service_EvtEng32
-------\Service_EvtEng3232
-------\Service_EvtEng323232
-------\Service_EvtEng32323232
-------\Service_EvtEng3232323232
-------\Service_Fax32
-------\Service_Fax3232
-------\Service_Fax323232
-------\Service_Fax32323232
-------\Service_Fax3232323232
-------\Service_Fax323232323232
-------\Service_Fax32323232323232
-------\Service_Fax3232323232323232
-------\Service_Fax323232323232323232
-------\Service_fdPHost32
-------\Service_fdPHost3232
-------\Service_fdPHost323232
-------\Service_fdPHost32323232
-------\Service_fdPHost3232323232
-------\Service_fdPHost323232323232
-------\Service_FDResPub32
-------\Service_FontCache3.0.0.032
-------\Service_FontCache3.0.0.03232
-------\Service_FontCache3.0.0.0323232
-------\Service_FontCache3.0.0.032323232
-------\Service_FontCache3.0.0.03232323232
-------\Service_FontCache3.0.0.0323232323232
-------\Service_FontCache3.0.0.032323232323232
-------\Service_FontCache3.0.0.03232323232323232
-------\Service_FontCache3.0.0.0323232323232323232
-------\Service_FontCache32
-------\Service_FontCache3232
-------\Service_FontCache323232
-------\Service_FontCache32323232
-------\Service_FontCache3232323232
-------\Service_FontCache323232323232
-------\Service_FontCache32323232323232
-------\Service_gpsvc32
-------\Service_gpsvc3232
-------\Service_gpsvc323232
-------\Service_gpsvc32323232
-------\Service_hidserv32
-------\Service_hidserv3232
-------\Service_hidserv323232
-------\Service_hidserv32323232
-------\Service_hkmsvc32
-------\Service_hkmsvc3232
-------\Service_hkmsvc323232
-------\Service_hkmsvc32323232
-------\Service_hkmsvc3232323232
-------\Service_hkmsvc323232323232
-------\Service_hkmsvc32323232323232
-------\Service_HomeGroupListener32
-------\Service_HomeGroupListener3232
-------\Service_HomeGroupListener323232
-------\Service_HomeGroupListener32323232
-------\Service_HomeGroupProvider32
-------\Service_HomeGroupProvider3232
-------\Service_HomeGroupProvider323232
-------\Service_HomeGroupProvider32323232
-------\Service_HomeGroupProvider3232323232
-------\Service_HomeGroupProvider323232323232
-------\Service_HomeGroupProvider32323232323232
-------\Service_IAStorDataMgrSvc32
-------\Service_IAStorDataMgrSvc3232
-------\Service_IAStorDataMgrSvc323232
-------\Service_IAStorDataMgrSvc32323232
-------\Service_IAStorDataMgrSvc3232323232
-------\Service_IAStorDataMgrSvc323232323232
-------\Service_IconMan_R32
-------\Service_IconMan_R3232
-------\Service_IconMan_R323232
-------\Service_IconMan_R32323232
-------\Service_IconMan_R3232323232
-------\Service_IconMan_R323232323232
-------\Service_idsvc32
-------\Service_idsvc3232
-------\Service_idsvc323232
-------\Service_idsvc32323232
-------\Service_idsvc3232323232
-------\Service_idsvc323232323232
-------\Service_IKEEXT32
-------\Service_IKEEXT3232
-------\Service_IKEEXT323232
-------\Service_IPBusEnum32
-------\Service_IPBusEnum3232
-------\Service_IPBusEnum323232
-------\Service_IPBusEnum32323232
-------\Service_IPBusEnum3232323232
-------\Service_IPBusEnum323232323232
-------\Service_iphlpsvc32
-------\Service_iphlpsvc3232
-------\Service_iphlpsvc323232
-------\Service_iphlpsvc32323232
-------\Service_iphlpsvc3232323232
-------\Service_IviRegMgr32
-------\Service_IviRegMgr3232
-------\Service_IviRegMgr323232
-------\Service_IviRegMgr32323232
-------\Service_IviRegMgr3232323232
-------\Service_IviRegMgr323232323232
-------\Service_IviRegMgr32323232323232
-------\Service_IviRegMgr3232323232323232
-------\Service_KeyIso32
-------\Service_KtmRm32
-------\Service_KtmRm3232
-------\Service_LanmanServer32
-------\Service_LanmanServer3232
-------\Service_LanmanServer323232
-------\Service_LanmanServer32323232
-------\Service_LanmanServer3232323232
-------\Service_LanmanServer323232323232
-------\Service_LanmanServer32323232323232
-------\Service_LanmanWorkstation3232
-------\Service_LanmanWorkstation323232
-------\Service_LanmanWorkstation32323232
-------\Service_LanmanWorkstation3232323232
-------\Service_LanmanWorkstation323232323232
-------\Service_LanmanWorkstation32323232323232
-------\Service_LanmanWorkstation3232323232323232
-------\Service_LanmanWorkstation323232323232323232
-------\Service_LanmanWorkstation32323232323232323232
-------\Service_LanmanWorkstation3232323232323232323232
-------\Service_LanmanWorkstation323232323232323232323232
-------\Service_LanmanWorkstation32323232323232323232323232
-------\Service_LanmanWorkstation3232323232323232323232323232
-------\Service_LanmanWorkstation323232323232323232323232323232
-------\Service_lltdsvc32
-------\Service_lltdsvc3232
-------\Service_lmhosts3232
-------\Service_lmhosts323232
-------\Service_lmhosts32323232
-------\Service_lmhosts3232323232
-------\Service_lmhosts323232323232
-------\Service_LMS32
-------\Service_Mcx2Svc32
-------\Service_Mcx2Svc3232
-------\Service_Mcx2Svc323232
-------\Service_Mcx2Svc32323232
-------\Service_Mcx2Svc3232323232
-------\Service_Mcx2Svc323232323232
-------\Service_MMCSS32
-------\Service_MMCSS3232
-------\Service_MMCSS323232
-------\Service_MMCSS32323232
-------\Service_MpsSvc32
-------\Service_MpsSvc3232
-------\Service_MpsSvc323232
-------\Service_MpsSvc32323232
-------\Service_MpsSvc3232323232
-------\Service_MpsSvc323232323232
-------\Service_MpsSvc32323232323232
-------\Service_MSDTC32
-------\Service_MSDTC3232
-------\Service_MSDTC323232
-------\Service_MSDTC32323232
-------\Service_MSDTC3232323232
-------\Service_MSDTC323232323232
-------\Service_MSDTC32323232323232
-------\Service_MSiSCSI32
-------\Service_MSiSCSI3232
-------\Service_MSiSCSI323232
-------\Service_MSiSCSI32323232
-------\Service_msiserver32
-------\Service_msiserver3232
-------\Service_msiserver323232
-------\Service_msiserver32323232
-------\Service_msiserver3232323232
-------\Service_msiserver323232323232
-------\Service_msiserver32323232323232
-------\Service_msiserver3232323232323232
-------\Service_msiserver323232323232323232
-------\Service_MyWiFiDHCPDNS32
-------\Service_MyWiFiDHCPDNS3232
-------\Service_MyWiFiDHCPDNS323232
-------\Service_MyWiFiDHCPDNS32323232
-------\Service_MyWiFiDHCPDNS3232323232
-------\Service_MyWiFiDHCPDNS323232323232
-------\Service_MyWiFiDHCPDNS32323232323232
-------\Service_napagent32
-------\Service_napagent3232
-------\Service_napagent323232
-------\Service_napagent32323232
-------\Service_Netlogon32
-------\Service_Netlogon3232
-------\Service_Netlogon323232
-------\Service_Netlogon32323232
-------\Service_Netlogon3232323232
-------\Service_Netlogon323232323232
-------\Service_Netlogon32323232323232
-------\Service_Netlogon3232323232323232
-------\Service_Netlogon323232323232323232
-------\Service_Netman3232
-------\Service_Netman323232
-------\Service_Netman32323232
-------\Service_NetMsmqActivator32
-------\Service_NetMsmqActivator3232
-------\Service_NetMsmqActivator323232
-------\Service_NetMsmqActivator32323232
-------\Service_NetMsmqActivator3232323232
-------\Service_NetMsmqActivator323232323232
-------\Service_NetPipeActivator32
-------\Service_NetPipeActivator3232
-------\Service_NetPipeActivator323232
-------\Service_NetPipeActivator32323232
-------\Service_NetPipeActivator3232323232
-------\Service_netprofm32
-------\Service_netprofm3232
-------\Service_netprofm323232
-------\Service_netprofm32323232
-------\Service_netprofm3232323232
-------\Service_netprofm323232323232
-------\Service_netprofm32323232323232
-------\Service_netprofm3232323232323232
-------\Service_NetTcpActivator32
-------\Service_NetTcpActivator3232
-------\Service_NetTcpActivator323232
-------\Service_NetTcpPortSharing32
-------\Service_NetTcpPortSharing3232
-------\Service_NetTcpPortSharing323232
-------\Service_NlaSvc32
-------\Service_NlaSvc3232
-------\Service_NlaSvc323232
-------\Service_NlaSvc32323232
-------\Service_NlaSvc3232323232
-------\Service_NlaSvc323232323232
-------\Service_NlaSvc32323232323232
-------\Service_NlaSvc3232323232323232
-------\Service_NlaSvc323232323232323232
-------\Service_nsi32
-------\Service_nsi3232
-------\Service_nsi323232
-------\Service_nsi32323232
-------\Service_nsi3232323232
-------\Service_nsi323232323232
-------\Service_nsi32323232323232
-------\Service_nsi3232323232323232
-------\Service_Oasis2Service32
-------\Service_Oasis2Service3232
-------\Service_Oasis2Service323232
-------\Service_Oasis2Service32323232
-------\Service_Oasis2Service3232323232
-------\Service_Oasis2Service323232323232
-------\Service_Oasis2Service32323232323232
-------\Service_ose32
-------\Service_ose3232
-------\Service_ose323232
-------\Service_ose32323232
-------\Service_ose3232323232
-------\Service_osppsvc32
-------\Service_osppsvc3232
-------\Service_osppsvc323232
-------\Service_osppsvc32323232
-------\Service_osppsvc3232323232
-------\Service_osppsvc323232323232
-------\Service_osppsvc32323232323232
-------\Service_osppsvc3232323232323232
-------\Service_p2pimsvc32
-------\Service_p2pimsvc3232
-------\Service_p2pimsvc323232
-------\Service_p2pimsvc32323232
-------\Service_p2pimsvc3232323232
-------\Service_p2pimsvc323232323232
-------\Service_p2pimsvc32323232323232
-------\Service_p2psvc32
-------\Service_p2psvc323232
-------\Service_p2psvc32323232
-------\Service_p2psvc3232323232
-------\Service_p2psvc323232323232
-------\Service_PcaSvc32
-------\Service_PcaSvc3232
-------\Service_PcaSvc323232
-------\Service_PcaSvc32323232
-------\Service_PerfHost32
-------\Service_PerfHost3232
-------\Service_PerfHost323232
-------\Service_PerfHost32323232
-------\Service_PerfHost3232323232
-------\Service_PerfHost323232323232
-------\Service_PerfHost32323232323232
-------\Service_PerfHost3232323232323232
-------\Service_PerfHost323232323232323232
-------\Service_PerfHost32323232323232323232
-------\Service_pla32
-------\Service_pla3232
-------\Service_pla323232
-------\Service_pla32323232
-------\Service_pla3232323232
-------\Service_PlugPlay32
-------\Service_PlugPlay3232
-------\Service_PlugPlay323232
-------\Service_PlugPlay32323232
-------\Service_PlugPlay3232323232
-------\Service_PlugPlay323232323232
-------\Service_PMBDeviceInfoProvider32
-------\Service_PMBDeviceInfoProvider3232
-------\Service_PMBDeviceInfoProvider323232
-------\Service_PMBDeviceInfoProvider32323232
-------\Service_PMBDeviceInfoProvider3232323232
-------\Service_PMBDeviceInfoProvider323232323232
-------\Service_PMBDeviceInfoProvider32323232323232
-------\Service_PMBDeviceInfoProvider3232323232323232
-------\Service_PMBDeviceInfoProvider323232323232323232
-------\Service_PNRPAutoReg32
-------\Service_PNRPAutoReg3232
-------\Service_PNRPAutoReg323232
-------\Service_PNRPAutoReg32323232
-------\Service_PNRPAutoReg3232323232
-------\Service_PNRPAutoReg323232323232
-------\Service_PNRPAutoReg32323232323232
-------\Service_PNRPsvc32
-------\Service_PNRPsvc3232
-------\Service_PNRPsvc323232
-------\Service_PolicyAgent3232
-------\Service_PolicyAgent323232
-------\Service_PolicyAgent32323232
-------\Service_Power32
-------\Service_Power3232
-------\Service_Power323232
-------\Service_Power32323232
-------\Service_Power3232323232
-------\Service_ProfSvc32
-------\Service_ProfSvc3232
-------\Service_ProfSvc323232
-------\Service_ProfSvc32323232
-------\Service_ProtectedStorage32
-------\Service_PSI_SVC_232
-------\Service_PSI_SVC_23232
-------\Service_PSI_SVC_2323232
-------\Service_QWAVE32
-------\Service_QWAVE3232
-------\Service_QWAVE323232
-------\Service_QWAVE32323232
-------\Service_QWAVE3232323232
-------\Service_QWAVE323232323232
-------\Service_QWAVE32323232323232
-------\Service_QWAVE3232323232323232
-------\Service_QWAVE323232323232323232
-------\Service_RasAuto32
-------\Service_RasAuto3232
-------\Service_RasAuto323232
-------\Service_RasAuto32323232
-------\Service_RasAuto3232323232
-------\Service_RasAuto323232323232
-------\Service_RasAuto32323232323232
-------\Service_RasMan32
-------\Service_RasMan3232
-------\Service_RegSrvc32
-------\Service_RegSrvc3232
-------\Service_RegSrvc323232
-------\Service_RegSrvc32323232
-------\Service_RegSrvc3232323232
-------\Service_RegSrvc323232323232
-------\Service_RegSrvc32323232323232
-------\Service_RegSrvc3232323232323232
-------\Service_RemoteAccess32
-------\Service_RemoteAccess3232
-------\Service_RemoteAccess323232
-------\Service_RemoteAccess32323232
-------\Service_RemoteAccess3232323232
-------\Service_RemoteAccess323232323232
-------\Service_RemoteAccess32323232323232
-------\Service_RemoteAccess3232323232323232
-------\Service_RemoteRegistry3232
-------\Service_RemoteRegistry323232
-------\Service_RemoteRegistry32323232
-------\Service_RemoteRegistry3232323232
-------\Service_RemoteRegistry323232323232
-------\Service_RemoteRegistry32323232323232
-------\Service_RemoteRegistry3232323232323232
-------\Service_RemoteRegistry323232323232323232
-------\Service_RemoteRegistry32323232323232323232
-------\Service_RemoteRegistry3232323232323232323232
-------\Service_RemoteRegistry323232323232323232323232
-------\Service_RpcEptMapper32
-------\Service_RpcEptMapper3232
-------\Service_RpcEptMapper323232
-------\Service_RpcEptMapper32323232
-------\Service_RpcLocator3232
-------\Service_RpcLocator323232
-------\Service_RpcLocator32323232
-------\Service_RpcSs3232
-------\Service_RpcSs323232
-------\Service_RpcSs32323232
-------\Service_RpcSs3232323232
-------\Service_RpcSs323232323232
-------\Service_SampleCollector
-------\Service_SampleCollector32
-------\Service_SampleCollector3232
-------\Service_SampleCollector323232
-------\Service_SampleCollector32323232
-------\Service_SampleCollector3232323232
-------\Service_SamSs32
-------\Service_SamSs3232
-------\Service_SamSs323232
-------\Service_SamSs32323232
-------\Service_SamSs3232323232
-------\Service_SCardSvr32
-------\Service_SCardSvr3232
-------\Service_SCardSvr323232
-------\Service_SCardSvr32323232
-------\Service_SCardSvr3232323232
-------\Service_SCardSvr323232323232
-------\Service_SCardSvr32323232323232
-------\Service_SCardSvr3232323232323232
-------\Service_SCardSvr323232323232323232
-------\Service_Schedule3232
-------\Service_Schedule323232
-------\Service_Schedule32323232
-------\Service_SCPolicySvc32
-------\Service_SCPolicySvc3232
-------\Service_SCPolicySvc323232
-------\Service_SCPolicySvc32323232
-------\Service_SDRSVC32
-------\Service_SDRSVC3232
-------\Service_SDRSVC323232
-------\Service_SDRSVC32323232
-------\Service_SDRSVC3232323232
-------\Service_SDRSVC323232323232
-------\Service_SDRSVC32323232323232
-------\Service_SDRSVC3232323232323232
-------\Service_SDRSVC323232323232323232
-------\Service_SDRSVC32323232323232323232
-------\Service_seclogon3232
-------\Service_seclogon323232
-------\Service_seclogon32323232
-------\Service_SENS32
-------\Service_SENS3232
-------\Service_SENS323232
-------\Service_SENS32323232
-------\Service_SENS3232323232
-------\Service_SensrSvc32
-------\Service_SensrSvc3232
-------\Service_SensrSvc323232
-------\Service_SensrSvc32323232
-------\Service_SensrSvc3232323232
-------\Service_SensrSvc323232323232
-------\Service_SessionEnv32
-------\Service_SessionEnv3232
-------\Service_SessionEnv323232
-------\Service_SessionEnv32323232
-------\Service_SessionEnv3232323232
-------\Service_SessionEnv323232323232
-------\Service_SessionEnv32323232323232
-------\Service_SessionEnv3232323232323232
-------\Service_SessionEnv323232323232323232
-------\Service_sftlist32
-------\Service_sftlist3232
-------\Service_sftlist323232
-------\Service_sftlist32323232
-------\Service_sftlist3232323232
-------\Service_sftvsa32
-------\Service_sftvsa3232
-------\Service_sftvsa323232
-------\Service_SharedAccess3232
-------\Service_SharedAccess323232
-------\Service_SharedAccess32323232
-------\Service_SharedAccess3232323232
-------\Service_ShellHWDetection32
-------\Service_ShellHWDetection3232
-------\Service_ShellHWDetection323232
-------\Service_ShellHWDetection32323232
-------\Service_ShellHWDetection3232323232
-------\Service_SNMPTRAP32
-------\Service_SNMPTRAP3232
-------\Service_SOHCImp32
-------\Service_SOHCImp3232
-------\Service_SOHCImp323232
-------\Service_SOHCImp32323232
-------\Service_SOHCImp3232323232
-------\Service_SOHCImp323232323232
-------\Service_SOHCImp32323232323232
-------\Service_SOHCImp3232323232323232
-------\Service_SOHCImp323232323232323232
-------\Service_SOHCImp32323232323232323232
-------\Service_SOHCImp3232323232323232323232
-------\Service_SOHDs32
-------\Service_SOHDs3232
-------\Service_SOHDs323232
-------\Service_SpfService32
-------\Service_SpfService3232
-------\Service_SpfService323232
-------\Service_Spooler32
-------\Service_sppsvc32
-------\Service_sppsvc3232
-------\Service_sppsvc323232
-------\Service_sppsvc32323232
-------\Service_sppsvc3232323232
-------\Service_sppsvc323232323232
-------\Service_sppuinotify32
-------\Service_sppuinotify3232
-------\Service_sppuinotify323232
-------\Service_sppuinotify32323232
-------\Service_sppuinotify3232323232
-------\Service_SSDPSRV3232
-------\Service_SSDPSRV323232
-------\Service_SSDPSRV32323232
-------\Service_SSDPSRV3232323232
-------\Service_SSDPSRV323232323232
-------\Service_SSDPSRV32323232323232
-------\Service_SSDPSRV3232323232323232
-------\Service_SSDPSRV323232323232323232
-------\Service_SSDPSRV32323232323232323232
-------\Service_SstpSvc32
-------\Service_SstpSvc3232
-------\Service_SstpSvc323232
-------\Service_SstpSvc32323232
-------\Service_SstpSvc3232323232
-------\Service_SstpSvc323232323232
-------\Service_SstpSvc32323232323232
-------\Service_stisvc3232
-------\Service_stisvc323232
-------\Service_stisvc32323232
-------\Service_swprv32
-------\Service_swprv3232
-------\Service_swprv323232
-------\Service_swprv32323232
-------\Service_swprv3232323232
-------\Service_swprv323232323232
-------\Service_SysMain32
-------\Service_SysMain3232
-------\Service_SysMain323232
-------\Service_SysMain32323232
-------\Service_SysMain3232323232
-------\Service_SysMain323232323232
-------\Service_SysMain32323232323232
-------\Service_SysMain3232323232323232
-------\Service_SysMain323232323232323232
-------\Service_TabletInputService32
-------\Service_TabletInputService3232
-------\Service_TabletInputService323232
-------\Service_TabletInputService32323232
-------\Service_TapiSrv32
-------\Service_TBS32
-------\Service_TBS3232
-------\Service_TBS323232
-------\Service_TBS32323232
-------\Service_TBS3232323232
-------\Service_TermService3232
-------\Service_TermService323232
-------\Service_Themes32
-------\Service_Themes3232
-------\Service_Themes323232
-------\Service_Themes32323232
-------\Service_THREADORDER32
-------\Service_THREADORDER3232
-------\Service_THREADORDER323232
-------\Service_THREADORDER32323232
-------\Service_THREADORDER3232323232
-------\Service_THREADORDER323232323232
-------\Service_THREADORDER32323232323232
-------\Service_THREADORDER3232323232323232
-------\Service_THREADORDER323232323232323232
-------\Service_TrkWks32
-------\Service_TrkWks3232
-------\Service_TrkWks323232
-------\Service_TrustedInstaller32
-------\Service_TrustedInstaller3232
-------\Service_TrustedInstaller323232
-------\Service_TrustedInstaller32323232
-------\Service_TrustedInstaller3232323232
-------\Service_TrustedInstaller323232323232
-------\Service_TrustedInstaller32323232323232
-------\Service_TrustedInstaller3232323232323232
-------\Service_TrustedInstaller323232323232323232
-------\Service_UI0Detect32
-------\Service_UI0Detect3232
-------\Service_UNS32
-------\Service_UNS3232
-------\Service_UNS323232
-------\Service_UNS32323232
-------\Service_UNS3232323232
-------\Service_UNS323232323232
-------\Service_UNS32323232323232
-------\Service_UNS3232323232323232
-------\Service_upnphost32
-------\Service_upnphost3232
-------\Service_upnphost323232
-------\Service_upnphost32323232
-------\Service_upnphost3232323232
-------\Service_UxSms32
-------\Service_UxSms3232
-------\Service_UxSms323232
-------\Service_VAIO Event Service32
-------\Service_VAIO Event Service3232
-------\Service_VAIO Event Service323232
-------\Service_VAIO Event Service32323232
-------\Service_VAIO Event Service3232323232
-------\Service_VAIO Event Service323232323232
-------\Service_VaultSvc32
-------\Service_VaultSvc3232
-------\Service_VaultSvc323232
-------\Service_VCFw32
-------\Service_VCFw3232
-------\Service_VcmIAlzMgr32
-------\Service_VcmIAlzMgr3232
-------\Service_VcmIAlzMgr323232
-------\Service_VcmIAlzMgr32323232
-------\Service_VcmINSMgr32
-------\Service_VcmINSMgr3232
-------\Service_VcmINSMgr323232
-------\Service_VcmINSMgr32323232
-------\Service_VcmINSMgr3232323232
-------\Service_VcmXmlIfHelper32
-------\Service_VcmXmlIfHelper3232
-------\Service_VcmXmlIfHelper323232
-------\Service_VcmXmlIfHelper32323232
-------\Service_VcmXmlIfHelper3232323232
-------\Service_VcmXmlIfHelper323232323232
-------\Service_VcmXmlIfHelper32323232323232
-------\Service_VCService32
-------\Service_VCService3232
-------\Service_VCService323232
-------\Service_VCService32323232
-------\Service_vds32
-------\Service_vds3232
-------\Service_vds323232
-------\Service_vds32323232
-------\Service_vds3232323232
-------\Service_vds323232323232
-------\Service_vds32323232323232
-------\Service_vds3232323232323232
-------\Service_VSNService32
-------\Service_VSNService3232
-------\Service_VSNService323232
-------\Service_VSNService32323232
-------\Service_VSNService3232323232
-------\Service_VSNService323232323232
-------\Service_VSNService32323232323232
-------\Service_VSNService3232323232323232
-------\Service_VSS32
-------\Service_VSS3232
-------\Service_VSS323232
-------\Service_VSS32323232
-------\Service_VSS3232323232
-------\Service_VSS323232323232
-------\Service_VSS32323232323232
-------\Service_VUAgent32
-------\Service_VUAgent3232
-------\Service_VUAgent323232
-------\Service_VUAgent32323232
-------\Service_VUAgent3232323232
-------\Service_VUAgent323232323232
-------\Service_VUAgent32323232323232
-------\Service_W32Time3232
-------\Service_W32Time323232
-------\Service_W32Time32323232
-------\Service_W32Time3232323232
-------\Service_W32Time323232323232
-------\Service_W32Time32323232323232
-------\Service_W32Time3232323232323232
-------\Service_WatAdminSvc32
-------\Service_WatAdminSvc3232
-------\Service_WatAdminSvc323232
-------\Service_WatAdminSvc32323232
-------\Service_WatAdminSvc3232323232
-------\Service_wbengine32
-------\Service_wbengine3232
-------\Service_wbengine323232
-------\Service_WbioSrvc32
-------\Service_WbioSrvc3232
-------\Service_WbioSrvc323232
-------\Service_WbioSrvc32323232
-------\Service_WbioSrvc3232323232
-------\Service_WbioSrvc323232323232
-------\Service_WbioSrvc32323232323232
-------\Service_wcncsvc32
-------\Service_wcncsvc3232
-------\Service_wcncsvc323232
-------\Service_WcsPlugInService32
-------\Service_WcsPlugInService3232
-------\Service_WdiServiceHost32
-------\Service_WdiServiceHost3232
-------\Service_WdiServiceHost323232
-------\Service_WdiServiceHost32323232
-------\Service_WdiServiceHost3232323232
-------\Service_WdiSystemHost32
-------\Service_WdiSystemHost3232
-------\Service_WdiSystemHost323232
-------\Service_WdiSystemHost32323232
-------\Service_WebClient32
-------\Service_WebClient3232
-------\Service_WebClient323232
-------\Service_WebrootSpySweeperService32
-------\Service_WebrootSpySweeperService3232
-------\Service_WebrootSpySweeperService323232
-------\Service_WebrootSpySweeperService32323232
-------\Service_WebrootSpySweeperService3232323232
-------\Service_WebrootSpySweeperService323232323232
-------\Service_WebrootSpySweeperService32323232323232
-------\Service_WebrootSpySweeperService3232323232323232
-------\Service_WebrootSpySweeperService323232323232323232
-------\Service_Wecsvc32
-------\Service_Wecsvc3232
-------\Service_Wecsvc323232
-------\Service_Wecsvc32323232
-------\Service_Wecsvc3232323232
-------\Service_Wecsvc323232323232
-------\Service_Wecsvc32323232323232
-------\Service_Wecsvc3232323232323232
-------\Service_Wecsvc323232323232323232
-------\Service_wercplsupport32
-------\Service_wercplsupport3232
-------\Service_wercplsupport323232
-------\Service_wercplsupport32323232
-------\Service_wercplsupport3232323232
-------\Service_WerSvc32
-------\Service_WerSvc3232
-------\Service_WerSvc323232
-------\Service_WerSvc32323232
-------\Service_WiMAXAppSrv32
-------\Service_WiMAXAppSrv3232
-------\Service_WiMAXAppSrv323232
-------\Service_WiMAXAppSrv32323232
-------\Service_WiMAXAppSrv3232323232
-------\Service_WiMAXAppSrv323232323232
-------\Service_WiMAXAppSrv32323232323232
-------\Service_WiMAXAppSrv3232323232323232
-------\Service_WinDefend32
-------\Service_WinHttpAutoProxySvc32
-------\Service_WinHttpAutoProxySvc3232
-------\Service_WinHttpAutoProxySvc323232
-------\Service_WinHttpAutoProxySvc32323232
-------\Service_WinHttpAutoProxySvc3232323232
-------\Service_Winmgmt32
-------\Service_Winmgmt3232
-------\Service_Winmgmt323232
-------\Service_Winmgmt32323232
-------\Service_WinRM32
-------\Service_WinRM3232
-------\Service_WinRM323232
-------\Service_WinRM32323232
-------\Service_WinRM3232323232
-------\Service_Wlansvc32
-------\Service_wlcrasvc32
-------\Service_wlcrasvc3232
-------\Service_wlcrasvc323232
-------\Service_wlidsvc32
-------\Service_wlidsvc3232
-------\Service_wlidsvc323232
-------\Service_wlidsvc32323232
-------\Service_wlidsvc3232323232
-------\Service_wmiApSrv3232
-------\Service_wmiApSrv323232
-------\Service_wmiApSrv32323232
-------\Service_wmiApSrv3232323232
-------\Service_wmiApSrv323232323232
-------\Service_wmiApSrv32323232323232
-------\Service_WMPNetworkSvc32
-------\Service_WMPNetworkSvc3232
-------\Service_WPCSvc32
-------\Service_WPCSvc3232
-------\Service_WPCSvc323232
-------\Service_WPCSvc32323232
-------\Service_WPCSvc3232323232
-------\Service_WPCSvc323232323232
-------\Service_WPDBusEnum32
-------\Service_WPDBusEnum3232
-------\Service_WPDBusEnum323232
-------\Service_WRConsumerService32
-------\Service_WRConsumerService3232
-------\Service_WRConsumerService323232
-------\Service_WRConsumerService32323232
-------\Service_WRConsumerService3232323232
-------\Service_wscsvc32
-------\Service_wscsvc3232
-------\Service_wscsvc323232
-------\Service_wscsvc32323232
-------\Service_wscsvc3232323232
-------\Service_wscsvc323232323232
-------\Service_WSearch32
-------\Service_WSearch3232
-------\Service_wuauserv3232
-------\Service_wuauserv323232
-------\Service_wuauserv32323232
-------\Service_wuauserv3232323232
-------\Service_wuauserv323232323232
-------\Service_wudfsvc32
-------\Service_wudfsvc3232
-------\Service_wudfsvc323232
-------\Service_wudfsvc32323232
-------\Service_wudfsvc3232323232
-------\Service_wudfsvc323232323232
-------\Service_wudfsvc32323232323232
-------\Service_wudfsvc3232323232323232
-------\Service_WwanSvc32
-------\Service_WwanSvc3232
-------\Service_WwanSvc323232
-------\Service_WwanSvc3232323232
-------\Service_WwanSvc323232323232
.
.
((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-29 )))))))))))))))))))))))))))))))
.
.
2013-05-29 11:37 . 2013-05-29 11:37 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-05-29 11:37 . 2013-05-29 11:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-28 11:06 . 2013-05-28 11:06 -------- d-----w- C:\_OTL
2013-05-25 14:16 . 2013-05-25 14:16 -------- d-----w- c:\windows\ERUNT
2013-05-25 14:16 . 2013-05-25 14:16 -------- d-----w- C:\JRT
2013-05-25 02:03 . 2013-05-25 02:03 -------- d-----w- C:\_OTM
2013-05-25 01:21 . 2013-05-25 01:21 -------- d-----w- C:\TDSSKiller_Quarantine
2013-05-23 22:37 . 2013-05-23 22:37 212992 --sha-r- c:\windows\SysWow64\pt-PTD.dll
2013-05-21 21:47 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{91BD79FF-BDD7-4F62-87D9-2FD1C996361A}\mpengine.dll
2013-05-14 20:36 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 21:19 . 2012-07-17 19:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-15 00:23 . 2012-06-18 22:24 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 00:23 . 2011-07-12 11:40 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 06:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-14 20:36 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-14 20:36 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-14 20:36 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-14 20:36 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-14 20:36 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-14 20:36 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 20:52 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-04 18:50 . 2011-07-22 21:34 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 20:30 . 2013-04-02 20:30 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-02 20:30 . 2013-04-02 20:30 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-02 20:30 . 2013-04-02 20:30 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-02 20:30 . 2013-04-02 20:30 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-02 20:30 . 2013-04-02 20:30 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-02 20:30 . 2013-04-02 20:30 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-02 20:30 . 2013-04-02 20:30 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-02 20:30 . 2013-04-02 20:30 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-02 20:30 . 2013-04-02 20:30 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-02 20:30 . 2013-04-02 20:30 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-02 20:30 . 2013-04-02 20:30 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-02 20:30 . 2013-04-02 20:30 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-02 20:30 . 2013-04-02 20:30 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-02 20:30 . 2013-04-02 20:30 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-02 20:30 . 2013-04-02 20:30 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-02 20:30 . 2013-04-02 20:30 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-02 20:30 . 2013-04-02 20:30 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-02 20:30 . 2013-04-02 20:30 441856 ----a-w- c:\windows\system32\html.iec
2013-04-02 20:30 . 2013-04-02 20:30 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-02 20:30 . 2013-04-02 20:30 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-02 20:30 . 2013-04-02 20:30 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-02 20:30 . 2013-04-02 20:30 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-02 20:30 . 2013-04-02 20:30 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-02 20:30 . 2013-04-02 20:30 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-02 20:30 . 2013-04-02 20:30 235008 ----a-w- c:\windows\system32\url.dll
2013-04-02 20:30 . 2013-04-02 20:30 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-02 20:30 . 2013-04-02 20:30 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-02 20:30 . 2013-04-02 20:30 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-02 20:30 . 2013-04-02 20:30 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-02 20:30 . 2013-04-02 20:30 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-02 20:30 . 2013-04-02 20:30 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-02 20:30 . 2013-04-02 20:30 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-02 20:30 . 2013-04-02 20:30 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-02 20:30 . 2013-04-02 20:30 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-02 20:30 . 2013-04-02 20:30 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-02 20:30 . 2013-04-02 20:30 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-02 20:30 . 2013-04-02 20:30 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-02 20:30 . 2013-04-02 20:30 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-02 20:30 . 2013-04-02 20:30 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-02 20:30 . 2013-04-02 20:30 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-02 20:30 . 2013-04-02 20:30 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-02 20:30 . 2013-04-02 20:30 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-02 20:30 . 2013-04-02 20:30 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-02 20:30 . 2013-04-02 20:30 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-02 20:30 . 2013-04-02 20:30 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-02 20:30 . 2013-04-02 20:30 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-02 20:30 . 2013-04-02 20:30 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-02 20:30 . 2013-04-02 20:30 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-02 20:30 . 2013-04-02 20:30 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-19 06:04 . 2013-04-11 01:30 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-11 01:30 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-11 01:30 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-11 01:30 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-11 01:30 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-11 01:30 112640 ----a-w- c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-16 22:39 220632 ----a-w- c:\users\___\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-16 22:39 220632 ----a-w- c:\users\___\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-16 22:39 220632 ----a-w- c:\users\___\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"DigiDo"="c:\program files (x86)\Optimum\DigiDo\TrayApp.exe" [2011-10-17 1154416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
2;2 UNS;Intel® Management and Security Application User Notification Service [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-02-19 546608]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2011-03-30 1021112]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-02 1255736]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-02-28 852160]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-02-17 75264]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-02-17 174080]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-02-17 81920]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-02-11 76912]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-03-28 333928]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-04-26 12032]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 00:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-16 22:39 244696 ----a-w- c:\users\___\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-16 22:39 244696 ----a-w- c:\users\___\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-16 22:39 244696 ----a-w- c:\users\___\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-03-09 518784]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCUDelayStartup.exe" [2011-03-02 718336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 167744]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 392512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 417088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{5EECAD8D-E2C3-4F9C-91E3-7490C63E1274}: NameServer = 0.0.0.0
FF - ProfilePath - c:\users\___\AppData\Roaming\Mozilla\Firefox\Profiles\sbdqlarq.default-1369538825987\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-TimeServer - c:\users\___\AppData\Roaming\SoftGrid Client\WIN7574.exe
SafeBoot-41503383.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-947907804-1673121893-2589414172-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-947907804-1673121893-2589414172-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Optimum\DigiDo\AffinegyService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
c:\program files (x86)\DDNi\Oasis\VAIO Messenger.exe
.
**************************************************************************
.
Completion time: 2013-05-29 07:41:33 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-29 11:41
ComboFix2.txt 2013-05-25 19:12
ComboFix3.txt 2013-05-25 00:53
ComboFix4.txt 2013-05-24 11:43
ComboFix5.txt 2013-05-29 11:30
.
Pre-Run: 579,446,833,152 bytes free
Post-Run: 579,365,359,616 bytes free
.
- - End Of File - - D3134F89BDD55588DAA648444C0F8FFE
Hi Gringo, I ran the fix but haven't had much chance to observe if it is still redirecting. I'll check the computer out some more after work this evening and let you know. Thanks.
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2360 [GMT -4:00]
Running from: c:\users\___\Desktop\ComboFix.exe
Command switches used :: c:\users\___\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MICHEL~1\AppData\Local\Temp\AFF1.tmp\F_IN_BOX.dll
c:\users\___\111djtkudzw4b.exe
c:\users\___\AppData\Local\Temp\AFF1.tmp\F_IN_BOX.dll
c:\users\___\AppData\Roaming\SoftGrid Client\WIN7574.exe
c:\users\___\bgbobip46w2g8.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ACDaemon32
-------\Service_ACDaemon3232
-------\Service_ACDaemon323232
-------\Service_ACDaemon32323232
-------\Service_AeLookupSvc32
-------\Service_AeLookupSvc3232
-------\Service_AeLookupSvc323232
-------\Service_AeLookupSvc32323232
-------\Service_ALG3232
-------\Service_ALG323232
-------\Service_AppIDSvc32
-------\Service_AppIDSvc3232
-------\Service_AppIDSvc323232
-------\Service_Appinfo32
-------\Service_Appinfo3232
-------\Service_aspnet_state3232
-------\Service_aspnet_state323232
-------\Service_aspnet_state32323232
-------\Service_aspnet_state3232323232
-------\Service_aspnet_state323232323232
-------\Service_aspnet_state32323232323232
-------\Service_AudioEndpointBuilder32
-------\Service_AudioEndpointBuilder3232
-------\Service_AudioEndpointBuilder323232
-------\Service_AudioEndpointBuilder32323232
-------\Service_AudioEndpointBuilder3232323232
-------\Service_AudioEndpointBuilder323232323232
-------\Service_AudioEndpointBuilder32323232323232
-------\Service_AudioEndpointBuilder3232323232323232
-------\Service_AudioEndpointBuilder323232323232323232
-------\Service_AudioSrv32
-------\Service_AudioSrv3232
-------\Service_AudioSrv323232
-------\Service_AxInstSV32
-------\Service_AxInstSV3232
-------\Service_AxInstSV323232
-------\Service_BDESVC32
-------\Service_BDESVC3232
-------\Service_BDESVC323232
-------\Service_BDESVC32323232
-------\Service_BDESVC3232323232
-------\Service_BDESVC323232323232
-------\Service_BDESVC32323232323232
-------\Service_BFE32
-------\Service_BFE3232
-------\Service_BITS3232
-------\Service_BITS323232
-------\Service_BITS32323232
-------\Service_BITS3232323232
-------\Service_BITS323232323232
-------\Service_BITS32323232323232
-------\Service_Browser32
-------\Service_Browser3232
-------\Service_Browser323232
-------\Service_Browser32323232
-------\Service_Browser3232323232
-------\Service_Browser323232323232
-------\Service_Browser32323232323232
-------\Service_Browser3232323232323232
-------\Service_Browser323232323232323232
-------\Service_Browser32323232323232323232
-------\Service_bthserv32
-------\Service_bthserv3232
-------\Service_bthserv323232
-------\Service_bthserv32323232
-------\Service_CertPropSvc32
-------\Service_CertPropSvc3232
-------\Service_CertPropSvc323232
-------\Service_clr_optimization_v2.0.50727_323232
-------\Service_clr_optimization_v2.0.50727_32323232
-------\Service_clr_optimization_v2.0.50727_3232323232
-------\Service_clr_optimization_v2.0.50727_323232323232
-------\Service_clr_optimization_v2.0.50727_32323232323232
-------\Service_clr_optimization_v2.0.50727_6432
-------\Service_clr_optimization_v2.0.50727_643232
-------\Service_clr_optimization_v2.0.50727_64323232
-------\Service_clr_optimization_v2.0.50727_6432323232
-------\Service_clr_optimization_v2.0.50727_643232323232
-------\Service_clr_optimization_v2.0.50727_64323232323232
-------\Service_clr_optimization_v4.0.30319_3232
-------\Service_clr_optimization_v4.0.30319_323232
-------\Service_clr_optimization_v4.0.30319_32323232
-------\Service_clr_optimization_v4.0.30319_3232323232
-------\Service_clr_optimization_v4.0.30319_323232323232
-------\Service_clr_optimization_v4.0.30319_32323232323232
-------\Service_clr_optimization_v4.0.30319_3232323232323232
-------\Service_clr_optimization_v4.0.30319_6432
-------\Service_clr_optimization_v4.0.30319_643232
-------\Service_clr_optimization_v4.0.30319_64323232
-------\Service_clr_optimization_v4.0.30319_6432323232
-------\Service_clr_optimization_v4.0.30319_643232323232
-------\Service_clr_optimization_v4.0.30319_64323232323232
-------\Service_clr_optimization_v4.0.30319_6432323232323232
-------\Service_clr_optimization_v4.0.30319_643232323232323232
-------\Service_clr_optimization_v4.0.30319_64323232323232323232
-------\Service_COMSysApp3232
-------\Service_COMSysApp323232
-------\Service_COMSysApp32323232
-------\Service_COMSysApp3232323232
-------\Service_COMSysApp323232323232
-------\Service_CryptSvc32
-------\Service_CryptSvc3232
-------\Service_CryptSvc323232
-------\Service_CryptSvc32323232
-------\Service_CryptSvc3232323232
-------\Service_CryptSvc323232323232
-------\Service_CryptSvc32323232323232
-------\Service_cvhsvc32
-------\Service_cvhsvc3232
-------\Service_cvhsvc323232
-------\Service_cvhsvc32323232
-------\Service_cvhsvc3232323232
-------\Service_cvhsvc323232323232
-------\Service_cvhsvc32323232323232
-------\Service_DcomLaunch32
-------\Service_DcomLaunch3232
-------\Service_DcomLaunch323232
-------\Service_DcomLaunch32323232
-------\Service_DcomLaunch3232323232
-------\Service_DcomLaunch323232323232
-------\Service_DcomLaunch32323232323232
-------\Service_defragsvc32
-------\Service_defragsvc3232
-------\Service_defragsvc323232
-------\Service_defragsvc32323232
-------\Service_Dhcp3232
-------\Service_Dhcp323232
-------\Service_Dhcp32323232
-------\Service_DMAgent32
-------\Service_DMAgent3232
-------\Service_DMAgent323232
-------\Service_DMAgent32323232
-------\Service_Dnscache3232
-------\Service_Dnscache323232
-------\Service_DPS32
-------\Service_EapHost32
-------\Service_EapHost3232
-------\Service_EapHost323232
-------\Service_EapHost32323232
-------\Service_EapHost3232323232
-------\Service_EapHost323232323232
-------\Service_EapHost32323232323232
-------\Service_EFS32
-------\Service_EFS3232
-------\Service_EFS323232
-------\Service_EFS32323232
-------\Service_EFS3232323232
-------\Service_ehRecvr32
-------\Service_ehRecvr3232
-------\Service_ehRecvr323232
-------\Service_ehRecvr32323232
-------\Service_ehSched32
-------\Service_ehSched3232
-------\Service_ehSched323232
-------\Service_ehSched32323232
-------\Service_eventlog32
-------\Service_eventlog3232
-------\Service_eventlog323232
-------\Service_eventlog3232323232
-------\Service_eventlog323232323232
-------\Service_eventlog32323232323232
-------\Service_eventlog3232323232323232
-------\Service_eventlog323232323232323232
-------\Service_eventlog32323232323232323232
-------\Service_eventlog3232323232323232323232
-------\Service_EventSystem32
-------\Service_EventSystem3232
-------\Service_EventSystem323232
-------\Service_EventSystem32323232
-------\Service_EventSystem3232323232
-------\Service_EvtEng32
-------\Service_EvtEng3232
-------\Service_EvtEng323232
-------\Service_EvtEng32323232
-------\Service_EvtEng3232323232
-------\Service_Fax32
-------\Service_Fax3232
-------\Service_Fax323232
-------\Service_Fax32323232
-------\Service_Fax3232323232
-------\Service_Fax323232323232
-------\Service_Fax32323232323232
-------\Service_Fax3232323232323232
-------\Service_Fax323232323232323232
-------\Service_fdPHost32
-------\Service_fdPHost3232
-------\Service_fdPHost323232
-------\Service_fdPHost32323232
-------\Service_fdPHost3232323232
-------\Service_fdPHost323232323232
-------\Service_FDResPub32
-------\Service_FontCache3.0.0.032
-------\Service_FontCache3.0.0.03232
-------\Service_FontCache3.0.0.0323232
-------\Service_FontCache3.0.0.032323232
-------\Service_FontCache3.0.0.03232323232
-------\Service_FontCache3.0.0.0323232323232
-------\Service_FontCache3.0.0.032323232323232
-------\Service_FontCache3.0.0.03232323232323232
-------\Service_FontCache3.0.0.0323232323232323232
-------\Service_FontCache32
-------\Service_FontCache3232
-------\Service_FontCache323232
-------\Service_FontCache32323232
-------\Service_FontCache3232323232
-------\Service_FontCache323232323232
-------\Service_FontCache32323232323232
-------\Service_gpsvc32
-------\Service_gpsvc3232
-------\Service_gpsvc323232
-------\Service_gpsvc32323232
-------\Service_hidserv32
-------\Service_hidserv3232
-------\Service_hidserv323232
-------\Service_hidserv32323232
-------\Service_hkmsvc32
-------\Service_hkmsvc3232
-------\Service_hkmsvc323232
-------\Service_hkmsvc32323232
-------\Service_hkmsvc3232323232
-------\Service_hkmsvc323232323232
-------\Service_hkmsvc32323232323232
-------\Service_HomeGroupListener32
-------\Service_HomeGroupListener3232
-------\Service_HomeGroupListener323232
-------\Service_HomeGroupListener32323232
-------\Service_HomeGroupProvider32
-------\Service_HomeGroupProvider3232
-------\Service_HomeGroupProvider323232
-------\Service_HomeGroupProvider32323232
-------\Service_HomeGroupProvider3232323232
-------\Service_HomeGroupProvider323232323232
-------\Service_HomeGroupProvider32323232323232
-------\Service_IAStorDataMgrSvc32
-------\Service_IAStorDataMgrSvc3232
-------\Service_IAStorDataMgrSvc323232
-------\Service_IAStorDataMgrSvc32323232
-------\Service_IAStorDataMgrSvc3232323232
-------\Service_IAStorDataMgrSvc323232323232
-------\Service_IconMan_R32
-------\Service_IconMan_R3232
-------\Service_IconMan_R323232
-------\Service_IconMan_R32323232
-------\Service_IconMan_R3232323232
-------\Service_IconMan_R323232323232
-------\Service_idsvc32
-------\Service_idsvc3232
-------\Service_idsvc323232
-------\Service_idsvc32323232
-------\Service_idsvc3232323232
-------\Service_idsvc323232323232
-------\Service_IKEEXT32
-------\Service_IKEEXT3232
-------\Service_IKEEXT323232
-------\Service_IPBusEnum32
-------\Service_IPBusEnum3232
-------\Service_IPBusEnum323232
-------\Service_IPBusEnum32323232
-------\Service_IPBusEnum3232323232
-------\Service_IPBusEnum323232323232
-------\Service_iphlpsvc32
-------\Service_iphlpsvc3232
-------\Service_iphlpsvc323232
-------\Service_iphlpsvc32323232
-------\Service_iphlpsvc3232323232
-------\Service_IviRegMgr32
-------\Service_IviRegMgr3232
-------\Service_IviRegMgr323232
-------\Service_IviRegMgr32323232
-------\Service_IviRegMgr3232323232
-------\Service_IviRegMgr323232323232
-------\Service_IviRegMgr32323232323232
-------\Service_IviRegMgr3232323232323232
-------\Service_KeyIso32
-------\Service_KtmRm32
-------\Service_KtmRm3232
-------\Service_LanmanServer32
-------\Service_LanmanServer3232
-------\Service_LanmanServer323232
-------\Service_LanmanServer32323232
-------\Service_LanmanServer3232323232
-------\Service_LanmanServer323232323232
-------\Service_LanmanServer32323232323232
-------\Service_LanmanWorkstation3232
-------\Service_LanmanWorkstation323232
-------\Service_LanmanWorkstation32323232
-------\Service_LanmanWorkstation3232323232
-------\Service_LanmanWorkstation323232323232
-------\Service_LanmanWorkstation32323232323232
-------\Service_LanmanWorkstation3232323232323232
-------\Service_LanmanWorkstation323232323232323232
-------\Service_LanmanWorkstation32323232323232323232
-------\Service_LanmanWorkstation3232323232323232323232
-------\Service_LanmanWorkstation323232323232323232323232
-------\Service_LanmanWorkstation32323232323232323232323232
-------\Service_LanmanWorkstation3232323232323232323232323232
-------\Service_LanmanWorkstation323232323232323232323232323232
-------\Service_lltdsvc32
-------\Service_lltdsvc3232
-------\Service_lmhosts3232
-------\Service_lmhosts323232
-------\Service_lmhosts32323232
-------\Service_lmhosts3232323232
-------\Service_lmhosts323232323232
-------\Service_LMS32
-------\Service_Mcx2Svc32
-------\Service_Mcx2Svc3232
-------\Service_Mcx2Svc323232
-------\Service_Mcx2Svc32323232
-------\Service_Mcx2Svc3232323232
-------\Service_Mcx2Svc323232323232
-------\Service_MMCSS32
-------\Service_MMCSS3232
-------\Service_MMCSS323232
-------\Service_MMCSS32323232
-------\Service_MpsSvc32
-------\Service_MpsSvc3232
-------\Service_MpsSvc323232
-------\Service_MpsSvc32323232
-------\Service_MpsSvc3232323232
-------\Service_MpsSvc323232323232
-------\Service_MpsSvc32323232323232
-------\Service_MSDTC32
-------\Service_MSDTC3232
-------\Service_MSDTC323232
-------\Service_MSDTC32323232
-------\Service_MSDTC3232323232
-------\Service_MSDTC323232323232
-------\Service_MSDTC32323232323232
-------\Service_MSiSCSI32
-------\Service_MSiSCSI3232
-------\Service_MSiSCSI323232
-------\Service_MSiSCSI32323232
-------\Service_msiserver32
-------\Service_msiserver3232
-------\Service_msiserver323232
-------\Service_msiserver32323232
-------\Service_msiserver3232323232
-------\Service_msiserver323232323232
-------\Service_msiserver32323232323232
-------\Service_msiserver3232323232323232
-------\Service_msiserver323232323232323232
-------\Service_MyWiFiDHCPDNS32
-------\Service_MyWiFiDHCPDNS3232
-------\Service_MyWiFiDHCPDNS323232
-------\Service_MyWiFiDHCPDNS32323232
-------\Service_MyWiFiDHCPDNS3232323232
-------\Service_MyWiFiDHCPDNS323232323232
-------\Service_MyWiFiDHCPDNS32323232323232
-------\Service_napagent32
-------\Service_napagent3232
-------\Service_napagent323232
-------\Service_napagent32323232
-------\Service_Netlogon32
-------\Service_Netlogon3232
-------\Service_Netlogon323232
-------\Service_Netlogon32323232
-------\Service_Netlogon3232323232
-------\Service_Netlogon323232323232
-------\Service_Netlogon32323232323232
-------\Service_Netlogon3232323232323232
-------\Service_Netlogon323232323232323232
-------\Service_Netman3232
-------\Service_Netman323232
-------\Service_Netman32323232
-------\Service_NetMsmqActivator32
-------\Service_NetMsmqActivator3232
-------\Service_NetMsmqActivator323232
-------\Service_NetMsmqActivator32323232
-------\Service_NetMsmqActivator3232323232
-------\Service_NetMsmqActivator323232323232
-------\Service_NetPipeActivator32
-------\Service_NetPipeActivator3232
-------\Service_NetPipeActivator323232
-------\Service_NetPipeActivator32323232
-------\Service_NetPipeActivator3232323232
-------\Service_netprofm32
-------\Service_netprofm3232
-------\Service_netprofm323232
-------\Service_netprofm32323232
-------\Service_netprofm3232323232
-------\Service_netprofm323232323232
-------\Service_netprofm32323232323232
-------\Service_netprofm3232323232323232
-------\Service_NetTcpActivator32
-------\Service_NetTcpActivator3232
-------\Service_NetTcpActivator323232
-------\Service_NetTcpPortSharing32
-------\Service_NetTcpPortSharing3232
-------\Service_NetTcpPortSharing323232
-------\Service_NlaSvc32
-------\Service_NlaSvc3232
-------\Service_NlaSvc323232
-------\Service_NlaSvc32323232
-------\Service_NlaSvc3232323232
-------\Service_NlaSvc323232323232
-------\Service_NlaSvc32323232323232
-------\Service_NlaSvc3232323232323232
-------\Service_NlaSvc323232323232323232
-------\Service_nsi32
-------\Service_nsi3232
-------\Service_nsi323232
-------\Service_nsi32323232
-------\Service_nsi3232323232
-------\Service_nsi323232323232
-------\Service_nsi32323232323232
-------\Service_nsi3232323232323232
-------\Service_Oasis2Service32
-------\Service_Oasis2Service3232
-------\Service_Oasis2Service323232
-------\Service_Oasis2Service32323232
-------\Service_Oasis2Service3232323232
-------\Service_Oasis2Service323232323232
-------\Service_Oasis2Service32323232323232
-------\Service_ose32
-------\Service_ose3232
-------\Service_ose323232
-------\Service_ose32323232
-------\Service_ose3232323232
-------\Service_osppsvc32
-------\Service_osppsvc3232
-------\Service_osppsvc323232
-------\Service_osppsvc32323232
-------\Service_osppsvc3232323232
-------\Service_osppsvc323232323232
-------\Service_osppsvc32323232323232
-------\Service_osppsvc3232323232323232
-------\Service_p2pimsvc32
-------\Service_p2pimsvc3232
-------\Service_p2pimsvc323232
-------\Service_p2pimsvc32323232
-------\Service_p2pimsvc3232323232
-------\Service_p2pimsvc323232323232
-------\Service_p2pimsvc32323232323232
-------\Service_p2psvc32
-------\Service_p2psvc323232
-------\Service_p2psvc32323232
-------\Service_p2psvc3232323232
-------\Service_p2psvc323232323232
-------\Service_PcaSvc32
-------\Service_PcaSvc3232
-------\Service_PcaSvc323232
-------\Service_PcaSvc32323232
-------\Service_PerfHost32
-------\Service_PerfHost3232
-------\Service_PerfHost323232
-------\Service_PerfHost32323232
-------\Service_PerfHost3232323232
-------\Service_PerfHost323232323232
-------\Service_PerfHost32323232323232
-------\Service_PerfHost3232323232323232
-------\Service_PerfHost323232323232323232
-------\Service_PerfHost32323232323232323232
-------\Service_pla32
-------\Service_pla3232
-------\Service_pla323232
-------\Service_pla32323232
-------\Service_pla3232323232
-------\Service_PlugPlay32
-------\Service_PlugPlay3232
-------\Service_PlugPlay323232
-------\Service_PlugPlay32323232
-------\Service_PlugPlay3232323232
-------\Service_PlugPlay323232323232
-------\Service_PMBDeviceInfoProvider32
-------\Service_PMBDeviceInfoProvider3232
-------\Service_PMBDeviceInfoProvider323232
-------\Service_PMBDeviceInfoProvider32323232
-------\Service_PMBDeviceInfoProvider3232323232
-------\Service_PMBDeviceInfoProvider323232323232
-------\Service_PMBDeviceInfoProvider32323232323232
-------\Service_PMBDeviceInfoProvider3232323232323232
-------\Service_PMBDeviceInfoProvider323232323232323232
-------\Service_PNRPAutoReg32
-------\Service_PNRPAutoReg3232
-------\Service_PNRPAutoReg323232
-------\Service_PNRPAutoReg32323232
-------\Service_PNRPAutoReg3232323232
-------\Service_PNRPAutoReg323232323232
-------\Service_PNRPAutoReg32323232323232
-------\Service_PNRPsvc32
-------\Service_PNRPsvc3232
-------\Service_PNRPsvc323232
-------\Service_PolicyAgent3232
-------\Service_PolicyAgent323232
-------\Service_PolicyAgent32323232
-------\Service_Power32
-------\Service_Power3232
-------\Service_Power323232
-------\Service_Power32323232
-------\Service_Power3232323232
-------\Service_ProfSvc32
-------\Service_ProfSvc3232
-------\Service_ProfSvc323232
-------\Service_ProfSvc32323232
-------\Service_ProtectedStorage32
-------\Service_PSI_SVC_232
-------\Service_PSI_SVC_23232
-------\Service_PSI_SVC_2323232
-------\Service_QWAVE32
-------\Service_QWAVE3232
-------\Service_QWAVE323232
-------\Service_QWAVE32323232
-------\Service_QWAVE3232323232
-------\Service_QWAVE323232323232
-------\Service_QWAVE32323232323232
-------\Service_QWAVE3232323232323232
-------\Service_QWAVE323232323232323232
-------\Service_RasAuto32
-------\Service_RasAuto3232
-------\Service_RasAuto323232
-------\Service_RasAuto32323232
-------\Service_RasAuto3232323232
-------\Service_RasAuto323232323232
-------\Service_RasAuto32323232323232
-------\Service_RasMan32
-------\Service_RasMan3232
-------\Service_RegSrvc32
-------\Service_RegSrvc3232
-------\Service_RegSrvc323232
-------\Service_RegSrvc32323232
-------\Service_RegSrvc3232323232
-------\Service_RegSrvc323232323232
-------\Service_RegSrvc32323232323232
-------\Service_RegSrvc3232323232323232
-------\Service_RemoteAccess32
-------\Service_RemoteAccess3232
-------\Service_RemoteAccess323232
-------\Service_RemoteAccess32323232
-------\Service_RemoteAccess3232323232
-------\Service_RemoteAccess323232323232
-------\Service_RemoteAccess32323232323232
-------\Service_RemoteAccess3232323232323232
-------\Service_RemoteRegistry3232
-------\Service_RemoteRegistry323232
-------\Service_RemoteRegistry32323232
-------\Service_RemoteRegistry3232323232
-------\Service_RemoteRegistry323232323232
-------\Service_RemoteRegistry32323232323232
-------\Service_RemoteRegistry3232323232323232
-------\Service_RemoteRegistry323232323232323232
-------\Service_RemoteRegistry32323232323232323232
-------\Service_RemoteRegistry3232323232323232323232
-------\Service_RemoteRegistry323232323232323232323232
-------\Service_RpcEptMapper32
-------\Service_RpcEptMapper3232
-------\Service_RpcEptMapper323232
-------\Service_RpcEptMapper32323232
-------\Service_RpcLocator3232
-------\Service_RpcLocator323232
-------\Service_RpcLocator32323232
-------\Service_RpcSs3232
-------\Service_RpcSs323232
-------\Service_RpcSs32323232
-------\Service_RpcSs3232323232
-------\Service_RpcSs323232323232
-------\Service_SampleCollector
-------\Service_SampleCollector32
-------\Service_SampleCollector3232
-------\Service_SampleCollector323232
-------\Service_SampleCollector32323232
-------\Service_SampleCollector3232323232
-------\Service_SamSs32
-------\Service_SamSs3232
-------\Service_SamSs323232
-------\Service_SamSs32323232
-------\Service_SamSs3232323232
-------\Service_SCardSvr32
-------\Service_SCardSvr3232
-------\Service_SCardSvr323232
-------\Service_SCardSvr32323232
-------\Service_SCardSvr3232323232
-------\Service_SCardSvr323232323232
-------\Service_SCardSvr32323232323232
-------\Service_SCardSvr3232323232323232
-------\Service_SCardSvr323232323232323232
-------\Service_Schedule3232
-------\Service_Schedule323232
-------\Service_Schedule32323232
-------\Service_SCPolicySvc32
-------\Service_SCPolicySvc3232
-------\Service_SCPolicySvc323232
-------\Service_SCPolicySvc32323232
-------\Service_SDRSVC32
-------\Service_SDRSVC3232
-------\Service_SDRSVC323232
-------\Service_SDRSVC32323232
-------\Service_SDRSVC3232323232
-------\Service_SDRSVC323232323232
-------\Service_SDRSVC32323232323232
-------\Service_SDRSVC3232323232323232
-------\Service_SDRSVC323232323232323232
-------\Service_SDRSVC32323232323232323232
-------\Service_seclogon3232
-------\Service_seclogon323232
-------\Service_seclogon32323232
-------\Service_SENS32
-------\Service_SENS3232
-------\Service_SENS323232
-------\Service_SENS32323232
-------\Service_SENS3232323232
-------\Service_SensrSvc32
-------\Service_SensrSvc3232
-------\Service_SensrSvc323232
-------\Service_SensrSvc32323232
-------\Service_SensrSvc3232323232
-------\Service_SensrSvc323232323232
-------\Service_SessionEnv32
-------\Service_SessionEnv3232
-------\Service_SessionEnv323232
-------\Service_SessionEnv32323232
-------\Service_SessionEnv3232323232
-------\Service_SessionEnv323232323232
-------\Service_SessionEnv32323232323232
-------\Service_SessionEnv3232323232323232
-------\Service_SessionEnv323232323232323232
-------\Service_sftlist32
-------\Service_sftlist3232
-------\Service_sftlist323232
-------\Service_sftlist32323232
-------\Service_sftlist3232323232
-------\Service_sftvsa32
-------\Service_sftvsa3232
-------\Service_sftvsa323232
-------\Service_SharedAccess3232
-------\Service_SharedAccess323232
-------\Service_SharedAccess32323232
-------\Service_SharedAccess3232323232
-------\Service_ShellHWDetection32
-------\Service_ShellHWDetection3232
-------\Service_ShellHWDetection323232
-------\Service_ShellHWDetection32323232
-------\Service_ShellHWDetection3232323232
-------\Service_SNMPTRAP32
-------\Service_SNMPTRAP3232
-------\Service_SOHCImp32
-------\Service_SOHCImp3232
-------\Service_SOHCImp323232
-------\Service_SOHCImp32323232
-------\Service_SOHCImp3232323232
-------\Service_SOHCImp323232323232
-------\Service_SOHCImp32323232323232
-------\Service_SOHCImp3232323232323232
-------\Service_SOHCImp323232323232323232
-------\Service_SOHCImp32323232323232323232
-------\Service_SOHCImp3232323232323232323232
-------\Service_SOHDs32
-------\Service_SOHDs3232
-------\Service_SOHDs323232
-------\Service_SpfService32
-------\Service_SpfService3232
-------\Service_SpfService323232
-------\Service_Spooler32
-------\Service_sppsvc32
-------\Service_sppsvc3232
-------\Service_sppsvc323232
-------\Service_sppsvc32323232
-------\Service_sppsvc3232323232
-------\Service_sppsvc323232323232
-------\Service_sppuinotify32
-------\Service_sppuinotify3232
-------\Service_sppuinotify323232
-------\Service_sppuinotify32323232
-------\Service_sppuinotify3232323232
-------\Service_SSDPSRV3232
-------\Service_SSDPSRV323232
-------\Service_SSDPSRV32323232
-------\Service_SSDPSRV3232323232
-------\Service_SSDPSRV323232323232
-------\Service_SSDPSRV32323232323232
-------\Service_SSDPSRV3232323232323232
-------\Service_SSDPSRV323232323232323232
-------\Service_SSDPSRV32323232323232323232
-------\Service_SstpSvc32
-------\Service_SstpSvc3232
-------\Service_SstpSvc323232
-------\Service_SstpSvc32323232
-------\Service_SstpSvc3232323232
-------\Service_SstpSvc323232323232
-------\Service_SstpSvc32323232323232
-------\Service_stisvc3232
-------\Service_stisvc323232
-------\Service_stisvc32323232
-------\Service_swprv32
-------\Service_swprv3232
-------\Service_swprv323232
-------\Service_swprv32323232
-------\Service_swprv3232323232
-------\Service_swprv323232323232
-------\Service_SysMain32
-------\Service_SysMain3232
-------\Service_SysMain323232
-------\Service_SysMain32323232
-------\Service_SysMain3232323232
-------\Service_SysMain323232323232
-------\Service_SysMain32323232323232
-------\Service_SysMain3232323232323232
-------\Service_SysMain323232323232323232
-------\Service_TabletInputService32
-------\Service_TabletInputService3232
-------\Service_TabletInputService323232
-------\Service_TabletInputService32323232
-------\Service_TapiSrv32
-------\Service_TBS32
-------\Service_TBS3232
-------\Service_TBS323232
-------\Service_TBS32323232
-------\Service_TBS3232323232
-------\Service_TermService3232
-------\Service_TermService323232
-------\Service_Themes32
-------\Service_Themes3232
-------\Service_Themes323232
-------\Service_Themes32323232
-------\Service_THREADORDER32
-------\Service_THREADORDER3232
-------\Service_THREADORDER323232
-------\Service_THREADORDER32323232
-------\Service_THREADORDER3232323232
-------\Service_THREADORDER323232323232
-------\Service_THREADORDER32323232323232
-------\Service_THREADORDER3232323232323232
-------\Service_THREADORDER323232323232323232
-------\Service_TrkWks32
-------\Service_TrkWks3232
-------\Service_TrkWks323232
-------\Service_TrustedInstaller32
-------\Service_TrustedInstaller3232
-------\Service_TrustedInstaller323232
-------\Service_TrustedInstaller32323232
-------\Service_TrustedInstaller3232323232
-------\Service_TrustedInstaller323232323232
-------\Service_TrustedInstaller32323232323232
-------\Service_TrustedInstaller3232323232323232
-------\Service_TrustedInstaller323232323232323232
-------\Service_UI0Detect32
-------\Service_UI0Detect3232
-------\Service_UNS32
-------\Service_UNS3232
-------\Service_UNS323232
-------\Service_UNS32323232
-------\Service_UNS3232323232
-------\Service_UNS323232323232
-------\Service_UNS32323232323232
-------\Service_UNS3232323232323232
-------\Service_upnphost32
-------\Service_upnphost3232
-------\Service_upnphost323232
-------\Service_upnphost32323232
-------\Service_upnphost3232323232
-------\Service_UxSms32
-------\Service_UxSms3232
-------\Service_UxSms323232
-------\Service_VAIO Event Service32
-------\Service_VAIO Event Service3232
-------\Service_VAIO Event Service323232
-------\Service_VAIO Event Service32323232
-------\Service_VAIO Event Service3232323232
-------\Service_VAIO Event Service323232323232
-------\Service_VaultSvc32
-------\Service_VaultSvc3232
-------\Service_VaultSvc323232
-------\Service_VCFw32
-------\Service_VCFw3232
-------\Service_VcmIAlzMgr32
-------\Service_VcmIAlzMgr3232
-------\Service_VcmIAlzMgr323232
-------\Service_VcmIAlzMgr32323232
-------\Service_VcmINSMgr32
-------\Service_VcmINSMgr3232
-------\Service_VcmINSMgr323232
-------\Service_VcmINSMgr32323232
-------\Service_VcmINSMgr3232323232
-------\Service_VcmXmlIfHelper32
-------\Service_VcmXmlIfHelper3232
-------\Service_VcmXmlIfHelper323232
-------\Service_VcmXmlIfHelper32323232
-------\Service_VcmXmlIfHelper3232323232
-------\Service_VcmXmlIfHelper323232323232
-------\Service_VcmXmlIfHelper32323232323232
-------\Service_VCService32
-------\Service_VCService3232
-------\Service_VCService323232
-------\Service_VCService32323232
-------\Service_vds32
-------\Service_vds3232
-------\Service_vds323232
-------\Service_vds32323232
-------\Service_vds3232323232
-------\Service_vds323232323232
-------\Service_vds32323232323232
-------\Service_vds3232323232323232
-------\Service_VSNService32
-------\Service_VSNService3232
-------\Service_VSNService323232
-------\Service_VSNService32323232
-------\Service_VSNService3232323232
-------\Service_VSNService323232323232
-------\Service_VSNService32323232323232
-------\Service_VSNService3232323232323232
-------\Service_VSS32
-------\Service_VSS3232
-------\Service_VSS323232
-------\Service_VSS32323232
-------\Service_VSS3232323232
-------\Service_VSS323232323232
-------\Service_VSS32323232323232
-------\Service_VUAgent32
-------\Service_VUAgent3232
-------\Service_VUAgent323232
-------\Service_VUAgent32323232
-------\Service_VUAgent3232323232
-------\Service_VUAgent323232323232
-------\Service_VUAgent32323232323232
-------\Service_W32Time3232
-------\Service_W32Time323232
-------\Service_W32Time32323232
-------\Service_W32Time3232323232
-------\Service_W32Time323232323232
-------\Service_W32Time32323232323232
-------\Service_W32Time3232323232323232
-------\Service_WatAdminSvc32
-------\Service_WatAdminSvc3232
-------\Service_WatAdminSvc323232
-------\Service_WatAdminSvc32323232
-------\Service_WatAdminSvc3232323232
-------\Service_wbengine32
-------\Service_wbengine3232
-------\Service_wbengine323232
-------\Service_WbioSrvc32
-------\Service_WbioSrvc3232
-------\Service_WbioSrvc323232
-------\Service_WbioSrvc32323232
-------\Service_WbioSrvc3232323232
-------\Service_WbioSrvc323232323232
-------\Service_WbioSrvc32323232323232
-------\Service_wcncsvc32
-------\Service_wcncsvc3232
-------\Service_wcncsvc323232
-------\Service_WcsPlugInService32
-------\Service_WcsPlugInService3232
-------\Service_WdiServiceHost32
-------\Service_WdiServiceHost3232
-------\Service_WdiServiceHost323232
-------\Service_WdiServiceHost32323232
-------\Service_WdiServiceHost3232323232
-------\Service_WdiSystemHost32
-------\Service_WdiSystemHost3232
-------\Service_WdiSystemHost323232
-------\Service_WdiSystemHost32323232
-------\Service_WebClient32
-------\Service_WebClient3232
-------\Service_WebClient323232
-------\Service_WebrootSpySweeperService32
-------\Service_WebrootSpySweeperService3232
-------\Service_WebrootSpySweeperService323232
-------\Service_WebrootSpySweeperService32323232
-------\Service_WebrootSpySweeperService3232323232
-------\Service_WebrootSpySweeperService323232323232
-------\Service_WebrootSpySweeperService32323232323232
-------\Service_WebrootSpySweeperService3232323232323232
-------\Service_WebrootSpySweeperService323232323232323232
-------\Service_Wecsvc32
-------\Service_Wecsvc3232
-------\Service_Wecsvc323232
-------\Service_Wecsvc32323232
-------\Service_Wecsvc3232323232
-------\Service_Wecsvc323232323232
-------\Service_Wecsvc32323232323232
-------\Service_Wecsvc3232323232323232
-------\Service_Wecsvc323232323232323232
-------\Service_wercplsupport32
-------\Service_wercplsupport3232
-------\Service_wercplsupport323232
-------\Service_wercplsupport32323232
-------\Service_wercplsupport3232323232
-------\Service_WerSvc32
-------\Service_WerSvc3232
-------\Service_WerSvc323232
-------\Service_WerSvc32323232
-------\Service_WiMAXAppSrv32
-------\Service_WiMAXAppSrv3232
-------\Service_WiMAXAppSrv323232
-------\Service_WiMAXAppSrv32323232
-------\Service_WiMAXAppSrv3232323232
-------\Service_WiMAXAppSrv323232323232
-------\Service_WiMAXAppSrv32323232323232
-------\Service_WiMAXAppSrv3232323232323232
-------\Service_WinDefend32
-------\Service_WinHttpAutoProxySvc32
-------\Service_WinHttpAutoProxySvc3232
-------\Service_WinHttpAutoProxySvc323232
-------\Service_WinHttpAutoProxySvc32323232
-------\Service_WinHttpAutoProxySvc3232323232
-------\Service_Winmgmt32
-------\Service_Winmgmt3232
-------\Service_Winmgmt323232
-------\Service_Winmgmt32323232
-------\Service_WinRM32
-------\Service_WinRM3232
-------\Service_WinRM323232
-------\Service_WinRM32323232
-------\Service_WinRM3232323232
-------\Service_Wlansvc32
-------\Service_wlcrasvc32
-------\Service_wlcrasvc3232
-------\Service_wlcrasvc323232
-------\Service_wlidsvc32
-------\Service_wlidsvc3232
-------\Service_wlidsvc323232
-------\Service_wlidsvc32323232
-------\Service_wlidsvc3232323232
-------\Service_wmiApSrv3232
-------\Service_wmiApSrv323232
-------\Service_wmiApSrv32323232
-------\Service_wmiApSrv3232323232
-------\Service_wmiApSrv323232323232
-------\Service_wmiApSrv32323232323232
-------\Service_WMPNetworkSvc32
-------\Service_WMPNetworkSvc3232
-------\Service_WPCSvc32
-------\Service_WPCSvc3232
-------\Service_WPCSvc323232
-------\Service_WPCSvc32323232
-------\Service_WPCSvc3232323232
-------\Service_WPCSvc323232323232
-------\Service_WPDBusEnum32
-------\Service_WPDBusEnum3232
-------\Service_WPDBusEnum323232
-------\Service_WRConsumerService32
-------\Service_WRConsumerService3232
-------\Service_WRConsumerService323232
-------\Service_WRConsumerService32323232
-------\Service_WRConsumerService3232323232
-------\Service_wscsvc32
-------\Service_wscsvc3232
-------\Service_wscsvc323232
-------\Service_wscsvc32323232
-------\Service_wscsvc3232323232
-------\Service_wscsvc323232323232
-------\Service_WSearch32
-------\Service_WSearch3232
-------\Service_wuauserv3232
-------\Service_wuauserv323232
-------\Service_wuauserv32323232
-------\Service_wuauserv3232323232
-------\Service_wuauserv323232323232
-------\Service_wudfsvc32
-------\Service_wudfsvc3232
-------\Service_wudfsvc323232
-------\Service_wudfsvc32323232
-------\Service_wudfsvc3232323232
-------\Service_wudfsvc323232323232
-------\Service_wudfsvc32323232323232
-------\Service_wudfsvc3232323232323232
-------\Service_WwanSvc32
-------\Service_WwanSvc3232
-------\Service_WwanSvc323232
-------\Service_WwanSvc3232323232
-------\Service_WwanSvc323232323232
.
.
((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-29 )))))))))))))))))))))))))))))))
.
.
2013-05-29 11:37 . 2013-05-29 11:37 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-05-29 11:37 . 2013-05-29 11:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-28 11:06 . 2013-05-28 11:06 -------- d-----w- C:\_OTL
2013-05-25 14:16 . 2013-05-25 14:16 -------- d-----w- c:\windows\ERUNT
2013-05-25 14:16 . 2013-05-25 14:16 -------- d-----w- C:\JRT
2013-05-25 02:03 . 2013-05-25 02:03 -------- d-----w- C:\_OTM
2013-05-25 01:21 . 2013-05-25 01:21 -------- d-----w- C:\TDSSKiller_Quarantine
2013-05-23 22:37 . 2013-05-23 22:37 212992 --sha-r- c:\windows\SysWow64\pt-PTD.dll
2013-05-21 21:47 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{91BD79FF-BDD7-4F62-87D9-2FD1C996361A}\mpengine.dll
2013-05-14 20:36 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 21:19 . 2012-07-17 19:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-15 00:23 . 2012-06-18 22:24 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 00:23 . 2011-07-12 11:40 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 06:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-14 20:36 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-14 20:36 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-14 20:36 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-14 20:36 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-14 20:36 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-14 20:36 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 20:52 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-04 18:50 . 2011-07-22 21:34 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 20:30 . 2013-04-02 20:30 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-02 20:30 . 2013-04-02 20:30 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-02 20:30 . 2013-04-02 20:30 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-02 20:30 . 2013-04-02 20:30 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-02 20:30 . 2013-04-02 20:30 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-02 20:30 . 2013-04-02 20:30 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-02 20:30 . 2013-04-02 20:30 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-02 20:30 . 2013-04-02 20:30 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-02 20:30 . 2013-04-02 20:30 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-02 20:30 . 2013-04-02 20:30 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-02 20:30 . 2013-04-02 20:30 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-02 20:30 . 2013-04-02 20:30 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-02 20:30 . 2013-04-02 20:30 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-02 20:30 . 2013-04-02 20:30 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-02 20:30 . 2013-04-02 20:30 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-02 20:30 . 2013-04-02 20:30 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-02 20:30 . 2013-04-02 20:30 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-02 20:30 . 2013-04-02 20:30 441856 ----a-w- c:\windows\system32\html.iec
2013-04-02 20:30 . 2013-04-02 20:30 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-02 20:30 . 2013-04-02 20:30 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-02 20:30 . 2013-04-02 20:30 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-02 20:30 . 2013-04-02 20:30 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-02 20:30 . 2013-04-02 20:30 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-02 20:30 . 2013-04-02 20:30 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-02 20:30 . 2013-04-02 20:30 235008 ----a-w- c:\windows\system32\url.dll
2013-04-02 20:30 . 2013-04-02 20:30 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-02 20:30 . 2013-04-02 20:30 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-02 20:30 . 2013-04-02 20:30 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-02 20:30 . 2013-04-02 20:30 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-02 20:30 . 2013-04-02 20:30 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-02 20:30 . 2013-04-02 20:30 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-02 20:30 . 2013-04-02 20:30 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-02 20:30 . 2013-04-02 20:30 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-02 20:30 . 2013-04-02 20:30 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-02 20:30 . 2013-04-02 20:30 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-02 20:30 . 2013-04-02 20:30 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-02 20:30 . 2013-04-02 20:30 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-02 20:30 . 2013-04-02 20:30 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-02 20:30 . 2013-04-02 20:30 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-02 20:30 . 2013-04-02 20:30 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-02 20:30 . 2013-04-02 20:30 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-02 20:30 . 2013-04-02 20:30 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-02 20:30 . 2013-04-02 20:30 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-02 20:30 . 2013-04-02 20:30 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-02 20:30 . 2013-04-02 20:30 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-02 20:30 . 2013-04-02 20:30 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-02 20:30 . 2013-04-02 20:30 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-02 20:30 . 2013-04-02 20:30 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-02 20:30 . 2013-04-02 20:30 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-19 06:04 . 2013-04-11 01:30 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-11 01:30 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-11 01:30 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-11 01:30 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-11 01:30 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-11 01:30 112640 ----a-w- c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-16 22:39 220632 ----a-w- c:\users\___\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-16 22:39 220632 ----a-w- c:\users\___\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-16 22:39 220632 ----a-w- c:\users\___\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"DigiDo"="c:\program files (x86)\Optimum\DigiDo\TrayApp.exe" [2011-10-17 1154416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
2;2 UNS;Intel® Management and Security Application User Notification Service [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-02-19 546608]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2011-03-30 1021112]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-02 1255736]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-02-28 852160]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-02-17 75264]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-02-17 174080]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-02-17 81920]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-02-11 76912]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-03-28 333928]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-04-26 12032]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 00:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-16 22:39 244696 ----a-w- c:\users\___\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-16 22:39 244696 ----a-w- c:\users\___\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-16 22:39 244696 ----a-w- c:\users\___\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-03-09 518784]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCUDelayStartup.exe" [2011-03-02 718336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 167744]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 392512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 417088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{5EECAD8D-E2C3-4F9C-91E3-7490C63E1274}: NameServer = 0.0.0.0
FF - ProfilePath - c:\users\___\AppData\Roaming\Mozilla\Firefox\Profiles\sbdqlarq.default-1369538825987\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-TimeServer - c:\users\___\AppData\Roaming\SoftGrid Client\WIN7574.exe
SafeBoot-41503383.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-947907804-1673121893-2589414172-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-947907804-1673121893-2589414172-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Optimum\DigiDo\AffinegyService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
c:\program files (x86)\DDNi\Oasis\VAIO Messenger.exe
.
**************************************************************************
.
Completion time: 2013-05-29 07:41:33 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-29 11:41
ComboFix2.txt 2013-05-25 19:12
ComboFix3.txt 2013-05-25 00:53
ComboFix4.txt 2013-05-24 11:43
ComboFix5.txt 2013-05-29 11:30
.
Pre-Run: 579,446,833,152 bytes free
Post-Run: 579,365,359,616 bytes free
.
- - End Of File - - D3134F89BDD55588DAA648444C0F8FFE
Hi Gringo, I ran the fix but haven't had much chance to observe if it is still redirecting. I'll check the computer out some more after work this evening and let you know. Thanks.
#20
Posted 29 May 2013 - 06:11 AM
ComboFix 13-05-29.01 - ___ 05/29/2013 7:31.14.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2360 [GMT -4:00]
Running from: c:\users\___\Desktop\ComboFix.exe
Command switches used :: c:\users\___\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MICHEL~1\AppData\Local\Temp\AFF1.tmp\F_IN_BOX.dll
c:\users\___\111djtkudzw4b.exe
c:\users\___\AppData\Local\Temp\AFF1.tmp\F_IN_BOX.dll
c:\users\___\AppData\Roaming\SoftGrid Client\WIN7574.exe
c:\users\___\bgbobip46w2g8.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ACDaemon32
-------\Service_ACDaemon3232
-------\Service_ACDaemon323232
-------\Service_ACDaemon32323232
-------\Service_AeLookupSvc32
-------\Service_AeLookupSvc3232
-------\Service_AeLookupSvc323232
-------\Service_AeLookupSvc32323232
-------\Service_ALG3232
-------\Service_ALG323232
-------\Service_AppIDSvc32
-------\Service_AppIDSvc3232
-------\Service_AppIDSvc323232
-------\Service_Appinfo32
-------\Service_Appinfo3232
-------\Service_aspnet_state3232
-------\Service_aspnet_state323232
-------\Service_aspnet_state32323232
-------\Service_aspnet_state3232323232
-------\Service_aspnet_state323232323232
-------\Service_aspnet_state32323232323232
-------\Service_AudioEndpointBuilder32
-------\Service_AudioEndpointBuilder3232
-------\Service_AudioEndpointBuilder323232
-------\Service_AudioEndpointBuilder32323232
-------\Service_AudioEndpointBuilder3232323232
-------\Service_AudioEndpointBuilder323232323232
-------\Service_AudioEndpointBuilder32323232323232
-------\Service_AudioEndpointBuilder3232323232323232
-------\Service_AudioEndpointBuilder323232323232323232
-------\Service_AudioSrv32
-------\Service_AudioSrv3232
-------\Service_AudioSrv323232
-------\Service_AxInstSV32
-------\Service_AxInstSV3232
-------\Service_AxInstSV323232
-------\Service_BDESVC32
-------\Service_BDESVC3232
-------\Service_BDESVC323232
-------\Service_BDESVC32323232
-------\Service_BDESVC3232323232
-------\Service_BDESVC323232323232
-------\Service_BDESVC32323232323232
-------\Service_BFE32
-------\Service_BFE3232
-------\Service_BITS3232
-------\Service_BITS323232
-------\Service_BITS32323232
-------\Service_BITS3232323232
-------\Service_BITS323232323232
-------\Service_BITS32323232323232
-------\Service_Browser32
-------\Service_Browser3232
-------\Service_Browser323232
-------\Service_Browser32323232
-------\Service_Browser3232323232
-------\Service_Browser323232323232
-------\Service_Browser32323232323232
-------\Service_Browser3232323232323232
-------\Service_Browser323232323232323232
-------\Service_Browser32323232323232323232
-------\Service_bthserv32
-------\Service_bthserv3232
-------\Service_bthserv323232
-------\Service_bthserv32323232
-------\Service_CertPropSvc32
-------\Service_CertPropSvc3232
-------\Service_CertPropSvc323232
-------\Service_clr_optimization_v2.0.50727_323232
-------\Service_clr_optimization_v2.0.50727_32323232
-------\Service_clr_optimization_v2.0.50727_3232323232
-------\Service_clr_optimization_v2.0.50727_323232323232
-------\Service_clr_optimization_v2.0.50727_32323232323232
-------\Service_clr_optimization_v2.0.50727_6432
-------\Service_clr_optimization_v2.0.50727_643232
-------\Service_clr_optimization_v2.0.50727_64323232
-------\Service_clr_optimization_v2.0.50727_6432323232
-------\Service_clr_optimization_v2.0.50727_643232323232
-------\Service_clr_optimization_v2.0.50727_64323232323232
-------\Service_clr_optimization_v4.0.30319_3232
-------\Service_clr_optimization_v4.0.30319_323232
-------\Service_clr_optimization_v4.0.30319_32323232
-------\Service_clr_optimization_v4.0.30319_3232323232
-------\Service_clr_optimization_v4.0.30319_323232323232
-------\Service_clr_optimization_v4.0.30319_32323232323232
-------\Service_clr_optimization_v4.0.30319_3232323232323232
-------\Service_clr_optimization_v4.0.30319_6432
-------\Service_clr_optimization_v4.0.30319_643232
-------\Service_clr_optimization_v4.0.30319_64323232
-------\Service_clr_optimization_v4.0.30319_6432323232
-------\Service_clr_optimization_v4.0.30319_643232323232
-------\Service_clr_optimization_v4.0.30319_64323232323232
-------\Service_clr_optimization_v4.0.30319_6432323232323232
-------\Service_clr_optimization_v4.0.30319_643232323232323232
-------\Service_clr_optimization_v4.0.30319_64323232323232323232
-------\Service_COMSysApp3232
-------\Service_COMSysApp323232
-------\Service_COMSysApp32323232
-------\Service_COMSysApp3232323232
-------\Service_COMSysApp323232323232
-------\Service_CryptSvc32
-------\Service_CryptSvc3232
-------\Service_CryptSvc323232
-------\Service_CryptSvc32323232
-------\Service_CryptSvc3232323232
-------\Service_CryptSvc323232323232
-------\Service_CryptSvc32323232323232
-------\Service_cvhsvc32
-------\Service_cvhsvc3232
-------\Service_cvhsvc323232
-------\Service_cvhsvc32323232
-------\Service_cvhsvc3232323232
-------\Service_cvhsvc323232323232
-------\Service_cvhsvc32323232323232
-------\Service_DcomLaunch32
-------\Service_DcomLaunch3232
-------\Service_DcomLaunch323232
-------\Service_DcomLaunch32323232
-------\Service_DcomLaunch3232323232
-------\Service_DcomLaunch323232323232
-------\Service_DcomLaunch32323232323232
-------\Service_defragsvc32
-------\Service_defragsvc3232
-------\Service_defragsvc323232
-------\Service_defragsvc32323232
-------\Service_Dhcp3232
-------\Service_Dhcp323232
-------\Service_Dhcp32323232
-------\Service_DMAgent32
-------\Service_DMAgent3232
-------\Service_DMAgent323232
-------\Service_DMAgent32323232
-------\Service_Dnscache3232
-------\Service_Dnscache323232
-------\Service_DPS32
-------\Service_EapHost32
-------\Service_EapHost3232
-------\Service_EapHost323232
-------\Service_EapHost32323232
-------\Service_EapHost3232323232
-------\Service_EapHost323232323232
-------\Service_EapHost32323232323232
-------\Service_EFS32
-------\Service_EFS3232
-------\Service_EFS323232
-------\Service_EFS32323232
-------\Service_EFS3232323232
-------\Service_ehRecvr32
-------\Service_ehRecvr3232
-------\Service_ehRecvr323232
-------\Service_ehRecvr32323232
-------\Service_ehSched32
-------\Service_ehSched3232
-------\Service_ehSched323232
-------\Service_ehSched32323232
-------\Service_eventlog32
-------\Service_eventlog3232
-------\Service_eventlog323232
-------\Service_eventlog3232323232
-------\Service_eventlog323232323232
-------\Service_eventlog32323232323232
-------\Service_eventlog3232323232323232
-------\Service_eventlog323232323232323232
-------\Service_eventlog32323232323232323232
-------\Service_eventlog3232323232323232323232
-------\Service_EventSystem32
-------\Service_EventSystem3232
-------\Service_EventSystem323232
-------\Service_EventSystem32323232
-------\Service_EventSystem3232323232
-------\Service_EvtEng32
-------\Service_EvtEng3232
-------\Service_EvtEng323232
-------\Service_EvtEng32323232
-------\Service_EvtEng3232323232
-------\Service_Fax32
-------\Service_Fax3232
-------\Service_Fax323232
-------\Service_Fax32323232
-------\Service_Fax3232323232
-------\Service_Fax323232323232
-------\Service_Fax32323232323232
-------\Service_Fax3232323232323232
-------\Service_Fax323232323232323232
-------\Service_fdPHost32
-------\Service_fdPHost3232
-------\Service_fdPHost323232
-------\Service_fdPHost32323232
-------\Service_fdPHost3232323232
-------\Service_fdPHost323232323232
-------\Service_FDResPub32
-------\Service_FontCache3.0.0.032
-------\Service_FontCache3.0.0.03232
-------\Service_FontCache3.0.0.0323232
-------\Service_FontCache3.0.0.032323232
-------\Service_FontCache3.0.0.03232323232
-------\Service_FontCache3.0.0.0323232323232
-------\Service_FontCache3.0.0.032323232323232
-------\Service_FontCache3.0.0.03232323232323232
-------\Service_FontCache3.0.0.0323232323232323232
-------\Service_FontCache32
-------\Service_FontCache3232
-------\Service_FontCache323232
-------\Service_FontCache32323232
-------\Service_FontCache3232323232
-------\Service_FontCache323232323232
-------\Service_FontCache32323232323232
-------\Service_gpsvc32
-------\Service_gpsvc3232
-------\Service_gpsvc323232
-------\Service_gpsvc32323232
-------\Service_hidserv32
-------\Service_hidserv3232
-------\Service_hidserv323232
-------\Service_hidserv32323232
-------\Service_hkmsvc32
-------\Service_hkmsvc3232
-------\Service_hkmsvc323232
-------\Service_hkmsvc32323232
-------\Service_hkmsvc3232323232
-------\Service_hkmsvc323232323232
-------\Service_hkmsvc32323232323232
-------\Service_HomeGroupListener32
-------\Service_HomeGroupListener3232
-------\Service_HomeGroupListener323232
-------\Service_HomeGroupListener32323232
-------\Service_HomeGroupProvider32
-------\Service_HomeGroupProvider3232
-------\Service_HomeGroupProvider323232
-------\Service_HomeGroupProvider32323232
-------\Service_HomeGroupProvider3232323232
-------\Service_HomeGroupProvider323232323232
-------\Service_HomeGroupProvider32323232323232
-------\Service_IAStorDataMgrSvc32
-------\Service_IAStorDataMgrSvc3232
-------\Service_IAStorDataMgrSvc323232
-------\Service_IAStorDataMgrSvc32323232
-------\Service_IAStorDataMgrSvc3232323232
-------\Service_IAStorDataMgrSvc323232323232
-------\Service_IconMan_R32
-------\Service_IconMan_R3232
-------\Service_IconMan_R323232
-------\Service_IconMan_R32323232
-------\Service_IconMan_R3232323232
-------\Service_IconMan_R323232323232
-------\Service_idsvc32
-------\Service_idsvc3232
-------\Service_idsvc323232
-------\Service_idsvc32323232
-------\Service_idsvc3232323232
-------\Service_idsvc323232323232
-------\Service_IKEEXT32
-------\Service_IKEEXT3232
-------\Service_IKEEXT323232
-------\Service_IPBusEnum32
-------\Service_IPBusEnum3232
-------\Service_IPBusEnum323232
-------\Service_IPBusEnum32323232
-------\Service_IPBusEnum3232323232
-------\Service_IPBusEnum323232323232
-------\Service_iphlpsvc32
-------\Service_iphlpsvc3232
-------\Service_iphlpsvc323232
-------\Service_iphlpsvc32323232
-------\Service_iphlpsvc3232323232
-------\Service_IviRegMgr32
-------\Service_IviRegMgr3232
-------\Service_IviRegMgr323232
-------\Service_IviRegMgr32323232
-------\Service_IviRegMgr3232323232
-------\Service_IviRegMgr323232323232
-------\Service_IviRegMgr32323232323232
-------\Service_IviRegMgr3232323232323232
-------\Service_KeyIso32
-------\Service_KtmRm32
-------\Service_KtmRm3232
-------\Service_LanmanServer32
-------\Service_LanmanServer3232
-------\Service_LanmanServer323232
-------\Service_LanmanServer32323232
-------\Service_LanmanServer3232323232
-------\Service_LanmanServer323232323232
-------\Service_LanmanServer32323232323232
-------\Service_LanmanWorkstation3232
-------\Service_LanmanWorkstation323232
-------\Service_LanmanWorkstation32323232
-------\Service_LanmanWorkstation3232323232
-------\Service_LanmanWorkstation323232323232
-------\Service_LanmanWorkstation32323232323232
-------\Service_LanmanWorkstation3232323232323232
-------\Service_LanmanWorkstation323232323232323232
-------\Service_LanmanWorkstation32323232323232323232
-------\Service_LanmanWorkstation3232323232323232323232
-------\Service_LanmanWorkstation323232323232323232323232
-------\Service_LanmanWorkstation32323232323232323232323232
-------\Service_LanmanWorkstation3232323232323232323232323232
-------\Service_LanmanWorkstation323232323232323232323232323232
-------\Service_lltdsvc32
-------\Service_lltdsvc3232
-------\Service_lmhosts3232
-------\Service_lmhosts323232
-------\Service_lmhosts32323232
-------\Service_lmhosts3232323232
-------\Service_lmhosts323232323232
-------\Service_LMS32
-------\Service_Mcx2Svc32
-------\Service_Mcx2Svc3232
-------\Service_Mcx2Svc323232
-------\Service_Mcx2Svc32323232
-------\Service_Mcx2Svc3232323232
-------\Service_Mcx2Svc323232323232
-------\Service_MMCSS32
-------\Service_MMCSS3232
-------\Service_MMCSS323232
-------\Service_MMCSS32323232
-------\Service_MpsSvc32
-------\Service_MpsSvc3232
-------\Service_MpsSvc323232
-------\Service_MpsSvc32323232
-------\Service_MpsSvc3232323232
-------\Service_MpsSvc323232323232
-------\Service_MpsSvc32323232323232
-------\Service_MSDTC32
-------\Service_MSDTC3232
-------\Service_MSDTC323232
-------\Service_MSDTC32323232
-------\Service_MSDTC3232323232
-------\Service_MSDTC323232323232
-------\Service_MSDTC32323232323232
-------\Service_MSiSCSI32
-------\Service_MSiSCSI3232
-------\Service_MSiSCSI323232
-------\Service_MSiSCSI32323232
-------\Service_msiserver32
-------\Service_msiserver3232
-------\Service_msiserver323232
-------\Service_msiserver32323232
-------\Service_msiserver3232323232
-------\Service_msiserver323232323232
-------\Service_msiserver32323232323232
-------\Service_msiserver3232323232323232
-------\Service_msiserver323232323232323232
-------\Service_MyWiFiDHCPDNS32
-------\Service_MyWiFiDHCPDNS3232
-------\Service_MyWiFiDHCPDNS323232
-------\Service_MyWiFiDHCPDNS32323232
-------\Service_MyWiFiDHCPDNS3232323232
-------\Service_MyWiFiDHCPDNS323232323232
-------\Service_MyWiFiDHCPDNS32323232323232
-------\Service_napagent32
-------\Service_napagent3232
-------\Service_napagent323232
-------\Service_napagent32323232
-------\Service_Netlogon32
-------\Service_Netlogon3232
-------\Service_Netlogon323232
-------\Service_Netlogon32323232
-------\Service_Netlogon3232323232
-------\Service_Netlogon323232323232
-------\Service_Netlogon32323232323232
-------\Service_Netlogon3232323232323232
-------\Service_Netlogon323232323232323232
-------\Service_Netman3232
-------\Service_Netman323232
-------\Service_Netman32323232
-------\Service_NetMsmqActivator32
-------\Service_NetMsmqActivator3232
-------\Service_NetMsmqActivator323232
-------\Service_NetMsmqActivator32323232
-------\Service_NetMsmqActivator3232323232
-------\Service_NetMsmqActivator323232323232
-------\Service_NetPipeActivator32
-------\Service_NetPipeActivator3232
-------\Service_NetPipeActivator323232
-------\Service_NetPipeActivator32323232
-------\Service_NetPipeActivator3232323232
-------\Service_netprofm32
-------\Service_netprofm3232
-------\Service_netprofm323232
-------\Service_netprofm32323232
-------\Service_netprofm3232323232
-------\Service_netprofm323232323232
-------\Service_netprofm32323232323232
-------\Service_netprofm3232323232323232
-------\Service_NetTcpActivator32
-------\Service_NetTcpActivator3232
-------\Service_NetTcpActivator323232
-------\Service_NetTcpPortSharing32
-------\Service_NetTcpPortSharing3232
-------\Service_NetTcpPortSharing323232
-------\Service_NlaSvc32
-------\Service_NlaSvc3232
-------\Service_NlaSvc323232
-------\Service_NlaSvc32323232
-------\Service_NlaSvc3232323232
-------\Service_NlaSvc323232323232
-------\Service_NlaSvc32323232323232
-------\Service_NlaSvc3232323232323232
-------\Service_NlaSvc323232323232323232
-------\Service_nsi32
-------\Service_nsi3232
-------\Service_nsi323232
-------\Service_nsi32323232
-------\Service_nsi3232323232
-------\Service_nsi323232323232
-------\Service_nsi32323232323232
-------\Service_nsi3232323232323232
-------\Service_Oasis2Service32
-------\Service_Oasis2Service3232
-------\Service_Oasis2Service323232
-------\Service_Oasis2Service32323232
-------\Service_Oasis2Service3232323232
-------\Service_Oasis2Service323232323232
-------\Service_Oasis2Service32323232323232
-------\Service_ose32
-------\Service_ose3232
-------\Service_ose323232
-------\Service_ose32323232
-------\Service_ose3232323232
-------\Service_osppsvc32
-------\Service_osppsvc3232
-------\Service_osppsvc323232
-------\Service_osppsvc32323232
-------\Service_osppsvc3232323232
-------\Service_osppsvc323232323232
-------\Service_osppsvc32323232323232
-------\Service_osppsvc3232323232323232
-------\Service_p2pimsvc32
-------\Service_p2pimsvc3232
-------\Service_p2pimsvc323232
-------\Service_p2pimsvc32323232
-------\Service_p2pimsvc3232323232
-------\Service_p2pimsvc323232323232
-------\Service_p2pimsvc32323232323232
-------\Service_p2psvc32
-------\Service_p2psvc323232
-------\Service_p2psvc32323232
-------\Service_p2psvc3232323232
-------\Service_p2psvc323232323232
-------\Service_PcaSvc32
-------\Service_PcaSvc3232
-------\Service_PcaSvc323232
-------\Service_PcaSvc32323232
-------\Service_PerfHost32
-------\Service_PerfHost3232
-------\Service_PerfHost323232
-------\Service_PerfHost32323232
-------\Service_PerfHost3232323232
-------\Service_PerfHost323232323232
-------\Service_PerfHost32323232323232
-------\Service_PerfHost3232323232323232
-------\Service_PerfHost323232323232323232
-------\Service_PerfHost32323232323232323232
-------\Service_pla32
-------\Service_pla3232
-------\Service_pla323232
-------\Service_pla32323232
-------\Service_pla3232323232
-------\Service_PlugPlay32
-------\Service_PlugPlay3232
-------\Service_PlugPlay323232
-------\Service_PlugPlay32323232
-------\Service_PlugPlay3232323232
-------\Service_PlugPlay323232323232
-------\Service_PMBDeviceInfoProvider32
-------\Service_PMBDeviceInfoProvider3232
-------\Service_PMBDeviceInfoProvider323232
-------\Service_PMBDeviceInfoProvider32323232
-------\Service_PMBDeviceInfoProvider3232323232
-------\Service_PMBDeviceInfoProvider323232323232
-------\Service_PMBDeviceInfoProvider32323232323232
-------\Service_PMBDeviceInfoProvider3232323232323232
-------\Service_PMBDeviceInfoProvider323232323232323232
-------\Service_PNRPAutoReg32
-------\Service_PNRPAutoReg3232
-------\Service_PNRPAutoReg323232
-------\Service_PNRPAutoReg32323232
-------\Service_PNRPAutoReg3232323232
-------\Service_PNRPAutoReg323232323232
-------\Service_PNRPAutoReg32323232323232
-------\Service_PNRPsvc32
-------\Service_PNRPsvc3232
-------\Service_PNRPsvc323232
-------\Service_PolicyAgent3232
-------\Service_PolicyAgent323232
-------\Service_PolicyAgent32323232
-------\Service_Power32
-------\Service_Power3232
-------\Service_Power323232
-------\Service_Power32323232
-------\Service_Power3232323232
-------\Service_ProfSvc32
-------\Service_ProfSvc3232
-------\Service_ProfSvc323232
-------\Service_ProfSvc32323232
-------\Service_ProtectedStorage32
-------\Service_PSI_SVC_232
-------\Service_PSI_SVC_23232
-------\Service_PSI_SVC_2323232
-------\Service_QWAVE32
-------\Service_QWAVE3232
-------\Service_QWAVE323232
-------\Service_QWAVE32323232
-------\Service_QWAVE3232323232
-------\Service_QWAVE323232323232
-------\Service_QWAVE32323232323232
-------\Service_QWAVE3232323232323232
-------\Service_QWAVE323232323232323232
-------\Service_RasAuto32
-------\Service_RasAuto3232
-------\Service_RasAuto323232
-------\Service_RasAuto32323232
-------\Service_RasAuto3232323232
-------\Service_RasAuto323232323232
-------\Service_RasAuto32323232323232
-------\Service_RasMan32
-------\Service_RasMan3232
-------\Service_RegSrvc32
-------\Service_RegSrvc3232
-------\Service_RegSrvc323232
-------\Service_RegSrvc32323232
-------\Service_RegSrvc3232323232
-------\Service_RegSrvc323232323232
-------\Service_RegSrvc32323232323232
-------\Service_RegSrvc3232323232323232
-------\Service_RemoteAccess32
-------\Service_RemoteAccess3232
-------\Service_RemoteAccess323232
-------\Service_RemoteAccess32323232
-------\Service_RemoteAccess3232323232
-------\Service_RemoteAccess323232323232
-------\Service_RemoteAccess32323232323232
-------\Service_RemoteAccess3232323232323232
-------\Service_RemoteRegistry3232
-------\Service_RemoteRegistry323232
-------\Service_RemoteRegistry32323232
-------\Service_RemoteRegistry3232323232
-------\Service_RemoteRegistry323232323232
-------\Service_RemoteRegistry32323232323232
-------\Service_RemoteRegistry3232323232323232
-------\Service_RemoteRegistry323232323232323232
-------\Service_RemoteRegistry32323232323232323232
-------\Service_RemoteRegistry3232323232323232323232
-------\Service_RemoteRegistry323232323232323232323232
-------\Service_RpcEptMapper32
-------\Service_RpcEptMapper3232
-------\Service_RpcEptMapper323232
-------\Service_RpcEptMapper32323232
-------\Service_RpcLocator3232
-------\Service_RpcLocator323232
-------\Service_RpcLocator32323232
-------\Service_RpcSs3232
-------\Service_RpcSs323232
-------\Service_RpcSs32323232
-------\Service_RpcSs3232323232
-------\Service_RpcSs323232323232
-------\Service_SampleCollector
-------\Service_SampleCollector32
-------\Service_SampleCollector3232
-------\Service_SampleCollector323232
-------\Service_SampleCollector32323232
-------\Service_SampleCollector3232323232
-------\Service_SamSs32
-------\Service_SamSs3232
-------\Service_SamSs323232
-------\Service_SamSs32323232
-------\Service_SamSs3232323232
-------\Service_SCardSvr32
-------\Service_SCardSvr3232
-------\Service_SCardSvr323232
-------\Service_SCardSvr32323232
-------\Service_SCardSvr3232323232
-------\Service_SCardSvr323232323232
-------\Service_SCardSvr32323232323232
-------\Service_SCardSvr3232323232323232
-------\Service_SCardSvr323232323232323232
-------\Service_Schedule3232
-------\Service_Schedule323232
-------\Service_Schedule32323232
-------\Service_SCPolicySvc32
-------\Service_SCPolicySvc3232
-------\Service_SCPolicySvc323232
-------\Service_SCPolicySvc32323232
-------\Service_SDRSVC32
-------\Service_SDRSVC3232
-------\Service_SDRSVC323232
-------\Service_SDRSVC32323232
-------\Service_SDRSVC3232323232
-------\Service_SDRSVC323232323232
-------\Service_SDRSVC32323232323232
-------\Service_SDRSVC3232323232323232
-------\Service_SDRSVC323232323232323232
-------\Service_SDRSVC32323232323232323232
-------\Service_seclogon3232
-------\Service_seclogon323232
-------\Service_seclogon32323232
-------\Service_SENS32
-------\Service_SENS3232
-------\Service_SENS323232
-------\Service_SENS32323232
-------\Service_SENS3232323232
-------\Service_SensrSvc32
-------\Service_SensrSvc3232
-------\Service_SensrSvc323232
-------\Service_SensrSvc32323232
-------\Service_SensrSvc3232323232
-------\Service_SensrSvc323232323232
-------\Service_SessionEnv32
-------\Service_SessionEnv3232
-------\Service_SessionEnv323232
-------\Service_SessionEnv32323232
-------\Service_SessionEnv3232323232
-------\Service_SessionEnv323232323232
-------\Service_SessionEnv32323232323232
-------\Service_SessionEnv3232323232323232
-------\Service_SessionEnv323232323232323232
-------\Service_sftlist32
-------\Service_sftlist3232
-------\Service_sftlist323232
-------\Service_sftlist32323232
-------\Service_sftlist3232323232
-------\Service_sftvsa32
-------\Service_sftvsa3232
-------\Service_sftvsa323232
-------\Service_SharedAccess3232
-------\Service_SharedAccess323232
-------\Service_SharedAccess32323232
-------\Service_SharedAccess3232323232
-------\Service_ShellHWDetection32
-------\Service_ShellHWDetection3232
-------\Service_ShellHWDetection323232
-------\Service_ShellHWDetection32323232
-------\Service_ShellHWDetection3232323232
-------\Service_SNMPTRAP32
-------\Service_SNMPTRAP3232
-------\Service_SOHCImp32
-------\Service_SOHCImp3232
-------\Service_SOHCImp323232
-------\Service_SOHCImp32323232
-------\Service_SOHCImp3232323232
-------\Service_SOHCImp323232323232
-------\Service_SOHCImp32323232323232
-------\Service_SOHCImp3232323232323232
-------\Service_SOHCImp323232323232323232
-------\Service_SOHCImp32323232323232323232
-------\Service_SOHCImp3232323232323232323232
-------\Service_SOHDs32
-------\Service_SOHDs3232
-------\Service_SOHDs323232
-------\Service_SpfService32
-------\Service_SpfService3232
-------\Service_SpfService323232
-------\Service_Spooler32
-------\Service_sppsvc32
-------\Service_sppsvc3232
-------\Service_sppsvc323232
-------\Service_sppsvc32323232
-------\Service_sppsvc3232323232
-------\Service_sppsvc323232323232
-------\Service_sppuinotify32
-------\Service_sppuinotify3232
-------\Service_sppuinotify323232
-------\Service_sppuinotify32323232
-------\Service_sppuinotify3232323232
-------\Service_SSDPSRV3232
-------\Service_SSDPSRV323232
-------\Service_SSDPSRV32323232
-------\Service_SSDPSRV3232323232
-------\Service_SSDPSRV323232323232
-------\Service_SSDPSRV32323232323232
-------\Service_SSDPSRV3232323232323232
-------\Service_SSDPSRV323232323232323232
-------\Service_SSDPSRV32323232323232323232
-------\Service_SstpSvc32
-------\Service_SstpSvc3232
-------\Service_SstpSvc323232
-------\Service_SstpSvc32323232
-------\Service_SstpSvc3232323232
-------\Service_SstpSvc323232323232
-------\Service_SstpSvc32323232323232
-------\Service_stisvc3232
-------\Service_stisvc323232
-------\Service_stisvc32323232
-------\Service_swprv32
-------\Service_swprv3232
-------\Service_swprv323232
-------\Service_swprv32323232
-------\Service_swprv3232323232
-------\Service_swprv323232323232
-------\Service_SysMain32
-------\Service_SysMain3232
-------\Service_SysMain323232
-------\Service_SysMain32323232
-------\Service_SysMain3232323232
-------\Service_SysMain323232323232
-------\Service_SysMain32323232323232
-------\Service_SysMain3232323232323232
-------\Service_SysMain323232323232323232
-------\Service_TabletInputService32
-------\Service_TabletInputService3232
-------\Service_TabletInputService323232
-------\Service_TabletInputService32323232
-------\Service_TapiSrv32
-------\Service_TBS32
-------\Service_TBS3232
-------\Service_TBS323232
-------\Service_TBS32323232
-------\Service_TBS3232323232
-------\Service_TermService3232
-------\Service_TermService323232
-------\Service_Themes32
-------\Service_Themes3232
-------\Service_Themes323232
-------\Service_Themes32323232
-------\Service_THREADORDER32
-------\Service_THREADORDER3232
-------\Service_THREADORDER323232
-------\Service_THREADORDER32323232
-------\Service_THREADORDER3232323232
-------\Service_THREADORDER323232323232
-------\Service_THREADORDER32323232323232
-------\Service_THREADORDER3232323232323232
-------\Service_THREADORDER323232323232323232
-------\Service_TrkWks32
-------\Service_TrkWks3232
-------\Service_TrkWks323232
-------\Service_TrustedInstaller32
-------\Service_TrustedInstaller3232
-------\Service_TrustedInstaller323232
-------\Service_TrustedInstaller32323232
-------\Service_TrustedInstaller3232323232
-------\Service_TrustedInstaller323232323232
-------\Service_TrustedInstaller32323232323232
-------\Service_TrustedInstaller3232323232323232
-------\Service_TrustedInstaller323232323232323232
-------\Service_UI0Detect32
-------\Service_UI0Detect3232
-------\Service_UNS32
-------\Service_UNS3232
-------\Service_UNS323232
-------\Service_UNS32323232
-------\Service_UNS3232323232
-------\Service_UNS323232323232
-------\Service_UNS32323232323232
-------\Service_UNS3232323232323232
-------\Service_upnphost32
-------\Service_upnphost3232
-------\Service_upnphost323232
-------\Service_upnphost32323232
-------\Service_upnphost3232323232
-------\Service_UxSms32
-------\Service_UxSms3232
-------\Service_UxSms323232
-------\Service_VAIO Event Service32
-------\Service_VAIO Event Service3232
-------\Service_VAIO Event Service323232
-------\Service_VAIO Event Service32323232
-------\Service_VAIO Event Service3232323232
-------\Service_VAIO Event Service323232323232
-------\Service_VaultSvc32
-------\Service_VaultSvc3232
-------\Service_VaultSvc323232
-------\Service_VCFw32
-------\Service_VCFw3232
-------\Service_VcmIAlzMgr32
-------\Service_VcmIAlzMgr3232
-------\Service_VcmIAlzMgr323232
-------\Service_VcmIAlzMgr32323232
-------\Service_VcmINSMgr32
-------\Service_VcmINSMgr3232
-------\Service_VcmINSMgr323232
-------\Service_VcmINSMgr32323232
-------\Service_VcmINSMgr3232323232
-------\Service_VcmXmlIfHelper32
-------\Service_VcmXmlIfHelper3232
-------\Service_VcmXmlIfHelper323232
-------\Service_VcmXmlIfHelper32323232
-------\Service_VcmXmlIfHelper3232323232
-------\Service_VcmXmlIfHelper323232323232
-------\Service_VcmXmlIfHelper32323232323232
-------\Service_VCService32
-------\Service_VCService3232
-------\Service_VCService323232
-------\Service_VCService32323232
-------\Service_vds32
-------\Service_vds3232
-------\Service_vds323232
-------\Service_vds32323232
-------\Service_vds3232323232
-------\Service_vds323232323232
-------\Service_vds32323232323232
-------\Service_vds3232323232323232
-------\Service_VSNService32
-------\Service_VSNService3232
-------\Service_VSNService323232
-------\Service_VSNService32323232
-------\Service_VSNService3232323232
-------\Service_VSNService323232323232
-------\Service_VSNService32323232323232
-------\Service_VSNService3232323232323232
-------\Service_VSS32
-------\Service_VSS3232
-------\Service_VSS323232
-------\Service_VSS32323232
-------\Service_VSS3232323232
-------\Service_VSS323232323232
-------\Service_VSS32323232323232
-------\Service_VUAgent32
-------\Service_VUAgent3232
-------\Service_VUAgent323232
-------\Service_VUAgent32323232
-------\Service_VUAgent3232323232
-------\Service_VUAgent323232323232
-------\Service_VUAgent32323232323232
-------\Service_W32Time3232
-------\Service_W32Time323232
-------\Service_W32Time32323232
-------\Service_W32Time3232323232
-------\Service_W32Time323232323232
-------\Service_W32Time32323232323232
-------\Service_W32Time3232323232323232
-------\Service_WatAdminSvc32
-------\Service_WatAdminSvc3232
-------\Service_WatAdminSvc323232
-------\Service_WatAdminSvc32323232
-------\Service_WatAdminSvc3232323232
-------\Service_wbengine32
-------\Service_wbengine3232
-------\Service_wbengine323232
-------\Service_WbioSrvc32
-------\Service_WbioSrvc3232
-------\Service_WbioSrvc323232
-------\Service_WbioSrvc32323232
-------\Service_WbioSrvc3232323232
-------\Service_WbioSrvc323232323232
-------\Service_WbioSrvc32323232323232
-------\Service_wcncsvc32
-------\Service_wcncsvc3232
-------\Service_wcncsvc323232
-------\Service_WcsPlugInService32
-------\Service_WcsPlugInService3232
-------\Service_WdiServiceHost32
-------\Service_WdiServiceHost3232
-------\Service_WdiServiceHost323232
-------\Service_WdiServiceHost32323232
-------\Service_WdiServiceHost3232323232
-------\Service_WdiSystemHost32
-------\Service_WdiSystemHost3232
-------\Service_WdiSystemHost323232
-------\Service_WdiSystemHost32323232
-------\Service_WebClient32
-------\Service_WebClient3232
-------\Service_WebClient323232
-------\Service_WebrootSpySweeperService32
-------\Service_WebrootSpySweeperService3232
-------\Service_WebrootSpySweeperService323232
-------\Service_WebrootSpySweeperService32323232
-------\Service_WebrootSpySweeperService3232323232
-------\Service_WebrootSpySweeperService323232323232
-------\Service_WebrootSpySweeperService32323232323232
-------\Service_WebrootSpySweeperService3232323232323232
-------\Service_WebrootSpySweeperService323232323232323232
-------\Service_Wecsvc32
-------\Service_Wecsvc3232
-------\Service_Wecsvc323232
-------\Service_Wecsvc32323232
-------\Service_Wecsvc3232323232
-------\Service_Wecsvc323232323232
-------\Service_Wecsvc32323232323232
-------\Service_Wecsvc3232323232323232
-------\Service_Wecsvc323232323232323232
-------\Service_wercplsupport32
-------\Service_wercplsupport3232
-------\Service_wercplsupport323232
-------\Service_wercplsupport32323232
-------\Service_wercplsupport3232323232
-------\Service_WerSvc32
-------\Service_WerSvc3232
-------\Service_WerSvc323232
-------\Service_WerSvc32323232
-------\Service_WiMAXAppSrv32
-------\Service_WiMAXAppSrv3232
-------\Service_WiMAXAppSrv323232
-------\Service_WiMAXAppSrv32323232
-------\Service_WiMAXAppSrv3232323232
-------\Service_WiMAXAppSrv323232323232
-------\Service_WiMAXAppSrv32323232323232
-------\Service_WiMAXAppSrv3232323232323232
-------\Service_WinDefend32
-------\Service_WinHttpAutoProxySvc32
-------\Service_WinHttpAutoProxySvc3232
-------\Service_WinHttpAutoProxySvc323232
-------\Service_WinHttpAutoProxySvc32323232
-------\Service_WinHttpAutoProxySvc3232323232
-------\Service_Winmgmt32
-------\Service_Winmgmt3232
-------\Service_Winmgmt323232
-------\Service_Winmgmt32323232
-------\Service_WinRM32
-------\Service_WinRM3232
-------\Service_WinRM323232
-------\Service_WinRM32323232
-------\Service_WinRM3232323232
-------\Service_Wlansvc32
-------\Service_wlcrasvc32
-------\Service_wlcrasvc3232
-------\Service_wlcrasvc323232
-------\Service_wlidsvc32
-------\Service_wlidsvc3232
-------\Service_wlidsvc323232
-------\Service_wlidsvc32323232
-------\Service_wlidsvc3232323232
-------\Service_wmiApSrv3232
-------\Service_wmiApSrv323232
-------\Service_wmiApSrv32323232
-------\Service_wmiApSrv3232323232
-------\Service_wmiApSrv323232323232
-------\Service_wmiApSrv32323232323232
-------\Service_WMPNetworkSvc32
-------\Service_WMPNetworkSvc3232
-------\Service_WPCSvc32
-------\Service_WPCSvc3232
-------\Service_WPCSvc323232
-------\Service_WPCSvc32323232
-------\Service_WPCSvc3232323232
-------\Service_WPCSvc323232323232
-------\Service_WPDBusEnum32
-------\Service_WPDBusEnum3232
-------\Service_WPDBusEnum323232
-------\Service_WRConsumerService32
-------\Service_WRConsumerService3232
-------\Service_WRConsumerService323232
-------\Service_WRConsumerService32323232
-------\Service_WRConsumerService3232323232
-------\Service_wscsvc32
-------\Service_wscsvc3232
-------\Service_wscsvc323232
-------\Service_wscsvc32323232
-------\Service_wscsvc3232323232
-------\Service_wscsvc323232323232
-------\Service_WSearch32
-------\Service_WSearch3232
-------\Service_wuauserv3232
-------\Service_wuauserv323232
-------\Service_wuauserv32323232
-------\Service_wuauserv3232323232
-------\Service_wuauserv323232323232
-------\Service_wudfsvc32
-------\Service_wudfsvc3232
-------\Service_wudfsvc323232
-------\Service_wudfsvc32323232
-------\Service_wudfsvc3232323232
-------\Service_wudfsvc323232323232
-------\Service_wudfsvc32323232323232
-------\Service_wudfsvc3232323232323232
-------\Service_WwanSvc32
-------\Service_WwanSvc3232
-------\Service_WwanSvc323232
-------\Service_WwanSvc3232323232
-------\Service_WwanSvc323232323232
.
.
((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-29 )))))))))))))))))))))))))))))))
.
.
2013-05-29 11:37 . 2013-05-29 11:37 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-05-29 11:37 . 2013-05-29 11:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-28 11:06 . 2013-05-28 11:06 -------- d-----w- C:\_OTL
2013-05-25 14:16 . 2013-05-25 14:16 -------- d-----w- c:\windows\ERUNT
2013-05-25 14:16 . 2013-05-25 14:16 -------- d-----w- C:\JRT
2013-05-25 02:03 . 2013-05-25 02:03 -------- d-----w- C:\_OTM
2013-05-25 01:21 . 2013-05-25 01:21 -------- d-----w- C:\TDSSKiller_Quarantine
2013-05-23 22:37 . 2013-05-23 22:37 212992 --sha-r- c:\windows\SysWow64\pt-PTD.dll
2013-05-21 21:47 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{91BD79FF-BDD7-4F62-87D9-2FD1C996361A}\mpengine.dll
2013-05-14 20:36 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 21:19 . 2012-07-17 19:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-15 00:23 . 2012-06-18 22:24 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 00:23 . 2011-07-12 11:40 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 06:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-14 20:36 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-14 20:36 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-14 20:36 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-14 20:36 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-14 20:36 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-14 20:36 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 20:52 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-04 18:50 . 2011-07-22 21:34 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 20:30 . 2013-04-02 20:30 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-02 20:30 . 2013-04-02 20:30 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-02 20:30 . 2013-04-02 20:30 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-02 20:30 . 2013-04-02 20:30 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-02 20:30 . 2013-04-02 20:30 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-02 20:30 . 2013-04-02 20:30 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-02 20:30 . 2013-04-02 20:30 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-02 20:30 . 2013-04-02 20:30 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-02 20:30 . 2013-04-02 20:30 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-02 20:30 . 2013-04-02 20:30 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-02 20:30 . 2013-04-02 20:30 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-02 20:30 . 2013-04-02 20:30 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-02 20:30 . 2013-04-02 20:30 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-02 20:30 . 2013-04-02 20:30 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-02 20:30 . 2013-04-02 20:30 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-02 20:30 . 2013-04-02 20:30 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-02 20:30 . 2013-04-02 20:30 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-02 20:30 . 2013-04-02 20:30 441856 ----a-w- c:\windows\system32\html.iec
2013-04-02 20:30 . 2013-04-02 20:30 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-02 20:30 . 2013-04-02 20:30 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-02 20:30 . 2013-04-02 20:30 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-02 20:30 . 2013-04-02 20:30 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-02 20:30 . 2013-04-02 20:30 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-02 20:30 . 2013-04-02 20:30 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-02 20:30 . 2013-04-02 20:30 235008 ----a-w- c:\windows\system32\url.dll
2013-04-02 20:30 . 2013-04-02 20:30 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-02 20:30 . 2013-04-02 20:30 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-02 20:30 . 2013-04-02 20:30 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-02 20:30 . 2013-04-02 20:30 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-02 20:30 . 2013-04-02 20:30 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-02 20:30 . 2013-04-02 20:30 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-02 20:30 . 2013-04-02 20:30 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-02 20:30 . 2013-04-02 20:30 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-02 20:30 . 2013-04-02 20:30 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-02 20:30 . 2013-04-02 20:30 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-02 20:30 . 2013-04-02 20:30 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-02 20:30 . 2013-04-02 20:30 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-02 20:30 . 2013-04-02 20:30 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-02 20:30 . 2013-04-02 20:30 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-02 20:30 . 2013-04-02 20:30 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-02 20:30 . 2013-04-02 20:30 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-02 20:30 . 2013-04-02 20:30 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-02 20:30 . 2013-04-02 20:30 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-02 20:30 . 2013-04-02 20:30 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-02 20:30 . 2013-04-02 20:30 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-02 20:30 . 2013-04-02 20:30 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-02 20:30 . 2013-04-02 20:30 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-02 20:30 . 2013-04-02 20:30 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-02 20:30 . 2013-04-02 20:30 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-19 06:04 . 2013-04-11 01:30 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-11 01:30 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-11 01:30 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-11 01:30 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-11 01:30 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-11 01:30 112640 ----a-w- c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-16 22:39 220632 ----a-w- c:\users\___\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-16 22:39 220632 ----a-w- c:\users\___\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-16 22:39 220632 ----a-w- c:\users\___\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"DigiDo"="c:\program files (x86)\Optimum\DigiDo\TrayApp.exe" [2011-10-17 1154416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
2;2 UNS;Intel® Management and Security Application User Notification Service [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-02-19 546608]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2011-03-30 1021112]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-02 1255736]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-02-28 852160]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-02-17 75264]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-02-17 174080]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-02-17 81920]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-02-11 76912]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-03-28 333928]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-04-26 12032]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 00:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-16 22:39 244696 ----a-w- c:\users\___\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-16 22:39 244696 ----a-w- c:\users\___\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-16 22:39 244696 ----a-w- c:\users\___\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-03-09 518784]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCUDelayStartup.exe" [2011-03-02 718336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 167744]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 392512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 417088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{5EECAD8D-E2C3-4F9C-91E3-7490C63E1274}: NameServer = 0.0.0.0
FF - ProfilePath - c:\users\___\AppData\Roaming\Mozilla\Firefox\Profiles\sbdqlarq.default-1369538825987\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-TimeServer - c:\users\___\AppData\Roaming\SoftGrid Client\WIN7574.exe
SafeBoot-41503383.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-947907804-1673121893-2589414172-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-947907804-1673121893-2589414172-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Optimum\DigiDo\AffinegyService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
c:\program files (x86)\DDNi\Oasis\VAIO Messenger.exe
.
**************************************************************************
.
Completion time: 2013-05-29 07:41:33 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-29 11:41
ComboFix2.txt 2013-05-25 19:12
ComboFix3.txt 2013-05-25 00:53
ComboFix4.txt 2013-05-24 11:43
ComboFix5.txt 2013-05-29 11:30
.
Pre-Run: 579,446,833,152 bytes free
Post-Run: 579,365,359,616 bytes free
.
- - End Of File - - D3134F89BDD55588DAA648444C0F8FFE
Hi Gringo, I ran the fix but haven't had much chance to observe if it is still redirecting. I'll check the computer out some more after work this evening and let you know. Thanks.
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2360 [GMT -4:00]
Running from: c:\users\___\Desktop\ComboFix.exe
Command switches used :: c:\users\___\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MICHEL~1\AppData\Local\Temp\AFF1.tmp\F_IN_BOX.dll
c:\users\___\111djtkudzw4b.exe
c:\users\___\AppData\Local\Temp\AFF1.tmp\F_IN_BOX.dll
c:\users\___\AppData\Roaming\SoftGrid Client\WIN7574.exe
c:\users\___\bgbobip46w2g8.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ACDaemon32
-------\Service_ACDaemon3232
-------\Service_ACDaemon323232
-------\Service_ACDaemon32323232
-------\Service_AeLookupSvc32
-------\Service_AeLookupSvc3232
-------\Service_AeLookupSvc323232
-------\Service_AeLookupSvc32323232
-------\Service_ALG3232
-------\Service_ALG323232
-------\Service_AppIDSvc32
-------\Service_AppIDSvc3232
-------\Service_AppIDSvc323232
-------\Service_Appinfo32
-------\Service_Appinfo3232
-------\Service_aspnet_state3232
-------\Service_aspnet_state323232
-------\Service_aspnet_state32323232
-------\Service_aspnet_state3232323232
-------\Service_aspnet_state323232323232
-------\Service_aspnet_state32323232323232
-------\Service_AudioEndpointBuilder32
-------\Service_AudioEndpointBuilder3232
-------\Service_AudioEndpointBuilder323232
-------\Service_AudioEndpointBuilder32323232
-------\Service_AudioEndpointBuilder3232323232
-------\Service_AudioEndpointBuilder323232323232
-------\Service_AudioEndpointBuilder32323232323232
-------\Service_AudioEndpointBuilder3232323232323232
-------\Service_AudioEndpointBuilder323232323232323232
-------\Service_AudioSrv32
-------\Service_AudioSrv3232
-------\Service_AudioSrv323232
-------\Service_AxInstSV32
-------\Service_AxInstSV3232
-------\Service_AxInstSV323232
-------\Service_BDESVC32
-------\Service_BDESVC3232
-------\Service_BDESVC323232
-------\Service_BDESVC32323232
-------\Service_BDESVC3232323232
-------\Service_BDESVC323232323232
-------\Service_BDESVC32323232323232
-------\Service_BFE32
-------\Service_BFE3232
-------\Service_BITS3232
-------\Service_BITS323232
-------\Service_BITS32323232
-------\Service_BITS3232323232
-------\Service_BITS323232323232
-------\Service_BITS32323232323232
-------\Service_Browser32
-------\Service_Browser3232
-------\Service_Browser323232
-------\Service_Browser32323232
-------\Service_Browser3232323232
-------\Service_Browser323232323232
-------\Service_Browser32323232323232
-------\Service_Browser3232323232323232
-------\Service_Browser323232323232323232
-------\Service_Browser32323232323232323232
-------\Service_bthserv32
-------\Service_bthserv3232
-------\Service_bthserv323232
-------\Service_bthserv32323232
-------\Service_CertPropSvc32
-------\Service_CertPropSvc3232
-------\Service_CertPropSvc323232
-------\Service_clr_optimization_v2.0.50727_323232
-------\Service_clr_optimization_v2.0.50727_32323232
-------\Service_clr_optimization_v2.0.50727_3232323232
-------\Service_clr_optimization_v2.0.50727_323232323232
-------\Service_clr_optimization_v2.0.50727_32323232323232
-------\Service_clr_optimization_v2.0.50727_6432
-------\Service_clr_optimization_v2.0.50727_643232
-------\Service_clr_optimization_v2.0.50727_64323232
-------\Service_clr_optimization_v2.0.50727_6432323232
-------\Service_clr_optimization_v2.0.50727_643232323232
-------\Service_clr_optimization_v2.0.50727_64323232323232
-------\Service_clr_optimization_v4.0.30319_3232
-------\Service_clr_optimization_v4.0.30319_323232
-------\Service_clr_optimization_v4.0.30319_32323232
-------\Service_clr_optimization_v4.0.30319_3232323232
-------\Service_clr_optimization_v4.0.30319_323232323232
-------\Service_clr_optimization_v4.0.30319_32323232323232
-------\Service_clr_optimization_v4.0.30319_3232323232323232
-------\Service_clr_optimization_v4.0.30319_6432
-------\Service_clr_optimization_v4.0.30319_643232
-------\Service_clr_optimization_v4.0.30319_64323232
-------\Service_clr_optimization_v4.0.30319_6432323232
-------\Service_clr_optimization_v4.0.30319_643232323232
-------\Service_clr_optimization_v4.0.30319_64323232323232
-------\Service_clr_optimization_v4.0.30319_6432323232323232
-------\Service_clr_optimization_v4.0.30319_643232323232323232
-------\Service_clr_optimization_v4.0.30319_64323232323232323232
-------\Service_COMSysApp3232
-------\Service_COMSysApp323232
-------\Service_COMSysApp32323232
-------\Service_COMSysApp3232323232
-------\Service_COMSysApp323232323232
-------\Service_CryptSvc32
-------\Service_CryptSvc3232
-------\Service_CryptSvc323232
-------\Service_CryptSvc32323232
-------\Service_CryptSvc3232323232
-------\Service_CryptSvc323232323232
-------\Service_CryptSvc32323232323232
-------\Service_cvhsvc32
-------\Service_cvhsvc3232
-------\Service_cvhsvc323232
-------\Service_cvhsvc32323232
-------\Service_cvhsvc3232323232
-------\Service_cvhsvc323232323232
-------\Service_cvhsvc32323232323232
-------\Service_DcomLaunch32
-------\Service_DcomLaunch3232
-------\Service_DcomLaunch323232
-------\Service_DcomLaunch32323232
-------\Service_DcomLaunch3232323232
-------\Service_DcomLaunch323232323232
-------\Service_DcomLaunch32323232323232
-------\Service_defragsvc32
-------\Service_defragsvc3232
-------\Service_defragsvc323232
-------\Service_defragsvc32323232
-------\Service_Dhcp3232
-------\Service_Dhcp323232
-------\Service_Dhcp32323232
-------\Service_DMAgent32
-------\Service_DMAgent3232
-------\Service_DMAgent323232
-------\Service_DMAgent32323232
-------\Service_Dnscache3232
-------\Service_Dnscache323232
-------\Service_DPS32
-------\Service_EapHost32
-------\Service_EapHost3232
-------\Service_EapHost323232
-------\Service_EapHost32323232
-------\Service_EapHost3232323232
-------\Service_EapHost323232323232
-------\Service_EapHost32323232323232
-------\Service_EFS32
-------\Service_EFS3232
-------\Service_EFS323232
-------\Service_EFS32323232
-------\Service_EFS3232323232
-------\Service_ehRecvr32
-------\Service_ehRecvr3232
-------\Service_ehRecvr323232
-------\Service_ehRecvr32323232
-------\Service_ehSched32
-------\Service_ehSched3232
-------\Service_ehSched323232
-------\Service_ehSched32323232
-------\Service_eventlog32
-------\Service_eventlog3232
-------\Service_eventlog323232
-------\Service_eventlog3232323232
-------\Service_eventlog323232323232
-------\Service_eventlog32323232323232
-------\Service_eventlog3232323232323232
-------\Service_eventlog323232323232323232
-------\Service_eventlog32323232323232323232
-------\Service_eventlog3232323232323232323232
-------\Service_EventSystem32
-------\Service_EventSystem3232
-------\Service_EventSystem323232
-------\Service_EventSystem32323232
-------\Service_EventSystem3232323232
-------\Service_EvtEng32
-------\Service_EvtEng3232
-------\Service_EvtEng323232
-------\Service_EvtEng32323232
-------\Service_EvtEng3232323232
-------\Service_Fax32
-------\Service_Fax3232
-------\Service_Fax323232
-------\Service_Fax32323232
-------\Service_Fax3232323232
-------\Service_Fax323232323232
-------\Service_Fax32323232323232
-------\Service_Fax3232323232323232
-------\Service_Fax323232323232323232
-------\Service_fdPHost32
-------\Service_fdPHost3232
-------\Service_fdPHost323232
-------\Service_fdPHost32323232
-------\Service_fdPHost3232323232
-------\Service_fdPHost323232323232
-------\Service_FDResPub32
-------\Service_FontCache3.0.0.032
-------\Service_FontCache3.0.0.03232
-------\Service_FontCache3.0.0.0323232
-------\Service_FontCache3.0.0.032323232
-------\Service_FontCache3.0.0.03232323232
-------\Service_FontCache3.0.0.0323232323232
-------\Service_FontCache3.0.0.032323232323232
-------\Service_FontCache3.0.0.03232323232323232
-------\Service_FontCache3.0.0.0323232323232323232
-------\Service_FontCache32
-------\Service_FontCache3232
-------\Service_FontCache323232
-------\Service_FontCache32323232
-------\Service_FontCache3232323232
-------\Service_FontCache323232323232
-------\Service_FontCache32323232323232
-------\Service_gpsvc32
-------\Service_gpsvc3232
-------\Service_gpsvc323232
-------\Service_gpsvc32323232
-------\Service_hidserv32
-------\Service_hidserv3232
-------\Service_hidserv323232
-------\Service_hidserv32323232
-------\Service_hkmsvc32
-------\Service_hkmsvc3232
-------\Service_hkmsvc323232
-------\Service_hkmsvc32323232
-------\Service_hkmsvc3232323232
-------\Service_hkmsvc323232323232
-------\Service_hkmsvc32323232323232
-------\Service_HomeGroupListener32
-------\Service_HomeGroupListener3232
-------\Service_HomeGroupListener323232
-------\Service_HomeGroupListener32323232
-------\Service_HomeGroupProvider32
-------\Service_HomeGroupProvider3232
-------\Service_HomeGroupProvider323232
-------\Service_HomeGroupProvider32323232
-------\Service_HomeGroupProvider3232323232
-------\Service_HomeGroupProvider323232323232
-------\Service_HomeGroupProvider32323232323232
-------\Service_IAStorDataMgrSvc32
-------\Service_IAStorDataMgrSvc3232
-------\Service_IAStorDataMgrSvc323232
-------\Service_IAStorDataMgrSvc32323232
-------\Service_IAStorDataMgrSvc3232323232
-------\Service_IAStorDataMgrSvc323232323232
-------\Service_IconMan_R32
-------\Service_IconMan_R3232
-------\Service_IconMan_R323232
-------\Service_IconMan_R32323232
-------\Service_IconMan_R3232323232
-------\Service_IconMan_R323232323232
-------\Service_idsvc32
-------\Service_idsvc3232
-------\Service_idsvc323232
-------\Service_idsvc32323232
-------\Service_idsvc3232323232
-------\Service_idsvc323232323232
-------\Service_IKEEXT32
-------\Service_IKEEXT3232
-------\Service_IKEEXT323232
-------\Service_IPBusEnum32
-------\Service_IPBusEnum3232
-------\Service_IPBusEnum323232
-------\Service_IPBusEnum32323232
-------\Service_IPBusEnum3232323232
-------\Service_IPBusEnum323232323232
-------\Service_iphlpsvc32
-------\Service_iphlpsvc3232
-------\Service_iphlpsvc323232
-------\Service_iphlpsvc32323232
-------\Service_iphlpsvc3232323232
-------\Service_IviRegMgr32
-------\Service_IviRegMgr3232
-------\Service_IviRegMgr323232
-------\Service_IviRegMgr32323232
-------\Service_IviRegMgr3232323232
-------\Service_IviRegMgr323232323232
-------\Service_IviRegMgr32323232323232
-------\Service_IviRegMgr3232323232323232
-------\Service_KeyIso32
-------\Service_KtmRm32
-------\Service_KtmRm3232
-------\Service_LanmanServer32
-------\Service_LanmanServer3232
-------\Service_LanmanServer323232
-------\Service_LanmanServer32323232
-------\Service_LanmanServer3232323232
-------\Service_LanmanServer323232323232
-------\Service_LanmanServer32323232323232
-------\Service_LanmanWorkstation3232
-------\Service_LanmanWorkstation323232
-------\Service_LanmanWorkstation32323232
-------\Service_LanmanWorkstation3232323232
-------\Service_LanmanWorkstation323232323232
-------\Service_LanmanWorkstation32323232323232
-------\Service_LanmanWorkstation3232323232323232
-------\Service_LanmanWorkstation323232323232323232
-------\Service_LanmanWorkstation32323232323232323232
-------\Service_LanmanWorkstation3232323232323232323232
-------\Service_LanmanWorkstation323232323232323232323232
-------\Service_LanmanWorkstation32323232323232323232323232
-------\Service_LanmanWorkstation3232323232323232323232323232
-------\Service_LanmanWorkstation323232323232323232323232323232
-------\Service_lltdsvc32
-------\Service_lltdsvc3232
-------\Service_lmhosts3232
-------\Service_lmhosts323232
-------\Service_lmhosts32323232
-------\Service_lmhosts3232323232
-------\Service_lmhosts323232323232
-------\Service_LMS32
-------\Service_Mcx2Svc32
-------\Service_Mcx2Svc3232
-------\Service_Mcx2Svc323232
-------\Service_Mcx2Svc32323232
-------\Service_Mcx2Svc3232323232
-------\Service_Mcx2Svc323232323232
-------\Service_MMCSS32
-------\Service_MMCSS3232
-------\Service_MMCSS323232
-------\Service_MMCSS32323232
-------\Service_MpsSvc32
-------\Service_MpsSvc3232
-------\Service_MpsSvc323232
-------\Service_MpsSvc32323232
-------\Service_MpsSvc3232323232
-------\Service_MpsSvc323232323232
-------\Service_MpsSvc32323232323232
-------\Service_MSDTC32
-------\Service_MSDTC3232
-------\Service_MSDTC323232
-------\Service_MSDTC32323232
-------\Service_MSDTC3232323232
-------\Service_MSDTC323232323232
-------\Service_MSDTC32323232323232
-------\Service_MSiSCSI32
-------\Service_MSiSCSI3232
-------\Service_MSiSCSI323232
-------\Service_MSiSCSI32323232
-------\Service_msiserver32
-------\Service_msiserver3232
-------\Service_msiserver323232
-------\Service_msiserver32323232
-------\Service_msiserver3232323232
-------\Service_msiserver323232323232
-------\Service_msiserver32323232323232
-------\Service_msiserver3232323232323232
-------\Service_msiserver323232323232323232
-------\Service_MyWiFiDHCPDNS32
-------\Service_MyWiFiDHCPDNS3232
-------\Service_MyWiFiDHCPDNS323232
-------\Service_MyWiFiDHCPDNS32323232
-------\Service_MyWiFiDHCPDNS3232323232
-------\Service_MyWiFiDHCPDNS323232323232
-------\Service_MyWiFiDHCPDNS32323232323232
-------\Service_napagent32
-------\Service_napagent3232
-------\Service_napagent323232
-------\Service_napagent32323232
-------\Service_Netlogon32
-------\Service_Netlogon3232
-------\Service_Netlogon323232
-------\Service_Netlogon32323232
-------\Service_Netlogon3232323232
-------\Service_Netlogon323232323232
-------\Service_Netlogon32323232323232
-------\Service_Netlogon3232323232323232
-------\Service_Netlogon323232323232323232
-------\Service_Netman3232
-------\Service_Netman323232
-------\Service_Netman32323232
-------\Service_NetMsmqActivator32
-------\Service_NetMsmqActivator3232
-------\Service_NetMsmqActivator323232
-------\Service_NetMsmqActivator32323232
-------\Service_NetMsmqActivator3232323232
-------\Service_NetMsmqActivator323232323232
-------\Service_NetPipeActivator32
-------\Service_NetPipeActivator3232
-------\Service_NetPipeActivator323232
-------\Service_NetPipeActivator32323232
-------\Service_NetPipeActivator3232323232
-------\Service_netprofm32
-------\Service_netprofm3232
-------\Service_netprofm323232
-------\Service_netprofm32323232
-------\Service_netprofm3232323232
-------\Service_netprofm323232323232
-------\Service_netprofm32323232323232
-------\Service_netprofm3232323232323232
-------\Service_NetTcpActivator32
-------\Service_NetTcpActivator3232
-------\Service_NetTcpActivator323232
-------\Service_NetTcpPortSharing32
-------\Service_NetTcpPortSharing3232
-------\Service_NetTcpPortSharing323232
-------\Service_NlaSvc32
-------\Service_NlaSvc3232
-------\Service_NlaSvc323232
-------\Service_NlaSvc32323232
-------\Service_NlaSvc3232323232
-------\Service_NlaSvc323232323232
-------\Service_NlaSvc32323232323232
-------\Service_NlaSvc3232323232323232
-------\Service_NlaSvc323232323232323232
-------\Service_nsi32
-------\Service_nsi3232
-------\Service_nsi323232
-------\Service_nsi32323232
-------\Service_nsi3232323232
-------\Service_nsi323232323232
-------\Service_nsi32323232323232
-------\Service_nsi3232323232323232
-------\Service_Oasis2Service32
-------\Service_Oasis2Service3232
-------\Service_Oasis2Service323232
-------\Service_Oasis2Service32323232
-------\Service_Oasis2Service3232323232
-------\Service_Oasis2Service323232323232
-------\Service_Oasis2Service32323232323232
-------\Service_ose32
-------\Service_ose3232
-------\Service_ose323232
-------\Service_ose32323232
-------\Service_ose3232323232
-------\Service_osppsvc32
-------\Service_osppsvc3232
-------\Service_osppsvc323232
-------\Service_osppsvc32323232
-------\Service_osppsvc3232323232
-------\Service_osppsvc323232323232
-------\Service_osppsvc32323232323232
-------\Service_osppsvc3232323232323232
-------\Service_p2pimsvc32
-------\Service_p2pimsvc3232
-------\Service_p2pimsvc323232
-------\Service_p2pimsvc32323232
-------\Service_p2pimsvc3232323232
-------\Service_p2pimsvc323232323232
-------\Service_p2pimsvc32323232323232
-------\Service_p2psvc32
-------\Service_p2psvc323232
-------\Service_p2psvc32323232
-------\Service_p2psvc3232323232
-------\Service_p2psvc323232323232
-------\Service_PcaSvc32
-------\Service_PcaSvc3232
-------\Service_PcaSvc323232
-------\Service_PcaSvc32323232
-------\Service_PerfHost32
-------\Service_PerfHost3232
-------\Service_PerfHost323232
-------\Service_PerfHost32323232
-------\Service_PerfHost3232323232
-------\Service_PerfHost323232323232
-------\Service_PerfHost32323232323232
-------\Service_PerfHost3232323232323232
-------\Service_PerfHost323232323232323232
-------\Service_PerfHost32323232323232323232
-------\Service_pla32
-------\Service_pla3232
-------\Service_pla323232
-------\Service_pla32323232
-------\Service_pla3232323232
-------\Service_PlugPlay32
-------\Service_PlugPlay3232
-------\Service_PlugPlay323232
-------\Service_PlugPlay32323232
-------\Service_PlugPlay3232323232
-------\Service_PlugPlay323232323232
-------\Service_PMBDeviceInfoProvider32
-------\Service_PMBDeviceInfoProvider3232
-------\Service_PMBDeviceInfoProvider323232
-------\Service_PMBDeviceInfoProvider32323232
-------\Service_PMBDeviceInfoProvider3232323232
-------\Service_PMBDeviceInfoProvider323232323232
-------\Service_PMBDeviceInfoProvider32323232323232
-------\Service_PMBDeviceInfoProvider3232323232323232
-------\Service_PMBDeviceInfoProvider323232323232323232
-------\Service_PNRPAutoReg32
-------\Service_PNRPAutoReg3232
-------\Service_PNRPAutoReg323232
-------\Service_PNRPAutoReg32323232
-------\Service_PNRPAutoReg3232323232
-------\Service_PNRPAutoReg323232323232
-------\Service_PNRPAutoReg32323232323232
-------\Service_PNRPsvc32
-------\Service_PNRPsvc3232
-------\Service_PNRPsvc323232
-------\Service_PolicyAgent3232
-------\Service_PolicyAgent323232
-------\Service_PolicyAgent32323232
-------\Service_Power32
-------\Service_Power3232
-------\Service_Power323232
-------\Service_Power32323232
-------\Service_Power3232323232
-------\Service_ProfSvc32
-------\Service_ProfSvc3232
-------\Service_ProfSvc323232
-------\Service_ProfSvc32323232
-------\Service_ProtectedStorage32
-------\Service_PSI_SVC_232
-------\Service_PSI_SVC_23232
-------\Service_PSI_SVC_2323232
-------\Service_QWAVE32
-------\Service_QWAVE3232
-------\Service_QWAVE323232
-------\Service_QWAVE32323232
-------\Service_QWAVE3232323232
-------\Service_QWAVE323232323232
-------\Service_QWAVE32323232323232
-------\Service_QWAVE3232323232323232
-------\Service_QWAVE323232323232323232
-------\Service_RasAuto32
-------\Service_RasAuto3232
-------\Service_RasAuto323232
-------\Service_RasAuto32323232
-------\Service_RasAuto3232323232
-------\Service_RasAuto323232323232
-------\Service_RasAuto32323232323232
-------\Service_RasMan32
-------\Service_RasMan3232
-------\Service_RegSrvc32
-------\Service_RegSrvc3232
-------\Service_RegSrvc323232
-------\Service_RegSrvc32323232
-------\Service_RegSrvc3232323232
-------\Service_RegSrvc323232323232
-------\Service_RegSrvc32323232323232
-------\Service_RegSrvc3232323232323232
-------\Service_RemoteAccess32
-------\Service_RemoteAccess3232
-------\Service_RemoteAccess323232
-------\Service_RemoteAccess32323232
-------\Service_RemoteAccess3232323232
-------\Service_RemoteAccess323232323232
-------\Service_RemoteAccess32323232323232
-------\Service_RemoteAccess3232323232323232
-------\Service_RemoteRegistry3232
-------\Service_RemoteRegistry323232
-------\Service_RemoteRegistry32323232
-------\Service_RemoteRegistry3232323232
-------\Service_RemoteRegistry323232323232
-------\Service_RemoteRegistry32323232323232
-------\Service_RemoteRegistry3232323232323232
-------\Service_RemoteRegistry323232323232323232
-------\Service_RemoteRegistry32323232323232323232
-------\Service_RemoteRegistry3232323232323232323232
-------\Service_RemoteRegistry323232323232323232323232
-------\Service_RpcEptMapper32
-------\Service_RpcEptMapper3232
-------\Service_RpcEptMapper323232
-------\Service_RpcEptMapper32323232
-------\Service_RpcLocator3232
-------\Service_RpcLocator323232
-------\Service_RpcLocator32323232
-------\Service_RpcSs3232
-------\Service_RpcSs323232
-------\Service_RpcSs32323232
-------\Service_RpcSs3232323232
-------\Service_RpcSs323232323232
-------\Service_SampleCollector
-------\Service_SampleCollector32
-------\Service_SampleCollector3232
-------\Service_SampleCollector323232
-------\Service_SampleCollector32323232
-------\Service_SampleCollector3232323232
-------\Service_SamSs32
-------\Service_SamSs3232
-------\Service_SamSs323232
-------\Service_SamSs32323232
-------\Service_SamSs3232323232
-------\Service_SCardSvr32
-------\Service_SCardSvr3232
-------\Service_SCardSvr323232
-------\Service_SCardSvr32323232
-------\Service_SCardSvr3232323232
-------\Service_SCardSvr323232323232
-------\Service_SCardSvr32323232323232
-------\Service_SCardSvr3232323232323232
-------\Service_SCardSvr323232323232323232
-------\Service_Schedule3232
-------\Service_Schedule323232
-------\Service_Schedule32323232
-------\Service_SCPolicySvc32
-------\Service_SCPolicySvc3232
-------\Service_SCPolicySvc323232
-------\Service_SCPolicySvc32323232
-------\Service_SDRSVC32
-------\Service_SDRSVC3232
-------\Service_SDRSVC323232
-------\Service_SDRSVC32323232
-------\Service_SDRSVC3232323232
-------\Service_SDRSVC323232323232
-------\Service_SDRSVC32323232323232
-------\Service_SDRSVC3232323232323232
-------\Service_SDRSVC323232323232323232
-------\Service_SDRSVC32323232323232323232
-------\Service_seclogon3232
-------\Service_seclogon323232
-------\Service_seclogon32323232
-------\Service_SENS32
-------\Service_SENS3232
-------\Service_SENS323232
-------\Service_SENS32323232
-------\Service_SENS3232323232
-------\Service_SensrSvc32
-------\Service_SensrSvc3232
-------\Service_SensrSvc323232
-------\Service_SensrSvc32323232
-------\Service_SensrSvc3232323232
-------\Service_SensrSvc323232323232
-------\Service_SessionEnv32
-------\Service_SessionEnv3232
-------\Service_SessionEnv323232
-------\Service_SessionEnv32323232
-------\Service_SessionEnv3232323232
-------\Service_SessionEnv323232323232
-------\Service_SessionEnv32323232323232
-------\Service_SessionEnv3232323232323232
-------\Service_SessionEnv323232323232323232
-------\Service_sftlist32
-------\Service_sftlist3232
-------\Service_sftlist323232
-------\Service_sftlist32323232
-------\Service_sftlist3232323232
-------\Service_sftvsa32
-------\Service_sftvsa3232
-------\Service_sftvsa323232
-------\Service_SharedAccess3232
-------\Service_SharedAccess323232
-------\Service_SharedAccess32323232
-------\Service_SharedAccess3232323232
-------\Service_ShellHWDetection32
-------\Service_ShellHWDetection3232
-------\Service_ShellHWDetection323232
-------\Service_ShellHWDetection32323232
-------\Service_ShellHWDetection3232323232
-------\Service_SNMPTRAP32
-------\Service_SNMPTRAP3232
-------\Service_SOHCImp32
-------\Service_SOHCImp3232
-------\Service_SOHCImp323232
-------\Service_SOHCImp32323232
-------\Service_SOHCImp3232323232
-------\Service_SOHCImp323232323232
-------\Service_SOHCImp32323232323232
-------\Service_SOHCImp3232323232323232
-------\Service_SOHCImp323232323232323232
-------\Service_SOHCImp32323232323232323232
-------\Service_SOHCImp3232323232323232323232
-------\Service_SOHDs32
-------\Service_SOHDs3232
-------\Service_SOHDs323232
-------\Service_SpfService32
-------\Service_SpfService3232
-------\Service_SpfService323232
-------\Service_Spooler32
-------\Service_sppsvc32
-------\Service_sppsvc3232
-------\Service_sppsvc323232
-------\Service_sppsvc32323232
-------\Service_sppsvc3232323232
-------\Service_sppsvc323232323232
-------\Service_sppuinotify32
-------\Service_sppuinotify3232
-------\Service_sppuinotify323232
-------\Service_sppuinotify32323232
-------\Service_sppuinotify3232323232
-------\Service_SSDPSRV3232
-------\Service_SSDPSRV323232
-------\Service_SSDPSRV32323232
-------\Service_SSDPSRV3232323232
-------\Service_SSDPSRV323232323232
-------\Service_SSDPSRV32323232323232
-------\Service_SSDPSRV3232323232323232
-------\Service_SSDPSRV323232323232323232
-------\Service_SSDPSRV32323232323232323232
-------\Service_SstpSvc32
-------\Service_SstpSvc3232
-------\Service_SstpSvc323232
-------\Service_SstpSvc32323232
-------\Service_SstpSvc3232323232
-------\Service_SstpSvc323232323232
-------\Service_SstpSvc32323232323232
-------\Service_stisvc3232
-------\Service_stisvc323232
-------\Service_stisvc32323232
-------\Service_swprv32
-------\Service_swprv3232
-------\Service_swprv323232
-------\Service_swprv32323232
-------\Service_swprv3232323232
-------\Service_swprv323232323232
-------\Service_SysMain32
-------\Service_SysMain3232
-------\Service_SysMain323232
-------\Service_SysMain32323232
-------\Service_SysMain3232323232
-------\Service_SysMain323232323232
-------\Service_SysMain32323232323232
-------\Service_SysMain3232323232323232
-------\Service_SysMain323232323232323232
-------\Service_TabletInputService32
-------\Service_TabletInputService3232
-------\Service_TabletInputService323232
-------\Service_TabletInputService32323232
-------\Service_TapiSrv32
-------\Service_TBS32
-------\Service_TBS3232
-------\Service_TBS323232
-------\Service_TBS32323232
-------\Service_TBS3232323232
-------\Service_TermService3232
-------\Service_TermService323232
-------\Service_Themes32
-------\Service_Themes3232
-------\Service_Themes323232
-------\Service_Themes32323232
-------\Service_THREADORDER32
-------\Service_THREADORDER3232
-------\Service_THREADORDER323232
-------\Service_THREADORDER32323232
-------\Service_THREADORDER3232323232
-------\Service_THREADORDER323232323232
-------\Service_THREADORDER32323232323232
-------\Service_THREADORDER3232323232323232
-------\Service_THREADORDER323232323232323232
-------\Service_TrkWks32
-------\Service_TrkWks3232
-------\Service_TrkWks323232
-------\Service_TrustedInstaller32
-------\Service_TrustedInstaller3232
-------\Service_TrustedInstaller323232
-------\Service_TrustedInstaller32323232
-------\Service_TrustedInstaller3232323232
-------\Service_TrustedInstaller323232323232
-------\Service_TrustedInstaller32323232323232
-------\Service_TrustedInstaller3232323232323232
-------\Service_TrustedInstaller323232323232323232
-------\Service_UI0Detect32
-------\Service_UI0Detect3232
-------\Service_UNS32
-------\Service_UNS3232
-------\Service_UNS323232
-------\Service_UNS32323232
-------\Service_UNS3232323232
-------\Service_UNS323232323232
-------\Service_UNS32323232323232
-------\Service_UNS3232323232323232
-------\Service_upnphost32
-------\Service_upnphost3232
-------\Service_upnphost323232
-------\Service_upnphost32323232
-------\Service_upnphost3232323232
-------\Service_UxSms32
-------\Service_UxSms3232
-------\Service_UxSms323232
-------\Service_VAIO Event Service32
-------\Service_VAIO Event Service3232
-------\Service_VAIO Event Service323232
-------\Service_VAIO Event Service32323232
-------\Service_VAIO Event Service3232323232
-------\Service_VAIO Event Service323232323232
-------\Service_VaultSvc32
-------\Service_VaultSvc3232
-------\Service_VaultSvc323232
-------\Service_VCFw32
-------\Service_VCFw3232
-------\Service_VcmIAlzMgr32
-------\Service_VcmIAlzMgr3232
-------\Service_VcmIAlzMgr323232
-------\Service_VcmIAlzMgr32323232
-------\Service_VcmINSMgr32
-------\Service_VcmINSMgr3232
-------\Service_VcmINSMgr323232
-------\Service_VcmINSMgr32323232
-------\Service_VcmINSMgr3232323232
-------\Service_VcmXmlIfHelper32
-------\Service_VcmXmlIfHelper3232
-------\Service_VcmXmlIfHelper323232
-------\Service_VcmXmlIfHelper32323232
-------\Service_VcmXmlIfHelper3232323232
-------\Service_VcmXmlIfHelper323232323232
-------\Service_VcmXmlIfHelper32323232323232
-------\Service_VCService32
-------\Service_VCService3232
-------\Service_VCService323232
-------\Service_VCService32323232
-------\Service_vds32
-------\Service_vds3232
-------\Service_vds323232
-------\Service_vds32323232
-------\Service_vds3232323232
-------\Service_vds323232323232
-------\Service_vds32323232323232
-------\Service_vds3232323232323232
-------\Service_VSNService32
-------\Service_VSNService3232
-------\Service_VSNService323232
-------\Service_VSNService32323232
-------\Service_VSNService3232323232
-------\Service_VSNService323232323232
-------\Service_VSNService32323232323232
-------\Service_VSNService3232323232323232
-------\Service_VSS32
-------\Service_VSS3232
-------\Service_VSS323232
-------\Service_VSS32323232
-------\Service_VSS3232323232
-------\Service_VSS323232323232
-------\Service_VSS32323232323232
-------\Service_VUAgent32
-------\Service_VUAgent3232
-------\Service_VUAgent323232
-------\Service_VUAgent32323232
-------\Service_VUAgent3232323232
-------\Service_VUAgent323232323232
-------\Service_VUAgent32323232323232
-------\Service_W32Time3232
-------\Service_W32Time323232
-------\Service_W32Time32323232
-------\Service_W32Time3232323232
-------\Service_W32Time323232323232
-------\Service_W32Time32323232323232
-------\Service_W32Time3232323232323232
-------\Service_WatAdminSvc32
-------\Service_WatAdminSvc3232
-------\Service_WatAdminSvc323232
-------\Service_WatAdminSvc32323232
-------\Service_WatAdminSvc3232323232
-------\Service_wbengine32
-------\Service_wbengine3232
-------\Service_wbengine323232
-------\Service_WbioSrvc32
-------\Service_WbioSrvc3232
-------\Service_WbioSrvc323232
-------\Service_WbioSrvc32323232
-------\Service_WbioSrvc3232323232
-------\Service_WbioSrvc323232323232
-------\Service_WbioSrvc32323232323232
-------\Service_wcncsvc32
-------\Service_wcncsvc3232
-------\Service_wcncsvc323232
-------\Service_WcsPlugInService32
-------\Service_WcsPlugInService3232
-------\Service_WdiServiceHost32
-------\Service_WdiServiceHost3232
-------\Service_WdiServiceHost323232
-------\Service_WdiServiceHost32323232
-------\Service_WdiServiceHost3232323232
-------\Service_WdiSystemHost32
-------\Service_WdiSystemHost3232
-------\Service_WdiSystemHost323232
-------\Service_WdiSystemHost32323232
-------\Service_WebClient32
-------\Service_WebClient3232
-------\Service_WebClient323232
-------\Service_WebrootSpySweeperService32
-------\Service_WebrootSpySweeperService3232
-------\Service_WebrootSpySweeperService323232
-------\Service_WebrootSpySweeperService32323232
-------\Service_WebrootSpySweeperService3232323232
-------\Service_WebrootSpySweeperService323232323232
-------\Service_WebrootSpySweeperService32323232323232
-------\Service_WebrootSpySweeperService3232323232323232
-------\Service_WebrootSpySweeperService323232323232323232
-------\Service_Wecsvc32
-------\Service_Wecsvc3232
-------\Service_Wecsvc323232
-------\Service_Wecsvc32323232
-------\Service_Wecsvc3232323232
-------\Service_Wecsvc323232323232
-------\Service_Wecsvc32323232323232
-------\Service_Wecsvc3232323232323232
-------\Service_Wecsvc323232323232323232
-------\Service_wercplsupport32
-------\Service_wercplsupport3232
-------\Service_wercplsupport323232
-------\Service_wercplsupport32323232
-------\Service_wercplsupport3232323232
-------\Service_WerSvc32
-------\Service_WerSvc3232
-------\Service_WerSvc323232
-------\Service_WerSvc32323232
-------\Service_WiMAXAppSrv32
-------\Service_WiMAXAppSrv3232
-------\Service_WiMAXAppSrv323232
-------\Service_WiMAXAppSrv32323232
-------\Service_WiMAXAppSrv3232323232
-------\Service_WiMAXAppSrv323232323232
-------\Service_WiMAXAppSrv32323232323232
-------\Service_WiMAXAppSrv3232323232323232
-------\Service_WinDefend32
-------\Service_WinHttpAutoProxySvc32
-------\Service_WinHttpAutoProxySvc3232
-------\Service_WinHttpAutoProxySvc323232
-------\Service_WinHttpAutoProxySvc32323232
-------\Service_WinHttpAutoProxySvc3232323232
-------\Service_Winmgmt32
-------\Service_Winmgmt3232
-------\Service_Winmgmt323232
-------\Service_Winmgmt32323232
-------\Service_WinRM32
-------\Service_WinRM3232
-------\Service_WinRM323232
-------\Service_WinRM32323232
-------\Service_WinRM3232323232
-------\Service_Wlansvc32
-------\Service_wlcrasvc32
-------\Service_wlcrasvc3232
-------\Service_wlcrasvc323232
-------\Service_wlidsvc32
-------\Service_wlidsvc3232
-------\Service_wlidsvc323232
-------\Service_wlidsvc32323232
-------\Service_wlidsvc3232323232
-------\Service_wmiApSrv3232
-------\Service_wmiApSrv323232
-------\Service_wmiApSrv32323232
-------\Service_wmiApSrv3232323232
-------\Service_wmiApSrv323232323232
-------\Service_wmiApSrv32323232323232
-------\Service_WMPNetworkSvc32
-------\Service_WMPNetworkSvc3232
-------\Service_WPCSvc32
-------\Service_WPCSvc3232
-------\Service_WPCSvc323232
-------\Service_WPCSvc32323232
-------\Service_WPCSvc3232323232
-------\Service_WPCSvc323232323232
-------\Service_WPDBusEnum32
-------\Service_WPDBusEnum3232
-------\Service_WPDBusEnum323232
-------\Service_WRConsumerService32
-------\Service_WRConsumerService3232
-------\Service_WRConsumerService323232
-------\Service_WRConsumerService32323232
-------\Service_WRConsumerService3232323232
-------\Service_wscsvc32
-------\Service_wscsvc3232
-------\Service_wscsvc323232
-------\Service_wscsvc32323232
-------\Service_wscsvc3232323232
-------\Service_wscsvc323232323232
-------\Service_WSearch32
-------\Service_WSearch3232
-------\Service_wuauserv3232
-------\Service_wuauserv323232
-------\Service_wuauserv32323232
-------\Service_wuauserv3232323232
-------\Service_wuauserv323232323232
-------\Service_wudfsvc32
-------\Service_wudfsvc3232
-------\Service_wudfsvc323232
-------\Service_wudfsvc32323232
-------\Service_wudfsvc3232323232
-------\Service_wudfsvc323232323232
-------\Service_wudfsvc32323232323232
-------\Service_wudfsvc3232323232323232
-------\Service_WwanSvc32
-------\Service_WwanSvc3232
-------\Service_WwanSvc323232
-------\Service_WwanSvc3232323232
-------\Service_WwanSvc323232323232
.
.
((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-29 )))))))))))))))))))))))))))))))
.
.
2013-05-29 11:37 . 2013-05-29 11:37 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-05-29 11:37 . 2013-05-29 11:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-28 11:06 . 2013-05-28 11:06 -------- d-----w- C:\_OTL
2013-05-25 14:16 . 2013-05-25 14:16 -------- d-----w- c:\windows\ERUNT
2013-05-25 14:16 . 2013-05-25 14:16 -------- d-----w- C:\JRT
2013-05-25 02:03 . 2013-05-25 02:03 -------- d-----w- C:\_OTM
2013-05-25 01:21 . 2013-05-25 01:21 -------- d-----w- C:\TDSSKiller_Quarantine
2013-05-23 22:37 . 2013-05-23 22:37 212992 --sha-r- c:\windows\SysWow64\pt-PTD.dll
2013-05-21 21:47 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{91BD79FF-BDD7-4F62-87D9-2FD1C996361A}\mpengine.dll
2013-05-14 20:36 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 21:19 . 2012-07-17 19:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-15 00:23 . 2012-06-18 22:24 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 00:23 . 2011-07-12 11:40 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 06:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-14 20:36 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-14 20:36 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-14 20:36 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-14 20:36 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-14 20:36 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-14 20:36 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 20:52 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-04 18:50 . 2011-07-22 21:34 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 20:30 . 2013-04-02 20:30 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-02 20:30 . 2013-04-02 20:30 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-02 20:30 . 2013-04-02 20:30 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-02 20:30 . 2013-04-02 20:30 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-02 20:30 . 2013-04-02 20:30 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-02 20:30 . 2013-04-02 20:30 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-02 20:30 . 2013-04-02 20:30 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-02 20:30 . 2013-04-02 20:30 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-02 20:30 . 2013-04-02 20:30 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-02 20:30 . 2013-04-02 20:30 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-02 20:30 . 2013-04-02 20:30 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-02 20:30 . 2013-04-02 20:30 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-02 20:30 . 2013-04-02 20:30 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-02 20:30 . 2013-04-02 20:30 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-02 20:30 . 2013-04-02 20:30 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-02 20:30 . 2013-04-02 20:30 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-02 20:30 . 2013-04-02 20:30 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-02 20:30 . 2013-04-02 20:30 441856 ----a-w- c:\windows\system32\html.iec
2013-04-02 20:30 . 2013-04-02 20:30 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-02 20:30 . 2013-04-02 20:30 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-02 20:30 . 2013-04-02 20:30 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-02 20:30 . 2013-04-02 20:30 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-02 20:30 . 2013-04-02 20:30 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-02 20:30 . 2013-04-02 20:30 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-02 20:30 . 2013-04-02 20:30 235008 ----a-w- c:\windows\system32\url.dll
2013-04-02 20:30 . 2013-04-02 20:30 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-02 20:30 . 2013-04-02 20:30 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-02 20:30 . 2013-04-02 20:30 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-02 20:30 . 2013-04-02 20:30 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-02 20:30 . 2013-04-02 20:30 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-02 20:30 . 2013-04-02 20:30 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-02 20:30 . 2013-04-02 20:30 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-02 20:30 . 2013-04-02 20:30 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-02 20:30 . 2013-04-02 20:30 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-02 20:30 . 2013-04-02 20:30 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-02 20:30 . 2013-04-02 20:30 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-02 20:30 . 2013-04-02 20:30 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-02 20:30 . 2013-04-02 20:30 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-02 20:30 . 2013-04-02 20:30 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-02 20:30 . 2013-04-02 20:30 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-02 20:30 . 2013-04-02 20:30 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-02 20:30 . 2013-04-02 20:30 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-02 20:30 . 2013-04-02 20:30 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-02 20:30 . 2013-04-02 20:30 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-02 20:30 . 2013-04-02 20:30 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-02 20:30 . 2013-04-02 20:30 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-02 20:30 . 2013-04-02 20:30 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-02 20:30 . 2013-04-02 20:30 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-02 20:30 . 2013-04-02 20:30 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-19 06:04 . 2013-04-11 01:30 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-11 01:30 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-11 01:30 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-11 01:30 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-11 01:30 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-11 01:30 112640 ----a-w- c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-16 22:39 220632 ----a-w- c:\users\___\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-16 22:39 220632 ----a-w- c:\users\___\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-16 22:39 220632 ----a-w- c:\users\___\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"DigiDo"="c:\program files (x86)\Optimum\DigiDo\TrayApp.exe" [2011-10-17 1154416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
2;2 UNS;Intel® Management and Security Application User Notification Service [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-02-19 546608]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2011-03-30 1021112]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-02 1255736]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-02-28 852160]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-02-17 75264]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-02-17 174080]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-02-17 81920]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-02-11 76912]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-03-28 333928]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-04-26 12032]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 00:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-16 22:39 244696 ----a-w- c:\users\___\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-16 22:39 244696 ----a-w- c:\users\___\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-16 22:39 244696 ----a-w- c:\users\___\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-03-09 518784]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCUDelayStartup.exe" [2011-03-02 718336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 167744]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 392512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 417088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{5EECAD8D-E2C3-4F9C-91E3-7490C63E1274}: NameServer = 0.0.0.0
FF - ProfilePath - c:\users\___\AppData\Roaming\Mozilla\Firefox\Profiles\sbdqlarq.default-1369538825987\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-TimeServer - c:\users\___\AppData\Roaming\SoftGrid Client\WIN7574.exe
SafeBoot-41503383.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-947907804-1673121893-2589414172-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-947907804-1673121893-2589414172-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Optimum\DigiDo\AffinegyService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
c:\program files (x86)\DDNi\Oasis\VAIO Messenger.exe
.
**************************************************************************
.
Completion time: 2013-05-29 07:41:33 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-29 11:41
ComboFix2.txt 2013-05-25 19:12
ComboFix3.txt 2013-05-25 00:53
ComboFix4.txt 2013-05-24 11:43
ComboFix5.txt 2013-05-29 11:30
.
Pre-Run: 579,446,833,152 bytes free
Post-Run: 579,365,359,616 bytes free
.
- - End Of File - - D3134F89BDD55588DAA648444C0F8FFE
Hi Gringo, I ran the fix but haven't had much chance to observe if it is still redirecting. I'll check the computer out some more after work this evening and let you know. Thanks.
#21
Posted 29 May 2013 - 06:23 AM
Hello
Run this once more when you come back and then check things again
At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.
:Run CFScript:
Please start by opening Notepad and copy/paste the text in the box into the window:
Save it to your desktop as CFScript.txt
Referring to the picture above, drag CFScript.txt into ComboFix.exe
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer
"information and logs"
Gringo
Run this once more when you come back and then check things again
At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.
:Run CFScript:
Please start by opening Notepad and copy/paste the text in the box into the window:
ClearJavaCache:: Rootkit:: c:\windows\SysWow64\pt-PTD.dll
Save it to your desktop as CFScript.txt
Referring to the picture above, drag CFScript.txt into ComboFix.exe
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer
"information and logs"
- In your next post I need the following
- report from Combofix
- let me know of any problems you may have had
- How is the computer doing now after running the script?
Gringo
#22
Posted 02 June 2013 - 12:55 AM
Hello
48 Hour bump
It has been more than 48 hours since my last post.
Gringo
48 Hour bump
It has been more than 48 hours since my last post.
- do you still need help with this?
- do you need more time?
- are you having problems following my instructions?
- if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
#23
Posted 02 June 2013 - 08:51 PM
Gringo, I'm very sorry I was forced to do a system restore. I do not know why but the redirecting would not stop and in fact got worse. Then for some reason after we last spoke, both my browsers started crashing and I could not connect to the internet, and I had no alternative but to restore. thanks for your help.
#24
Posted 02 June 2013 - 09:19 PM
No problem and thank you for letting me know
Gringo
Gringo
#25
Posted 07 June 2013 - 11:26 AM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users