Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox Google Redirect Virus


  • This topic is locked This topic is locked
14 replies to this topic

#1 sally1987

sally1987

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 24 September 2011 - 06:27 PM

Hello,

In the last month or so I've been infected with a Google redirect virus. It only seems to affect Firefox. I've run a few different programs to try and get rid of the virus like Malwarebytes and TDSSKiller, but it always seems to return.

A friend suggested to try Combofix, but I'm not sure where to go from there.

Any advice is welcome!

Thank you.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 33,480 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:00 AM

Posted 24 September 2011 - 10:01 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SuperAntiSpyware, SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript


#3 sally1987

sally1987
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 25 September 2011 - 07:32 PM

Thank you.

I started with step 6, ran defogger with no problems.
Then I ran DDS w/ also no problems. Please see the attached log and the one below.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Sally at 18:55:25 on 2011-09-25
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.1380 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\windows\system32\mfevtps.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\notepad.exe
C:\windows\system32\StikyNot.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110516232525.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [RESTART_STICKY_NOTES] C:\windows\system32\StikyNot.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
mRun: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent
mRun: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0231B2BC-A09A-42B7-8C66-B8D4ED6DA624} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0231B2BC-A09A-42B7-8C66-B8D4ED6DA624}\1333530234861627C6F6474756023747 : DhcpNameServer = 192.168.50.1
TCP: Interfaces\{0231B2BC-A09A-42B7-8C66-B8D4ED6DA624}\2375942554934373 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1403E215-CB98-40C4-87AC-A58825996B3E} : DhcpNameServer = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110516232525.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
mRun-x64: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
mRun-x64: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent
mRun-x64: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\q0i65whz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-22 366152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2011-9-13 102608]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-2-23 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-2-23 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-2-23 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-2-23 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-2-23 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\windows\system32\mfevtps.exe" --> C:\windows\system32\mfevtps.exe [?]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-8-13 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2010-8-13 126392]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atipmdag.sys --> C:\windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
S2 AeLookupSvc32;Application Experience ;C:\ProgramData\adsldpc32.exe --> C:\ProgramData\adsldpc32.exe [?]
S2 AeLookupSvc323232;Application Experience ;C:\ProgramData\acledit32.exe --> C:\ProgramData\acledit32.exe [?]
S2 AeLookupSvc3232323232;Application Experience ;C:\ProgramData\KBDHEPT32.exe --> C:\ProgramData\KBDHEPT32.exe [?]
S2 AeLookupSvc323232323232;Application Experience ;C:\ProgramData\C_G1803032.exe --> C:\ProgramData\C_G1803032.exe [?]
S2 ALG323232;Application Layer Gateway Service ;C:\ProgramData\jscript32.exe --> C:\ProgramData\jscript32.exe [?]
S2 ALG32323232;Application Layer Gateway Service ;C:\ProgramData\vaultcli32.exe --> C:\ProgramData\vaultcli32.exe [?]
S2 AMD External Events Utility32;AMD External Events Utility ;C:\ProgramData\iprtprio32.exe --> C:\ProgramData\iprtprio32.exe [?]
S2 AMD External Events Utility3232;AMD External Events Utility ;C:\ProgramData\NlsData000732.exe --> C:\ProgramData\NlsData000732.exe [?]
S2 AMD External Events Utility323232;AMD External Events Utility ;C:\ProgramData\clb32.exe --> C:\ProgramData\clb32.exe [?]
S2 AMD External Events Utility32323232;AMD External Events Utility ;C:\ProgramData\efscore32.exe --> C:\ProgramData\efscore32.exe [?]
S2 AMD External Events Utility3232323232;AMD External Events Utility ;C:\ProgramData\netjoin32.exe --> C:\ProgramData\netjoin32.exe [?]
S2 AppIDSvc3232;Application Identity ;C:\ProgramData\vpnikeapi32.exe --> C:\ProgramData\vpnikeapi32.exe [?]
S2 AppIDSvc323232;Application Identity ;C:\ProgramData\NlsData004632.exe --> C:\ProgramData\NlsData004632.exe [?]
S2 AppIDSvc32323232;Application Identity ;C:\ProgramData\wkscli32.exe --> C:\ProgramData\wkscli32.exe [?]
S2 Appinfo32;Application Information ;C:\ProgramData\icm3232.exe --> C:\ProgramData\icm3232.exe [?]
S2 Appinfo3232;Application Information ;C:\ProgramData\feclient32.exe --> C:\ProgramData\feclient32.exe [?]
S2 Apple Mobile Device32;Apple Mobile Device ;C:\ProgramData\mprmsg32.exe --> C:\ProgramData\mprmsg32.exe [?]
S2 Apple Mobile Device3232;Apple Mobile Device ;C:\ProgramData\wlaninst32.exe --> C:\ProgramData\wlaninst32.exe [?]
S2 Apple Mobile Device323232;Apple Mobile Device ;C:\ProgramData\framedynos32.exe --> C:\ProgramData\framedynos32.exe [?]
S2 AudioEndpointBuilder32;Windows Audio Endpoint Builder ;C:\ProgramData\D3DCompiler_4132.exe --> C:\ProgramData\D3DCompiler_4132.exe [?]
S2 AudioEndpointBuilder3232;Windows Audio Endpoint Builder ;C:\ProgramData\DevicePairing32.exe --> C:\ProgramData\DevicePairing32.exe [?]
S2 AudioSrv32;Windows Audio ;C:\ProgramData\WsmRes32.exe --> C:\ProgramData\WsmRes32.exe [?]
S2 AudioSrv3232;Windows Audio ;C:\ProgramData\mfmjpegdec32.exe --> C:\ProgramData\mfmjpegdec32.exe [?]
S2 AudioSrv323232;Windows Audio ;C:\ProgramData\ir50_3232.exe --> C:\ProgramData\ir50_3232.exe [?]
S2 AxInstSV32;ActiveX Installer (AxInstSV) ;C:\ProgramData\dataclen32.exe --> C:\ProgramData\dataclen32.exe [?]
S2 BBSvc3232;Bing Bar Update Service ;C:\ProgramData\ds32gt32.exe --> C:\ProgramData\ds32gt32.exe [?]
S2 BDESVC32;BitLocker Drive Encryption Service ;C:\ProgramData\dpnathlp32.exe --> C:\ProgramData\dpnathlp32.exe [?]
S2 BDESVC3232;BitLocker Drive Encryption Service ;C:\ProgramData\werdiagcontroller32.exe --> C:\ProgramData\werdiagcontroller32.exe [?]
S2 BDESVC323232;BitLocker Drive Encryption Service ;C:\ProgramData\kbdnec32.exe --> C:\ProgramData\kbdnec32.exe [?]
S2 BDESVC32323232;BitLocker Drive Encryption Service ;C:\ProgramData\resutils32.exe --> C:\ProgramData\resutils32.exe [?]
S2 BDESVC3232323232;BitLocker Drive Encryption Service ;C:\ProgramData\spwizres32.exe --> C:\ProgramData\spwizres32.exe [?]
S2 BFE32;Base Filtering Engine ;C:\ProgramData\MP43DECD32.exe --> C:\ProgramData\MP43DECD32.exe [?]
S2 BFE3232;Base Filtering Engine ;C:\ProgramData\SyncInfrastructureps32.exe --> C:\ProgramData\SyncInfrastructureps32.exe [?]
S2 BFE32323232;Base Filtering Engine ;C:\ProgramData\webcheck32.exe --> C:\ProgramData\webcheck32.exe [?]
S2 BFE3232323232;Base Filtering Engine ;C:\ProgramData\NlsData081a32.exe --> C:\ProgramData\NlsData081a32.exe [?]
S2 Bonjour Service32;Bonjour Service ;C:\windows\system32\iprop32.exe --> C:\windows\system32\iprop32.exe [?]
S2 Bonjour Service3232;Bonjour Service ;C:\ProgramData\dimsjob32.exe --> C:\ProgramData\dimsjob32.exe [?]
S2 Bonjour Service323232;Bonjour Service ;C:\ProgramData\api-ms-win-core-xstate-l1-1-032.exe --> C:\ProgramData\api-ms-win-core-xstate-l1-1-032.exe [?]
S2 Bonjour Service32323232;Bonjour Service ;C:\ProgramData\XpsPrint32.exe --> C:\ProgramData\XpsPrint32.exe [?]
S2 Bonjour Service3232323232;Bonjour Service ;C:\ProgramData\wecapi32.exe --> C:\ProgramData\wecapi32.exe [?]
S2 Bonjour Service323232323232;Bonjour Service ;C:\ProgramData\KBDAZEL32.exe --> C:\ProgramData\KBDAZEL32.exe [?]
S2 Browser3232;Computer Browser ;C:\ProgramData\appidapi32.exe --> C:\ProgramData\appidapi32.exe [?]
S2 Browser323232;Computer Browser ;C:\ProgramData\api-ms-win-core-errorhandling-l1-1-032.exe --> C:\ProgramData\api-ms-win-core-errorhandling-l1-1-032.exe [?]
S2 bthserv32;Bluetooth Support Service ;C:\ProgramData\KBDSF32.exe --> C:\ProgramData\KBDSF32.exe [?]
S2 bthserv3232;Bluetooth Support Service ;C:\ProgramData\wuwebv32.exe --> C:\ProgramData\wuwebv32.exe [?]
S2 bthserv323232;Bluetooth Support Service ;C:\ProgramData\nlmsprep32.exe --> C:\ProgramData\nlmsprep32.exe [?]
S2 bthserv32323232;Bluetooth Support Service ;C:\ProgramData\InkEd32.exe --> C:\ProgramData\InkEd32.exe [?]
S2 CertPropSvc32;Certificate Propagation ;C:\ProgramData\httpapi32.exe --> C:\ProgramData\httpapi32.exe [?]
S2 CertPropSvc3232;Certificate Propagation ;C:\ProgramData\dmintf32.exe --> C:\ProgramData\dmintf32.exe [?]
S2 CertPropSvc32323232;Certificate Propagation ;C:\ProgramData\BWUnpairElevated32.exe --> C:\ProgramData\BWUnpairElevated32.exe [?]
S2 clr_optimization_v2.0.50727_32323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;C:\ProgramData\jdns_sd32.exe --> C:\ProgramData\jdns_sd32.exe [?]
S2 clr_optimization_v2.0.50727_3232323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;C:\ProgramData\comdlg3232.exe --> C:\ProgramData\comdlg3232.exe [?]
S2 clr_optimization_v2.0.50727_323232323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;C:\ProgramData\rtffilt32.exe --> C:\ProgramData\rtffilt32.exe [?]
S2 clr_optimization_v2.0.50727_32323232323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;C:\ProgramData\wdigest32.exe --> C:\ProgramData\wdigest32.exe [?]
S2 clr_optimization_v2.0.50727_3232323232323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;C:\ProgramData\UIRibbon32.exe --> C:\ProgramData\UIRibbon32.exe [?]
S2 clr_optimization_v2.0.50727_6432;Microsoft .NET Framework NGEN v2.0.50727_X64 ;C:\ProgramData\msidntld32.exe --> C:\ProgramData\msidntld32.exe [?]
S2 clr_optimization_v2.0.50727_643232;Microsoft .NET Framework NGEN v2.0.50727_X64 ;C:\ProgramData\WsmAuto32.exe --> C:\ProgramData\WsmAuto32.exe [?]
S2 clr_optimization_v2.0.50727_64323232;Microsoft .NET Framework NGEN v2.0.50727_X64 ;C:\ProgramData\wsmplpxy32.exe --> C:\ProgramData\wsmplpxy32.exe [?]
S2 clr_optimization_v2.0.50727_6432323232;Microsoft .NET Framework NGEN v2.0.50727_X64 ;C:\ProgramData\XAudio2_532.exe --> C:\ProgramData\XAudio2_532.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_323232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;C:\ProgramData\OnLineIDCpl32.exe --> C:\ProgramData\OnLineIDCpl32.exe [?]
S2 clr_optimization_v4.0.30319_32323232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;C:\ProgramData\userenv32.exe --> C:\ProgramData\userenv32.exe [?]
S2 clr_optimization_v4.0.30319_3232323232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;C:\ProgramData\QCLIPROV32.exe --> C:\ProgramData\QCLIPROV32.exe [?]
S2 clr_optimization_v4.0.30319_323232323232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;C:\ProgramData\fdWCN32.exe --> C:\ProgramData\fdWCN32.exe [?]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 clr_optimization_v4.0.30319_6432;Microsoft .NET Framework NGEN v4.0.30319_X64 ;C:\ProgramData\avicap3232.exe --> C:\ProgramData\avicap3232.exe [?]
S2 COMSysApp32;COM+ System Application ;C:\ProgramData\MP4SDECD32.exe --> C:\ProgramData\MP4SDECD32.exe [?]
S2 CryptSvc32;Cryptographic Services ;C:\ProgramData\KBDINORI32.exe --> C:\ProgramData\KBDINORI32.exe [?]
S2 cvhsvc32;Client Virtualization Handler ;C:\ProgramData\htui32.exe --> C:\ProgramData\htui32.exe [?]
S2 cvhsvc3232;Client Virtualization Handler ;C:\ProgramData\eqossnap32.exe --> C:\ProgramData\eqossnap32.exe [?]
S2 cvhsvc323232;Client Virtualization Handler ;C:\ProgramData\aticfx3232.exe --> C:\ProgramData\aticfx3232.exe [?]
S2 DcomLaunch3232;DCOM Server Process Launcher ;C:\ProgramData\cmipnpinstall32.exe --> C:\ProgramData\cmipnpinstall32.exe [?]
S2 DcomLaunch323232;DCOM Server Process Launcher ;C:\ProgramData\KBDMAC32.exe --> C:\ProgramData\KBDMAC32.exe [?]
S2 DcomLaunch32323232;DCOM Server Process Launcher ;C:\ProgramData\winsockhc32.exe --> C:\ProgramData\winsockhc32.exe [?]
S2 DcomLaunch3232323232;DCOM Server Process Launcher ;C:\ProgramData\iologmsg32.exe --> C:\ProgramData\iologmsg32.exe [?]
S2 defragsvc32;Disk Defragmenter ;C:\ProgramData\scansetting32.exe --> C:\ProgramData\scansetting32.exe [?]
S2 defragsvc323232;Disk Defragmenter ;C:\ProgramData\LAPRXY32.exe --> C:\ProgramData\LAPRXY32.exe [?]
S2 Dhcp3232;DHCP Client ;C:\ProgramData\traffic32.exe --> C:\ProgramData\traffic32.exe [?]
S2 Dnscache32;DNS Client ;C:\ProgramData\perfts32.exe --> C:\ProgramData\perfts32.exe [?]
S2 Dnscache3232;DNS Client ;C:\ProgramData\odbcint32.exe --> C:\ProgramData\odbcint32.exe [?]
S2 Dnscache323232;DNS Client ;C:\ProgramData\WMPEncEn32.exe --> C:\ProgramData\WMPEncEn32.exe [?]
S2 DPS32;Diagnostic Policy Service ;C:\ProgramData\SessEnv32.exe --> C:\ProgramData\SessEnv32.exe [?]
S2 DPS3232;Diagnostic Policy Service ;C:\ProgramData\sxs32.exe --> C:\ProgramData\sxs32.exe [?]
S2 DPS32323232;Diagnostic Policy Service ;C:\ProgramData\shimgvw32.exe --> C:\ProgramData\shimgvw32.exe [?]
S2 EapHost32;Extensible Authentication Protocol ;C:\ProgramData\verifier32.exe --> C:\ProgramData\verifier32.exe [?]
S2 EapHost32323232;Extensible Authentication Protocol ;C:\ProgramData\d3d10level932.exe --> C:\ProgramData\d3d10level932.exe [?]
S2 EapHost3232323232;Extensible Authentication Protocol ;C:\ProgramData\ntmarta32.exe --> C:\ProgramData\ntmarta32.exe [?]
S2 EFS32;Encrypting File System (EFS) ;C:\ProgramData\licmgr1032.exe --> C:\ProgramData\licmgr1032.exe [?]
S2 EFS3232;Encrypting File System (EFS) ;C:\ProgramData\nshipsec32.exe --> C:\ProgramData\nshipsec32.exe [?]
S2 EFS323232;Encrypting File System (EFS) ;C:\ProgramData\encapi32.exe --> C:\ProgramData\encapi32.exe [?]
S2 ehSched32;Windows Media Center Scheduler Service ;C:\ProgramData\winnsi32.exe --> C:\ProgramData\winnsi32.exe [?]
S2 eventlog32;Windows Event Log ;C:\ProgramData\qwave32.exe --> C:\ProgramData\qwave32.exe [?]
S2 eventlog3232;Windows Event Log ;C:\ProgramData\ole2disp32.exe --> C:\ProgramData\ole2disp32.exe [?]
S2 eventlog323232;Windows Event Log ;C:\ProgramData\wmpsrcwp32.exe --> C:\ProgramData\wmpsrcwp32.exe [?]
S2 eventlog32323232;Windows Event Log ;C:\ProgramData\FirewallControlPanel32.exe --> C:\ProgramData\FirewallControlPanel32.exe [?]
S2 eventlog3232323232;Windows Event Log ;C:\ProgramData\AuthFWWizFwk32.exe --> C:\ProgramData\AuthFWWizFwk32.exe [?]
S2 eventlog323232323232;Windows Event Log ;C:\ProgramData\msvcrt4032.exe --> C:\ProgramData\msvcrt4032.exe [?]
S2 eventlog32323232323232;Windows Event Log ;C:\ProgramData\KBDTAT32.exe --> C:\ProgramData\KBDTAT32.exe [?]
S2 eventlog3232323232323232;Windows Event Log ;C:\ProgramData\RPCNDFP32.exe --> C:\ProgramData\RPCNDFP32.exe [?]
S2 EventSystem32;COM+ Event System ;C:\ProgramData\mscoree32.exe --> C:\ProgramData\mscoree32.exe [?]
S2 EventSystem3232;COM+ Event System ;C:\ProgramData\msvcp7132.exe --> C:\ProgramData\msvcp7132.exe [?]
S2 Fax32;Fax ;C:\ProgramData\mapistub32.exe --> C:\ProgramData\mapistub32.exe [?]
S2 Fax3232;Fax ;C:\ProgramData\kbdnec9532.exe --> C:\ProgramData\kbdnec9532.exe [?]
S2 Fax323232;Fax ;C:\ProgramData\pstorec32.exe --> C:\ProgramData\pstorec32.exe [?]
S2 Fax32323232;Fax ;C:\ProgramData\bitsprx432.exe --> C:\ProgramData\bitsprx432.exe [?]
S2 fdPHost32;Function Discovery Provider Host ;C:\ProgramData\rpcnsh32.exe --> C:\ProgramData\rpcnsh32.exe [?]
S2 fdPHost3232;Function Discovery Provider Host ;C:\ProgramData\DeviceMetadataParsers32.exe --> C:\ProgramData\DeviceMetadataParsers32.exe [?]
S2 fdPHost323232;Function Discovery Provider Host ;C:\ProgramData\NlsLexicons081632.exe --> C:\ProgramData\NlsLexicons081632.exe [?]
S2 fdPHost323232323232;Function Discovery Provider Host ;C:\ProgramData\eventcls32.exe --> C:\ProgramData\eventcls32.exe [?]
S2 fdPHost32323232323232;Function Discovery Provider Host ;C:\ProgramData\xwizards32.exe --> C:\ProgramData\xwizards32.exe [?]
S2 FDResPub3232;Function Discovery Resource Publication ;C:\ProgramData\StorageContextHandler32.exe --> C:\ProgramData\StorageContextHandler32.exe [?]
S2 FDResPub323232;Function Discovery Resource Publication ;C:\ProgramData\KBDKHMR32.exe --> C:\ProgramData\KBDKHMR32.exe [?]
S2 FDResPub32323232;Function Discovery Resource Publication ;C:\ProgramData\dsuiext32.exe --> C:\ProgramData\dsuiext32.exe [?]
S2 FDResPub3232323232;Function Discovery Resource Publication ;C:\ProgramData\NlsData004a32.exe --> C:\ProgramData\NlsData004a32.exe [?]
S2 FontCache3.0.0.032;Windows Presentation Foundation Font Cache 3.0.0.0 ;C:\ProgramData\shsetup32.exe --> C:\ProgramData\shsetup32.exe [?]
S2 FontCache3.0.0.032323232;Windows Presentation Foundation Font Cache 3.0.0.0 ;C:\ProgramData\mciwave32.exe --> C:\ProgramData\mciwave32.exe [?]
S2 FontCache3.0.0.03232323232;Windows Presentation Foundation Font Cache 3.0.0.0 ;C:\ProgramData\dot3ui32.exe --> C:\ProgramData\dot3ui32.exe [?]
S2 FontCache32;Windows Font Cache Service ;C:\ProgramData\KBDTUF32.exe --> C:\ProgramData\KBDTUF32.exe [?]
S2 FontCache3232;Windows Font Cache Service ;C:\ProgramData\msaatext32.exe --> C:\ProgramData\msaatext32.exe [?]
S2 fsssvc32;Windows Live Family Safety Service ;C:\ProgramData\NlsLexicons001332.exe --> C:\ProgramData\NlsLexicons001332.exe [?]
S2 fsssvc3232;Windows Live Family Safety Service ;C:\ProgramData\rasdiag32.exe --> C:\ProgramData\rasdiag32.exe [?]
S2 fsssvc323232;Windows Live Family Safety Service ;C:\ProgramData\kbd101b32.exe --> C:\ProgramData\kbd101b32.exe [?]
S2 GameConsoleService32323232;GameConsoleService ;C:\ProgramData\uxlib32.exe --> C:\ProgramData\uxlib32.exe [?]
S2 gpsvc3232;Group Policy Client ;C:\ProgramData\tapi332.exe --> C:\ProgramData\tapi332.exe [?]
S2 gpsvc32323232;Group Policy Client ;C:\ProgramData\FWPUCLNT32.exe --> C:\ProgramData\FWPUCLNT32.exe [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-18 136176]
S2 gupdate32;Google Update Service (gupdate) ;C:\ProgramData\KBDTIPRC32.exe --> C:\ProgramData\KBDTIPRC32.exe [?]
S2 gupdate3232;Google Update Service (gupdate) ;C:\ProgramData\L2SecHC32.exe --> C:\ProgramData\L2SecHC32.exe [?]
S2 gupdate323232;Google Update Service (gupdate) ;C:\ProgramData\DeviceDisplayStatusManager32.exe --> C:\ProgramData\DeviceDisplayStatusManager32.exe [?]
S2 gupdate32323232;Google Update Service (gupdate) ;C:\ProgramData\dmime32.exe --> C:\ProgramData\dmime32.exe [?]
S2 gupdate323232323232;Google Update Service (gupdate) ;C:\ProgramData\iasads32.exe --> C:\ProgramData\iasads32.exe [?]
S2 gupdate323232323232323232;Google Update Service (gupdate) ;C:\ProgramData\PresentationHostProxy32.exe --> C:\ProgramData\PresentationHostProxy32.exe [?]
S2 gupdate32323232323232323232;Google Update Service (gupdate) ;C:\ProgramData\themecpl32.exe --> C:\ProgramData\themecpl32.exe [?]
S2 gupdatem32;Google Update Service (gupdatem) ;C:\ProgramData\NlsData000c32.exe --> C:\ProgramData\NlsData000c32.exe [?]
S2 gupdatem3232;Google Update Service (gupdatem) ;C:\ProgramData\msvcp6032.exe --> C:\ProgramData\msvcp6032.exe [?]
S2 gupdatem323232;Google Update Service (gupdatem) ;C:\ProgramData\rsaenh32.exe --> C:\ProgramData\rsaenh32.exe [?]
S2 hidserv32;Human Interface Device Access ;C:\ProgramData\GEARAspi32.exe --> C:\ProgramData\GEARAspi32.exe [?]
S2 hidserv3232;Human Interface Device Access ;C:\ProgramData\rdprefdrvapi32.exe --> C:\ProgramData\rdprefdrvapi32.exe [?]
S2 hidserv323232;Human Interface Device Access ;C:\ProgramData\NlsData001a32.exe --> C:\ProgramData\NlsData001a32.exe [?]
S2 hidserv32323232;Human Interface Device Access ;C:\ProgramData\rastls32.exe --> C:\ProgramData\rastls32.exe [?]
S2 hidserv323232323232;Human Interface Device Access ;C:\ProgramData\UIRibbonRes32.exe --> C:\ProgramData\UIRibbonRes32.exe [?]
S2 hidserv3232323232323232;Human Interface Device Access ;C:\ProgramData\FXSXP3232.exe --> C:\ProgramData\FXSXP3232.exe [?]
S2 hidserv323232323232323232;Human Interface Device Access ;C:\ProgramData\BOOTVID32.exe --> C:\ProgramData\BOOTVID32.exe [?]
S2 hkmsvc32;Health Key and Certificate Management ;C:\ProgramData\secproc_ssp32.exe --> C:\ProgramData\secproc_ssp32.exe [?]
S2 HomeGroupListener32;HomeGroup Listener ;C:\ProgramData\mswsock32.exe --> C:\ProgramData\mswsock32.exe [?]
S2 HomeGroupListener3232;HomeGroup Listener ;C:\ProgramData\nlsbres32.exe --> C:\ProgramData\nlsbres32.exe [?]
S2 HomeGroupProvider32323232;HomeGroup Provider ;C:\ProgramData\qdvd32.exe --> C:\ProgramData\qdvd32.exe [?]
S2 HomeGroupProvider3232323232;HomeGroup Provider ;C:\ProgramData\eappgnui32.exe --> C:\ProgramData\eappgnui32.exe [?]
S2 hpqcxs083232;hpqcxs08 ;C:\ProgramData\btpanui32.exe --> C:\ProgramData\btpanui32.exe [?]
S2 hpqcxs08323232;hpqcxs08 ;C:\ProgramData\wmpmde32.exe --> C:\ProgramData\wmpmde32.exe [?]
S2 hpqddsvc32;HP CUE DeviceDiscovery Service ;C:\ProgramData\NlsLexicons004732.exe --> C:\ProgramData\NlsLexicons004732.exe [?]
S2 hpqddsvc32323232;HP CUE DeviceDiscovery Service ;C:\ProgramData\AudioSes32.exe --> C:\ProgramData\AudioSes32.exe [?]
S2 hpqddsvc3232323232;HP CUE DeviceDiscovery Service ;C:\ProgramData\msxml432.exe --> C:\ProgramData\msxml432.exe [?]
S2 hpqddsvc323232323232;HP CUE DeviceDiscovery Service ;C:\ProgramData\comsvcs32.exe --> C:\ProgramData\comsvcs32.exe [?]
S2 hpqddsvc32323232323232;HP CUE DeviceDiscovery Service ;C:\ProgramData\winusb32.exe --> C:\ProgramData\winusb32.exe [?]
S2 hpqddsvc3232323232323232;HP CUE DeviceDiscovery Service ;C:\ProgramData\upnphost32.exe --> C:\ProgramData\upnphost32.exe [?]
S2 idsvc32;Windows CardSpace ;C:\ProgramData\api-ms-win-core-processthreads-l1-1-032.exe --> C:\ProgramData\api-ms-win-core-processthreads-l1-1-032.exe [?]
S2 idsvc3232;Windows CardSpace ;C:\ProgramData\vbscript32.exe --> C:\ProgramData\vbscript32.exe [?]
S2 IKEEXT32;IKE and AuthIP IPsec Keying Modules ;C:\ProgramData\d3d1132.exe --> C:\ProgramData\d3d1132.exe [?]
S2 IKEEXT3232;IKE and AuthIP IPsec Keying Modules ;C:\ProgramData\KBDHELA232.exe --> C:\ProgramData\KBDHELA232.exe [?]
S2 IKEEXT323232;IKE and AuthIP IPsec Keying Modules ;C:\ProgramData\cmutil32.exe --> C:\ProgramData\cmutil32.exe [?]
S2 IKEEXT32323232;IKE and AuthIP IPsec Keying Modules ;C:\ProgramData\mspatcha32.exe --> C:\ProgramData\mspatcha32.exe [?]
S2 IKEEXT3232323232;IKE and AuthIP IPsec Keying Modules ;C:\ProgramData\SndVolSSO32.exe --> C:\ProgramData\SndVolSSO32.exe [?]
S2 IKEEXT323232323232;IKE and AuthIP IPsec Keying Modules ;C:\ProgramData\KBDYCL32.exe --> C:\ProgramData\KBDYCL32.exe [?]
S2 IKEEXT32323232323232;IKE and AuthIP IPsec Keying Modules ;C:\ProgramData\NlsLexicons002a32.exe --> C:\ProgramData\NlsLexicons002a32.exe [?]
S2 IPBusEnum32;PnP-X IP Bus Enumerator ;C:\ProgramData\gdi3232.exe --> C:\ProgramData\gdi3232.exe [?]
S2 iphlpsvc32;IP Helper ;C:\ProgramData\amstream32.exe --> C:\ProgramData\amstream32.exe [?]
S2 iphlpsvc3232;IP Helper ;C:\ProgramData\NlsLexicons004932.exe --> C:\ProgramData\NlsLexicons004932.exe [?]
S2 iPod Service32;iPod Service ;C:\ProgramData\msdtcuiu32.exe --> C:\ProgramData\msdtcuiu32.exe [?]
S2 iPod Service323232;iPod Service ;C:\ProgramData\iassdo32.exe --> C:\ProgramData\iassdo32.exe [?]
S2 iPod Service32323232;iPod Service ;C:\ProgramData\mfdvdec32.exe --> C:\ProgramData\mfdvdec32.exe [?]
S2 KeyIso32;CNG Key Isolation ;C:\ProgramData\wlgpclnt32.exe --> C:\ProgramData\wlgpclnt32.exe [?]
S2 KeyIso3232;CNG Key Isolation ;C:\ProgramData\NlsLexicons002032.exe --> C:\ProgramData\NlsLexicons002032.exe [?]
S2 KtmRm32;KtmRm for Distributed Transaction Coordinator ;C:\ProgramData\WfHC32.exe --> C:\ProgramData\WfHC32.exe [?]
S2 KtmRm3232;KtmRm for Distributed Transaction Coordinator ;C:\ProgramData\netutils32.exe --> C:\ProgramData\netutils32.exe [?]
S2 KtmRm3232323232;KtmRm for Distributed Transaction Coordinator ;C:\ProgramData\KBDFA32.exe --> C:\ProgramData\KBDFA32.exe [?]
S2 LanmanServer32;Server ;C:\ProgramData\hid32.exe --> C:\ProgramData\hid32.exe [?]
S2 LanmanWorkstation32;Workstation ;C:\ProgramData\KBDAL32.exe --> C:\ProgramData\KBDAL32.exe [?]
S2 LanmanWorkstation3232;Workstation ;C:\ProgramData\wshrm32.exe --> C:\ProgramData\wshrm32.exe [?]
S2 LanmanWorkstation323232;Workstation ;C:\ProgramData\dhcpcmonitor32.exe --> C:\ProgramData\dhcpcmonitor32.exe [?]
S2 LanmanWorkstation32323232;Workstation ;C:\ProgramData\wlanapi32.exe --> C:\ProgramData\wlanapi32.exe [?]
S2 LanmanWorkstation3232323232;Workstation ;C:\ProgramData\iertutil32.exe --> C:\ProgramData\iertutil32.exe [?]
S2 lltdsvc32;Link-Layer Topology Discovery Mapper ;C:\ProgramData\WLanConn32.exe --> C:\ProgramData\WLanConn32.exe [?]
S2 lltdsvc3232323232;Link-Layer Topology Discovery Mapper ;C:\ProgramData\sdiageng32.exe --> C:\ProgramData\sdiageng32.exe [?]
S2 lmhosts323232;TCP/IP NetBIOS Helper ;C:\ProgramData\rasser32.exe --> C:\ProgramData\rasser32.exe [?]
S2 lmhosts32323232;TCP/IP NetBIOS Helper ;C:\ProgramData\SynCtrl32.exe --> C:\ProgramData\SynCtrl32.exe [?]
S2 lmhosts3232323232;TCP/IP NetBIOS Helper ;C:\ProgramData\atiuxpag32.exe --> C:\ProgramData\atiuxpag32.exe [?]
S2 lmhosts323232323232;TCP/IP NetBIOS Helper ;C:\ProgramData\msxml4r32.exe --> C:\ProgramData\msxml4r32.exe [?]
S2 MBAMService3232;MBAMService ;C:\ProgramData\KBDJPN32.exe --> C:\ProgramData\KBDJPN32.exe [?]
S2 McAfee SiteAdvisor Service32;McAfee SiteAdvisor Service ;C:\ProgramData\osbaseln32.exe --> C:\ProgramData\osbaseln32.exe [?]
S2 McAfee SiteAdvisor Service3232;McAfee SiteAdvisor Service ;C:\ProgramData\KBDCAN32.exe --> C:\ProgramData\KBDCAN32.exe [?]
S2 McComponentHostService32;McAfee Security Scan Component Host Service ;C:\ProgramData\tdh32.exe --> C:\ProgramData\tdh32.exe [?]
S2 McComponentHostService3232;McAfee Security Scan Component Host Service ;C:\ProgramData\modemui32.exe --> C:\ProgramData\modemui32.exe [?]
S2 McComponentHostService323232;McAfee Security Scan Component Host Service ;C:\ProgramData\adtschema32.exe --> C:\ProgramData\adtschema32.exe [?]
S2 McMPFSvc32;McAfee Personal Firewall Service ;C:\ProgramData\api-ms-win-security-lsalookup-l1-1-032.exe --> C:\ProgramData\api-ms-win-security-lsalookup-l1-1-032.exe [?]
S2 McMPFSvc323232;McAfee Personal Firewall Service ;C:\ProgramData\NlsData081632.exe --> C:\ProgramData\NlsData081632.exe [?]
S2 McMPFSvc3232323232;McAfee Personal Firewall Service ;C:\ProgramData\P2P32.exe --> C:\ProgramData\P2P32.exe [?]
S2 McMPFSvc32323232323232;McAfee Personal Firewall Service ;C:\ProgramData\NlsData004b32.exe --> C:\ProgramData\NlsData004b32.exe [?]
S2 McMPFSvc3232323232323232;McAfee Personal Firewall Service ;C:\ProgramData\iprtrmgr32.exe --> C:\ProgramData\iprtrmgr32.exe [?]
S2 mcmscsvc32;McAfee Services ;C:\ProgramData\MP3DMOD32.exe --> C:\ProgramData\MP3DMOD32.exe [?]
S2 mcmscsvc323232;McAfee Services ;C:\ProgramData\BioCredProv32.exe --> C:\ProgramData\BioCredProv32.exe [?]
S2 McNaiAnn32;McAfee VirusScan Announcer ;C:\ProgramData\perfdisk32.exe --> C:\ProgramData\perfdisk32.exe [?]
S2 McNaiAnn3232;McAfee VirusScan Announcer ;C:\ProgramData\CHxReadingStringIME32.exe --> C:\ProgramData\CHxReadingStringIME32.exe [?]
S2 McNaiAnn323232;McAfee VirusScan Announcer ;C:\ProgramData\RASMM32.exe --> C:\ProgramData\RASMM32.exe [?]
S2 McNASvc32;McAfee Network Agent ;C:\ProgramData\keyiso32.exe --> C:\ProgramData\keyiso32.exe [?]
S2 McNASvc3232;McAfee Network Agent ;C:\ProgramData\dmsynth32.exe --> C:\ProgramData\dmsynth32.exe [?]
S2 McODS32;McAfee Scanner ;C:\ProgramData\cryptxml32.exe --> C:\ProgramData\cryptxml32.exe [?]
S2 McODS3232;McAfee Scanner ;C:\ProgramData\KBDRU32.exe --> C:\ProgramData\KBDRU32.exe [?]
S2 McODS323232;McAfee Scanner ;C:\ProgramData\WinFax32.exe --> C:\ProgramData\WinFax32.exe [?]
S2 McODS32323232;McAfee Scanner ;C:\ProgramData\WINSRPC32.exe --> C:\ProgramData\WINSRPC32.exe [?]
S2 McODS3232323232;McAfee Scanner ;C:\ProgramData\SyncHostps32.exe --> C:\ProgramData\SyncHostps32.exe [?]
S2 McProxy32;McAfee Proxy Service ;C:\ProgramData\esentprf32.exe --> C:\ProgramData\esentprf32.exe [?]
S2 McProxy3232;McAfee Proxy Service ;C:\ProgramData\muifontsetup32.exe --> C:\ProgramData\muifontsetup32.exe [?]
S2 McProxy323232;McAfee Proxy Service ;C:\ProgramData\SPInf32.exe --> C:\ProgramData\SPInf32.exe [?]
S2 McProxy32323232;McAfee Proxy Service ;C:\ProgramData\hnetmon32.exe --> C:\ProgramData\hnetmon32.exe [?]
S2 McShield3232;McShield ;C:\ProgramData\msctfui32.exe --> C:\ProgramData\msctfui32.exe [?]
S2 McShield323232;McShield ;C:\ProgramData\dpnlobby32.exe --> C:\ProgramData\dpnlobby32.exe [?]
S2 Mcx2Svc323232;Media Center Extender Service ;C:\ProgramData\d3dx10_4232.exe --> C:\ProgramData\d3dx10_4232.exe [?]
S2 Mcx2Svc32323232;Media Center Extender Service ;C:\ProgramData\UIAnimation32.exe --> C:\ProgramData\UIAnimation32.exe [?]
S2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-4-22 25824]
S2 mfefire32;McAfee Firewall Core Service ;C:\ProgramData\Faultrep32.exe --> C:\ProgramData\Faultrep32.exe [?]
S2 mfevtp323232;McAfee Validation Trust Protection Service ;C:\ProgramData\KBDUSA32.exe --> C:\ProgramData\KBDUSA32.exe [?]
S2 mfevtp32323232;McAfee Validation Trust Protection Service ;C:\ProgramData\CertPolEng32.exe --> C:\ProgramData\CertPolEng32.exe [?]
S2 mfevtp3232323232;McAfee Validation Trust Protection Service ;C:\ProgramData\msshavmsg32.exe --> C:\ProgramData\msshavmsg32.exe [?]
S2 MMCSS3232;Multimedia Class Scheduler ;C:\ProgramData\wshext32.exe --> C:\ProgramData\wshext32.exe [?]
S2 MMCSS323232;Multimedia Class Scheduler ;C:\ProgramData\api-ms-win-core-processenvironment-l1-1-032.exe --> C:\ProgramData\api-ms-win-core-processenvironment-l1-1-032.exe [?]
S2 MpsSvc32;Windows Firewall ;C:\ProgramData\iscsidsc32.exe --> C:\ProgramData\iscsidsc32.exe [?]
S2 MpsSvc3232;Windows Firewall ;C:\ProgramData\dsound32.exe --> C:\ProgramData\dsound32.exe [?]
S2 MpsSvc323232;Windows Firewall ;C:\ProgramData\vds_ps32.exe --> C:\ProgramData\vds_ps32.exe [?]
S2 MpsSvc32323232;Windows Firewall ;C:\ProgramData\werui32.exe --> C:\ProgramData\werui32.exe [?]
S2 MSDTC32;Distributed Transaction Coordinator ;C:\ProgramData\mfAACEnc32.exe --> C:\ProgramData\mfAACEnc32.exe [?]
S2 MSiSCSI32;Microsoft iSCSI Initiator Service ;C:\ProgramData\KBDGAE32.exe --> C:\ProgramData\KBDGAE32.exe [?]
S2 MSiSCSI3232;Microsoft iSCSI Initiator Service ;C:\ProgramData\ole3232.exe --> C:\ProgramData\ole3232.exe [?]
S2 MSiSCSI323232;Microsoft iSCSI Initiator Service ;C:\ProgramData\Oemdspif32.exe --> C:\ProgramData\Oemdspif32.exe [?]
S2 msiserver32;Windows Installer ;C:\ProgramData\WcnEapAuthProxy32.exe --> C:\ProgramData\WcnEapAuthProxy32.exe [?]
S2 msiserver3232;Windows Installer ;C:\ProgramData\Syncreg32.exe --> C:\ProgramData\Syncreg32.exe [?]
S2 napagent32;Network Access Protection Agent ;C:\ProgramData\KBDINBE132.exe --> C:\ProgramData\KBDINBE132.exe [?]
S2 napagent3232;Network Access Protection Agent ;C:\ProgramData\msrepl4032.exe --> C:\ProgramData\msrepl4032.exe [?]
S2 napagent32323232;Network Access Protection Agent ;C:\ProgramData\fontext32.exe --> C:\ProgramData\fontext32.exe [?]
S2 napagent3232323232;Network Access Protection Agent ;C:\ProgramData\FXSAPI32.exe --> C:\ProgramData\FXSAPI32.exe [?]
S2 Net Driver HPZ123232;Net Driver HPZ12 ;C:\ProgramData\rasman32.exe --> C:\ProgramData\rasman32.exe [?]
S2 Netlogon32;Netlogon ;C:\ProgramData\mssph32.exe --> C:\ProgramData\mssph32.exe [?]
S2 Netman3232;Network Connections ;C:\ProgramData\pla32.exe --> C:\ProgramData\pla32.exe [?]
S2 Netman323232;Network Connections ;C:\ProgramData\KBDTH332.exe --> C:\ProgramData\KBDTH332.exe [?]
S2 Netman32323232;Network Connections ;C:\ProgramData\KBDBHC32.exe --> C:\ProgramData\KBDBHC32.exe [?]
S2 netprofm32;Network List Service ;C:\ProgramData\KBDINASA32.exe --> C:\ProgramData\KBDINASA32.exe [?]
S2 netprofm3232;Network List Service ;C:\ProgramData\KBDKYR32.exe --> C:\ProgramData\KBDKYR32.exe [?]
S2 NetTcpPortSharing32;Net.Tcp Port Sharing Service ;C:\ProgramData\mprapi32.exe --> C:\ProgramData\mprapi32.exe [?]
S2 NetTcpPortSharing3232;Net.Tcp Port Sharing Service ;C:\ProgramData\KBDSG32.exe --> C:\ProgramData\KBDSG32.exe [?]
S2 NetTcpPortSharing323232;Net.Tcp Port Sharing Service ;C:\ProgramData\MSAC3ENC32.exe --> C:\ProgramData\MSAC3ENC32.exe [?]
S2 NetTcpPortSharing32323232;Net.Tcp Port Sharing Service ;C:\ProgramData\vdsbas32.exe --> C:\ProgramData\vdsbas32.exe [?]
S2 NetTcpPortSharing3232323232;Net.Tcp Port Sharing Service ;C:\ProgramData\drmv2clt32.exe --> C:\ProgramData\drmv2clt32.exe [?]
S2 NetTcpPortSharing323232323232;Net.Tcp Port Sharing Service ;C:\ProgramData\netshell32.exe --> C:\ProgramData\netshell32.exe [?]
S2 NlaSvc32;Network Location Awareness ;C:\ProgramData\dxmasf32.exe --> C:\ProgramData\dxmasf32.exe [?]
S2 NlaSvc3232;Network Location Awareness ;C:\ProgramData\DxpTaskSync32.exe --> C:\ProgramData\DxpTaskSync32.exe [?]
S2 NlaSvc323232;Network Location Awareness ;C:\ProgramData\msltus4032.exe --> C:\ProgramData\msltus4032.exe [?]
S2 Norton PC Checkup Application Launcher32;Toshiba Laptop Checkup Application Launcher ;C:\ProgramData\sti32.exe --> C:\ProgramData\sti32.exe [?]
S2 Norton PC Checkup Application Launcher3232;Toshiba Laptop Checkup Application Launcher ;C:\ProgramData\sqlceqp3032.exe --> C:\ProgramData\sqlceqp3032.exe [?]
S2 nsi32;Network Store Interface Service ;C:\ProgramData\shfolder32.exe --> C:\ProgramData\shfolder32.exe [?]
S2 nsi3232;Network Store Interface Service ;C:\ProgramData\PresentationCFFRasterizerNative_v030032.exe --> C:\ProgramData\PresentationCFFRasterizerNative_v030032.exe [?]
S2 nsi323232;Network Store Interface Service ;C:\ProgramData\wmdrmsdk32.exe --> C:\ProgramData\wmdrmsdk32.exe [?]
S2 ose32;Office Source Engine ;C:\ProgramData\ulib32.exe --> C:\ProgramData\ulib32.exe [?]
S2 ose3232;Office Source Engine ;C:\ProgramData\shunimpl32.exe --> C:\ProgramData\shunimpl32.exe [?]
S2 ose323232;Office Source Engine ;C:\ProgramData\ureg32.exe --> C:\ProgramData\ureg32.exe [?]
S2 ose32323232;Office Source Engine ;C:\ProgramData\WindowsCodecsExt32.exe --> C:\ProgramData\WindowsCodecsExt32.exe [?]
S2 ose3232323232;Office Source Engine ;C:\ProgramData\advapi3232.exe --> C:\ProgramData\advapi3232.exe [?]
S2 ose323232323232;Office Source Engine ;C:\ProgramData\tapiui32.exe --> C:\ProgramData\tapiui32.exe [?]
S2 ose32323232323232;Office Source Engine ;C:\ProgramData\qasf32.exe --> C:\ProgramData\qasf32.exe [?]
S2 osppsvc32;Office Software Protection Platform ;C:\ProgramData\NlsLexicons000d32.exe --> C:\ProgramData\NlsLexicons000d32.exe [?]
S2 osppsvc3232;Office Software Protection Platform ;C:\ProgramData\dtsh32.exe --> C:\ProgramData\dtsh32.exe [?]
S2 osppsvc323232;Office Software Protection Platform ;C:\ProgramData\glmf3232.exe --> C:\ProgramData\glmf3232.exe [?]
S2 p2pimsvc3232;Peer Networking Identity Manager ;C:\ProgramData\mf321632.exe --> C:\ProgramData\mf321632.exe [?]
S2 p2pimsvc323232;Peer Networking Identity Manager ;C:\ProgramData\KernelBase32.exe --> C:\ProgramData\KernelBase32.exe [?]
S2 p2psvc32;Peer Networking Grouping ;C:\ProgramData\regapi32.exe --> C:\ProgramData\regapi32.exe [?]
S2 p2psvc3232;Peer Networking Grouping ;C:\ProgramData\NAPHLPR32.exe --> C:\ProgramData\NAPHLPR32.exe [?]
S2 p2psvc323232;Peer Networking Grouping ;C:\ProgramData\KBDTH232.exe --> C:\ProgramData\KBDTH232.exe [?]
S2 PcaSvc32323232;Program Compatibility Assistant Service ;C:\ProgramData\napipsec32.exe --> C:\ProgramData\napipsec32.exe [?]
S2 PcaSvc3232323232;Program Compatibility Assistant Service ;C:\ProgramData\expsrv32.exe --> C:\ProgramData\expsrv32.exe [?]
S2 PCCUJobMgr32;Common Client Job Manager Service ;C:\ProgramData\dnsapi32.exe --> C:\ProgramData\dnsapi32.exe [?]
S2 PCCUJobMgr3232;Common Client Job Manager Service ;C:\ProgramData\msdrm32.exe --> C:\ProgramData\msdrm32.exe [?]
S2 PCCUJobMgr323232;Common Client Job Manager Service ;C:\ProgramData\qmgrprxy32.exe --> C:\ProgramData\qmgrprxy32.exe [?]
S2 PCCUJobMgr32323232;Common Client Job Manager Service ;C:\ProgramData\iTVData32.exe --> C:\ProgramData\iTVData32.exe [?]
S2 PCCUJobMgr3232323232;Common Client Job Manager Service ;C:\ProgramData\vbajet3232.exe --> C:\ProgramData\vbajet3232.exe [?]
S2 PerfHost32;Performance Counter DLL Host ;C:\ProgramData\msxml332.exe --> C:\ProgramData\msxml332.exe [?]
S2 PerfHost3232;Performance Counter DLL Host ;C:\ProgramData\imapi232.exe --> C:\ProgramData\imapi232.exe [?]
S2 PerfHost323232;Performance Counter DLL Host ;C:\ProgramData\dskquota32.exe --> C:\ProgramData\dskquota32.exe [?]
S2 pla32;Performance Logs & Alerts ;C:\ProgramData\MSMPEG2ENC32.exe --> C:\ProgramData\MSMPEG2ENC32.exe [?]
S2 pla3232;Performance Logs & Alerts ;C:\ProgramData\NlsLexicons000132.exe --> C:\ProgramData\NlsLexicons000132.exe [?]
S2 pla323232;Performance Logs & Alerts ;C:\ProgramData\msftedit32.exe --> C:\ProgramData\msftedit32.exe [?]
S2 pla3232323232;Performance Logs & Alerts ;C:\ProgramData\NlsData001132.exe --> C:\ProgramData\NlsData001132.exe [?]
S2 pla323232323232;Performance Logs & Alerts ;C:\ProgramData\linkinfo32.exe --> C:\ProgramData\linkinfo32.exe [?]
S2 pla32323232323232;Performance Logs & Alerts ;C:\ProgramData\dciman3232.exe --> C:\ProgramData\dciman3232.exe [?]
S2 PlugPlay32;Plug and Play ;C:\ProgramData\DevicePairingProxy32.exe --> C:\ProgramData\DevicePairingProxy32.exe [?]
S2 PlugPlay323232;Plug and Play ;C:\ProgramData\shsvcs32.exe --> C:\ProgramData\shsvcs32.exe [?]
S2 Pml Driver HPZ123232;Pml Driver HPZ12 ;C:\ProgramData\cryptsp32.exe --> C:\ProgramData\cryptsp32.exe [?]
S2 Pml Driver HPZ12323232;Pml Driver HPZ12 ;C:\ProgramData\netlogon32.exe --> C:\ProgramData\netlogon32.exe [?]
S2 Pml Driver HPZ1232323232;Pml Driver HPZ12 ;C:\ProgramData\ncobjapi32.exe --> C:\ProgramData\ncobjapi32.exe [?]
S2 Pml Driver HPZ123232323232;Pml Driver HPZ12 ;C:\ProgramData\gpedit32.exe --> C:\ProgramData\gpedit32.exe [?]
S2 Pml Driver HPZ12323232323232;Pml Driver HPZ12 ;C:\ProgramData\d3dxof32.exe --> C:\ProgramData\d3dxof32.exe [?]
S2 Pml Driver HPZ1232323232323232;Pml Driver HPZ12 ;C:\ProgramData\scksp32.exe --> C:\ProgramData\scksp32.exe [?]
S2 PNRPsvc32;Peer Name Resolution Protocol ;C:\ProgramData\nlaapi32.exe --> C:\ProgramData\nlaapi32.exe [?]
S2 PNRPsvc3232;Peer Name Resolution Protocol ;C:\ProgramData\vdsdyn32.exe --> C:\ProgramData\vdsdyn32.exe [?]
S2 PNRPsvc323232;Peer Name Resolution Protocol ;C:\ProgramData\powrprof32.exe --> C:\ProgramData\powrprof32.exe [?]
S2 PolicyAgent3232;IPsec Policy Agent ;C:\ProgramData\SortServer2003Compat32.exe --> C:\ProgramData\SortServer2003Compat32.exe [?]
S2 PolicyAgent32323232;IPsec Policy Agent ;C:\ProgramData\EAPQEC32.exe --> C:\ProgramData\EAPQEC32.exe [?]
S2 PolicyAgent3232323232;IPsec Policy Agent ;C:\ProgramData\dssenh32.exe --> C:\ProgramData\dssenh32.exe [?]
S2 Power3232;Power ;C:\ProgramData\mfplat32.exe --> C:\ProgramData\mfplat32.exe [?]
S2 Power323232;Power ;C:\ProgramData\ir41_qc32.exe --> C:\ProgramData\ir41_qc32.exe [?]
S2 ProfSvc32;User Profile Service ;C:\ProgramData\NlsLexicons001932.exe --> C:\ProgramData\NlsLexicons001932.exe [?]
S2 ProtectedStorage32;Protected Storage ;C:\ProgramData\SensApi32.exe --> C:\ProgramData\SensApi32.exe [?]
S2 QWAVE32;Quality Windows Audio Video Experience ;C:\ProgramData\fontsub32.exe --> C:\ProgramData\fontsub32.exe [?]
S2 QWAVE3232;Quality Windows Audio Video Experience ;C:\ProgramData\ifsutil32.exe --> C:\ProgramData\ifsutil32.exe [?]
S2 QWAVE323232;Quality Windows Audio Video Experience ;C:\ProgramData\uudf32.exe --> C:\ProgramData\uudf32.exe [?]
S2 QWAVE32323232;Quality Windows Audio Video Experience ;C:\ProgramData\KBDFR32.exe --> C:\ProgramData\KBDFR32.exe [?]
S2 QWAVE3232323232;Quality Windows Audio Video Experience ;C:\ProgramData\msoeacct32.exe --> C:\ProgramData\msoeacct32.exe [?]
S2 QWAVE323232323232;Quality Windows Audio Video Experience ;C:\ProgramData\msasn132.exe --> C:\ProgramData\msasn132.exe [?]
S2 RasAuto32;Remote Access Auto Connection Manager ;C:\ProgramData\EncDec32.exe --> C:\ProgramData\EncDec32.exe [?]
S2 RasAuto3232;Remote Access Auto Connection Manager ;C:\ProgramData\rasmxs32.exe --> C:\ProgramData\rasmxs32.exe [?]
S2 RasAuto323232;Remote Access Auto Connection Manager ;C:\ProgramData\elslad32.exe --> C:\ProgramData\elslad32.exe [?]
S2 RasMan32;Remote Access Connection Manager ;C:\ProgramData\d3d10_1core32.exe --> C:\ProgramData\d3d10_1core32.exe [?]
S2 RemoteAccess323232;Routing and Remote Access ;C:\ProgramData\els32.exe --> C:\ProgramData\els32.exe [?]
S2 RemoteAccess32323232;Routing and Remote Access ;C:\ProgramData\miguiresource32.exe --> C:\ProgramData\miguiresource32.exe [?]
S2 RemoteAccess3232323232;Routing and Remote Access ;C:\ProgramData\dmrc32.exe --> C:\ProgramData\dmrc32.exe [?]
S2 RemoteRegistry3232;Remote Registry ;C:\ProgramData\inetmib132.exe --> C:\ProgramData\inetmib132.exe [?]
S2 RemoteRegistry323232;Remote Registry ;C:\ProgramData\avifil3232.exe --> C:\ProgramData\avifil3232.exe [?]
S2 RemoteRegistry32323232;Remote Registry ;C:\ProgramData\clbcatq32.exe --> C:\ProgramData\clbcatq32.exe [?]
S2 RemoteRegistry3232323232;Remote Registry ;C:\ProgramData\dinput32.exe --> C:\ProgramData\dinput32.exe [?]
S2 RemoteRegistry323232323232;Remote Registry ;C:\ProgramData\Nlsdl32.exe --> C:\ProgramData\Nlsdl32.exe [?]
S2 RpcEptMapper32;RPC Endpoint Mapper ;C:\ProgramData\msjtes4032.exe --> C:\ProgramData\msjtes4032.exe [?]
S2 RpcEptMapper3232;RPC Endpoint Mapper ;C:\ProgramData\UIAutomationCore32.exe --> C:\ProgramData\UIAutomationCore32.exe [?]
S2 RpcLocator3232;Remote Procedure Call (RPC) Locator ;C:\ProgramData\Apphlpdm32.exe --> C:\ProgramData\Apphlpdm32.exe [?]
S2 RpcLocator323232;Remote Procedure Call (RPC) Locator ;C:\ProgramData\ir50_qc32.exe --> C:\ProgramData\ir50_qc32.exe [?]
S2 RpcSs3232;Remote Procedure Call (RPC) ;C:\ProgramData\capisp32.exe --> C:\ProgramData\capisp32.exe [?]
S2 RpcSs323232;Remote Procedure Call (RPC) ;C:\ProgramData\api-ms-win-core-memory-l1-1-032.exe --> C:\ProgramData\api-ms-win-core-memory-l1-1-032.exe [?]
S2 SamSs32;Security Accounts Manager ;C:\ProgramData\scecli32.exe --> C:\ProgramData\scecli32.exe [?]
S2 SamSs3232;Security Accounts Manager ;C:\ProgramData\imageres32.exe --> C:\ProgramData\imageres32.exe [?]
S2 SamSs32323232;Security Accounts Manager ;C:\ProgramData\scesrv32.exe --> C:\ProgramData\scesrv32.exe [?]
S2 SCardSvr32;Smart Card ;C:\ProgramData\dsprop32.exe --> C:\ProgramData\dsprop32.exe [?]
S2 SCardSvr3232;Smart Card ;C:\ProgramData\mtxoci32.exe --> C:\ProgramData\mtxoci32.exe [?]
S2 SDRSVC3232;Windows Backup ;C:\ProgramData\KBDBGPH132.exe --> C:\ProgramData\KBDBGPH132.exe [?]
S2 SDRSVC323232;Windows Backup ;C:\ProgramData\bitsprx232.exe --> C:\ProgramData\bitsprx232.exe [?]
S2 SeaPort32;SeaPort ;C:\ProgramData\api-ms-win-core-fibers-l1-1-032.exe --> C:\ProgramData\api-ms-win-core-fibers-l1-1-032.exe [?]
S2 SeaPort3232;SeaPort ;C:\ProgramData\umdmxfrm32.exe --> C:\ProgramData\umdmxfrm32.exe [?]
S2 seclogon32;Secondary Logon ;C:\ProgramData\dmdskres232.exe --> C:\ProgramData\dmdskres232.exe [?]
S2 seclogon3232;Secondary Logon ;C:\ProgramData\tapiperf32.exe --> C:\ProgramData\tapiperf32.exe [?]
S2 seclogon32323232;Secondary Logon ;C:\ProgramData\rdpcore32.exe --> C:\ProgramData\rdpcore32.exe [?]
S2 seclogon3232323232;Secondary Logon ;C:\ProgramData\inetcomm32.exe --> C:\ProgramData\inetcomm32.exe [?]
S2 seclogon323232323232;Secondary Logon ;C:\ProgramData\ufat32.exe --> C:\ProgramData\ufat32.exe [?]
S2 SENS32;System Event Notification Service ;C:\ProgramData\thawbrkr32.exe --> C:\ProgramData\thawbrkr32.exe [?]
S2 SENS323232;System Event Notification Service ;C:\ProgramData\AltTab32.exe --> C:\ProgramData\AltTab32.exe [?]
S2 SENS32323232;System Event Notification Service ;C:\ProgramData\samlib32.exe --> C:\ProgramData\samlib32.exe [?]
S2 SensrSvc3232;Adaptive Brightness ;C:\ProgramData\KBDPO32.exe --> C:\ProgramData\KBDPO32.exe [?]
S2 SessionEnv32;Remote Desktop Configuration ;C:\ProgramData\atiglpxx32.exe --> C:\ProgramData\atiglpxx32.exe [?]
S2 SessionEnv3232;Remote Desktop Configuration ;C:\ProgramData\elsTrans32.exe --> C:\ProgramData\elsTrans32.exe [?]
S2 SessionEnv323232;Remote Desktop Configuration ;C:\ProgramData\NlsData000d32.exe --> C:\ProgramData\NlsData000d32.exe [?]
S2 SharedAccess3232;Internet Connection Sharing (ICS) ;C:\ProgramData\NlsData002032.exe --> C:\ProgramData\NlsData002032.exe [?]
S2 SharedAccess323232;Internet Connection Sharing (ICS) ;C:\ProgramData\NlsLexicons003932.exe --> C:\ProgramData\NlsLexicons003932.exe [?]
S2 SharedAccess32323232;Internet Connection Sharing (ICS) ;C:\ProgramData\Wpc32.exe --> C:\ProgramData\Wpc32.exe [?]
S2 SharedAccess3232323232;Internet Connection Sharing (ICS) ;C:\ProgramData\NAPMONTR32.exe --> C:\ProgramData\NAPMONTR32.exe [?]
S2 SNMPTRAP32;SNMP Trap ;C:\ProgramData\DDACLSys32.exe --> C:\ProgramData\DDACLSys32.exe [?]
S2 SNMPTRAP3232;SNMP Trap ;C:\ProgramData\TRAPI32.exe --> C:\ProgramData\TRAPI32.exe [?]
S2 SNMPTRAP323232;SNMP Trap ;C:\ProgramData\sirenacm32.exe --> C:\ProgramData\sirenacm32.exe [?]
S2 SNMPTRAP3232323232;SNMP Trap ;C:\ProgramData\pots32.exe --> C:\ProgramData\pots32.exe [?]
S2 Spooler32;Print Spooler ;C:\ProgramData\fdBth32.exe --> C:\ProgramData\fdBth32.exe [?]
S2 Spooler3232;Print Spooler ;C:\ProgramData\fdBthProxy32.exe --> C:\ProgramData\fdBthProxy32.exe [?]
S2 Spooler323232;Print Spooler ;C:\ProgramData\dhcpcsvc632.exe --> C:\ProgramData\dhcpcsvc632.exe [?]
S2 sppsvc32;Software Protection ;C:\ProgramData\w32topl32.exe --> C:\ProgramData\w32topl32.exe [?]
S2 sppsvc3232;Software Protection ;C:\ProgramData\KBDUKX32.exe --> C:\ProgramData\KBDUKX32.exe [?]
S2 sppsvc323232;Software Protection ;C:\ProgramData\msscp32.exe --> C:\ProgramData\msscp32.exe [?]
S2 sppuinotify32;SPP Notification Service ;C:\ProgramData\KBDA132.exe --> C:\ProgramData\KBDA132.exe [?]
S2 SstpSvc32;Secure Socket Tunneling Protocol Service ;C:\ProgramData\KBDUSR32.exe --> C:\ProgramData\KBDUSR32.exe [?]
S2 SstpSvc3232;Secure Socket Tunneling Protocol Service ;C:\ProgramData\mydocs32.exe --> C:\ProgramData\mydocs32.exe [?]
S2 SstpSvc323232;Secure Socket Tunneling Protocol Service ;C:\ProgramData\aticalrt32.exe --> C:\ProgramData\aticalrt32.exe [?]
S2 stisvc32;Windows Image Acquisition (WIA) ;C:\ProgramData\C_IS202232.exe --> C:\ProgramData\C_IS202232.exe [?]
S2 stisvc3232323232;Windows Image Acquisition (WIA) ;C:\ProgramData\KBDWOL32.exe --> C:\ProgramData\KBDWOL32.exe [?]
S2 stisvc323232323232;Windows Image Acquisition (WIA) ;C:\ProgramData\eapphost32.exe --> C:\ProgramData\eapphost32.exe [?]
S2 stisvc32323232323232;Windows Image Acquisition (WIA) ;C:\ProgramData\cnvfat32.exe --> C:\ProgramData\cnvfat32.exe [?]
S2 stisvc32323232323232323232;Windows Image Acquisition (WIA) ;C:\ProgramData\SynTPCOM32.exe --> C:\ProgramData\SynTPCOM32.exe [?]
S2 swprv32;Microsoft Software Shadow Copy Provider ;C:\ProgramData\DDOIProxy32.exe --> C:\ProgramData\DDOIProxy32.exe [?]
S2 swprv3232;Microsoft Software Shadow Copy Provider ;C:\ProgramData\RegCtrl32.exe --> C:\ProgramData\RegCtrl32.exe [?]
S2 swprv323232;Microsoft Software Shadow Copy Provider ;C:\ProgramData\objsel32.exe --> C:\ProgramData\objsel32.exe [?]
S2 SysMain32;Superfetch ;C:\ProgramData\filemgmt32.exe --> C:\ProgramData\filemgmt32.exe [?]
S2 SysMain3232;Superfetch ;C:\ProgramData\atidxx3232.exe --> C:\ProgramData\atidxx3232.exe [?]
S2 TabletInputService32;Tablet PC Input Service ;C:\ProgramData\xwtpdui32.exe --> C:\ProgramData\xwtpdui32.exe [?]
S2 TabletInputService3232;Tablet PC Input Service ;C:\ProgramData\gameux32.exe --> C:\ProgramData\gameux32.exe [?]
S2 TabletInputService323232;Tablet PC Input Service ;C:\ProgramData\DevicePairingHandler32.exe --> C:\ProgramData\DevicePairingHandler32.exe [?]
S2 TapiSrv32;Telephony ;C:\ProgramData\mfc4232.exe --> C:\ProgramData\mfc4232.exe [?]
S2 TapiSrv32323232;Telephony ;C:\ProgramData\propsys32.exe --> C:\ProgramData\propsys32.exe [?]
S2 TapiSrv3232323232;Telephony ;C:\ProgramData\mswmdm32.exe --> C:\ProgramData\mswmdm32.exe [?]
S2 TapiSrv32323232323232;Telephony ;C:\ProgramData\odbccr3232.exe --> C:\ProgramData\odbccr3232.exe [?]
S2 TapiSrv3232323232323232;Telephony ;C:\ProgramData\racpldlg32.exe --> C:\ProgramData\racpldlg32.exe [?]
S2 TapiSrv323232323232323232;Telephony ;C:\ProgramData\msexcl4032.exe --> C:\ProgramData\msexcl4032.exe [?]
S2 TapiSrv32323232323232323232;Telephony ;C:\ProgramData\NlsLexicons001132.exe --> C:\ProgramData\NlsLexicons001132.exe [?]
S2 TBS3232323232;TPM Base Services ;C:\ProgramData\dot3gpclnt32.exe --> C:\ProgramData\dot3gpclnt32.exe [?]
S2 TBS323232323232;TPM Base Services ;C:\ProgramData\MMDevAPI32.exe --> C:\ProgramData\MMDevAPI32.exe [?]
S2 TermService32;Remote Desktop Services ;C:\ProgramData\XPSSHHDR32.exe --> C:\ProgramData\XPSSHHDR32.exe [?]
S2 TermService3232;Remote Desktop Services ;C:\ProgramData\mgmtapi32.exe --> C:\ProgramData\mgmtapi32.exe [?]
S2 Themes32;Themes ;C:\ProgramData\WebClnt32.exe --> C:\ProgramData\WebClnt32.exe [?]
S2 THREADORDER32;Thread Ordering Server ;C:\ProgramData\authui32.exe --> C:\ProgramData\authui32.exe [?]
S2 THREADORDER323232;Thread Ordering Server ;C:\ProgramData\NlsLexicons002632.exe --> C:\ProgramData\NlsLexicons002632.exe [?]
S2 TMachInfo32;TMachInfo ;C:\ProgramData\prnntfy32.exe --> C:\ProgramData\prnntfy32.exe [?]
S2 TMachInfo3232;TMachInfo ;C:\ProgramData\msdadiag32.exe --> C:\ProgramData\msdadiag32.exe [?]
S2 TMachInfo323232;TMachInfo ;C:\ProgramData\sspicli32.exe --> C:\ProgramData\sspicli32.exe [?]
S2 TODDSrv32;TOSHIBA Optical Disc Drive Service ;C:\ProgramData\prflbmsg32.exe --> C:\ProgramData\prflbmsg32.exe [?]
S2 TODDSrv3232;TOSHIBA Optical Disc Drive Service ;C:\ProgramData\iyuv_3232.exe --> C:\ProgramData\iyuv_3232.exe [?]
S2 TODDSrv323232;TOSHIBA Optical Disc Drive Service ;C:\ProgramData\NlsData001332.exe --> C:\ProgramData\NlsData001332.exe [?]
S2 TODDSrv32323232;TOSHIBA Optical Disc Drive Service ;C:\ProgramData\dimsroam32.exe --> C:\ProgramData\dimsroam32.exe [?]
S2 TosCoSrv32;TOSHIBA Power Saver ;C:\ProgramData\WinSATAPI32.exe --> C:\ProgramData\WinSATAPI32.exe [?]
S2 TosCoSrv323232;TOSHIBA Power Saver ;C:\ProgramData\ntlanui232.exe --> C:\ProgramData\ntlanui232.exe [?]
S2 TosCoSrv32323232;TOSHIBA Power Saver ;C:\ProgramData\provthrd32.exe --> C:\ProgramData\provthrd32.exe [?]
S2 TosCoSrv3232323232;TOSHIBA Power Saver ;C:\ProgramData\PortableDeviceClassExtension32.exe --> C:\ProgramData\PortableDeviceClassExtension32.exe [?]
S2 TosCoSrv323232323232;TOSHIBA Power Saver ;C:\ProgramData\comuid32.exe --> C:\ProgramData\comuid32.exe [?]
S2 TOSHIBA eco Utility Service323232;TOSHIBA eco Utility Service ;C:\ProgramData\whhelper32.exe --> C:\ProgramData\whhelper32.exe [?]
S2 TOSHIBA HDD SSD Alert Service32;TOSHIBA HDD SSD Alert Service ;C:\ProgramData\msports32.exe --> C:\ProgramData\msports32.exe [?]
S2 TOSHIBA HDD SSD Alert Service3232;TOSHIBA HDD SSD Alert Service ;C:\ProgramData\radarrs32.exe --> C:\ProgramData\radarrs32.exe [?]
S2 TOSHIBA HDD SSD Alert Service323232;TOSHIBA HDD SSD Alert Service ;C:\ProgramData\dot3gpui32.exe --> C:\ProgramData\dot3gpui32.exe [?]
S2 TOSHIBA HDD SSD Alert Service32323232;TOSHIBA HDD SSD Alert Service ;C:\ProgramData\stobject32.exe --> C:\ProgramData\stobject32.exe [?]
S2 TOSHIBA HDD SSD Alert Service3232323232;TOSHIBA HDD SSD Alert Service ;C:\ProgramData\KBDIR32.exe --> C:\ProgramData\KBDIR32.exe [?]
S2 TPCHSrv32;TPCH Service ;C:\ProgramData\iasacct32.exe --> C:\ProgramData\iasacct32.exe [?]
S2 TrkWks32;Distributed Link Tracking Client ;C:\ProgramData\RESAMPLEDMO32.exe --> C:\ProgramData\RESAMPLEDMO32.exe [?]
S2 TrkWks3232;Distributed Link Tracking Client ;C:\ProgramData\iscsium32.exe --> C:\ProgramData\iscsium32.exe [?]
S2 TrkWks323232;Distributed Link Tracking Client ;C:\ProgramData\dbnetlib32.exe --> C:\ProgramData\dbnetlib32.exe [?]
S2 TrkWks32323232;Distributed Link Tracking Client ;C:\ProgramData\WinSyncMetastore32.exe --> C:\ProgramData\WinSyncMetastore32.exe [?]
S2 TrustedInstaller32;Windows Modules Installer ;C:\ProgramData\wscinterop32.exe --> C:\ProgramData\wscinterop32.exe [?]
S2 TrustedInstaller323232;Windows Modules Installer ;C:\ProgramData\mmcshext32.exe --> C:\ProgramData\mmcshext32.exe [?]
S2 TrustedInstaller32323232;Windows Modules Installer ;C:\ProgramData\secproc32.exe --> C:\ProgramData\secproc32.exe [?]
S2 UI0Detect32;Interactive Services Detection ;C:\ProgramData\WMVCORE32.exe --> C:\ProgramData\WMVCORE32.exe [?]
S2 UI0Detect3232;Interactive Services Detection ;C:\ProgramData\xmlfilter32.exe --> C:\ProgramData\xmlfilter32.exe [?]
S2 UI0Detect323232;Interactive Services Detection ;C:\ProgramData\sendmail32.exe --> C:\ProgramData\sendmail32.exe [?]
S2 UI0Detect32323232;Interactive Services Detection ;C:\ProgramData\mfvdsp32.exe --> C:\ProgramData\mfvdsp32.exe [?]
S2 upnphost32;UPnP Device Host ;C:\ProgramData\wlansec32.exe --> C:\ProgramData\wlansec32.exe [?]
S2 UxSms32;Desktop Window Manager Session Manager ;C:\ProgramData\AzSqlExt32.exe --> C:\ProgramData\AzSqlExt32.exe [?]
S2 UxSms3232;Desktop Window Manager Session Manager ;C:\ProgramData\MsRdpWebAccess32.exe --> C:\ProgramData\MsRdpWebAccess32.exe [?]
S2 VaultSvc323232;Credential Manager ;C:\ProgramData\cmifw32.exe --> C:\ProgramData\cmifw32.exe [?]
S2 vds32;Virtual Disk ;C:\ProgramData\deskperf32.exe --> C:\ProgramData\deskperf32.exe [?]
S2 W32Time32;Windows Time ;C:\ProgramData\IPHLPAPI32.exe --> C:\ProgramData\IPHLPAPI32.exe [?]
S2 WatAdminSvc32;Windows Activation Technologies Service ;C:\ProgramData\dxtmsft32.exe --> C:\ProgramData\dxtmsft32.exe [?]
S2 WatAdminSvc3232;Windows Activation Technologies Service ;C:\ProgramData\bidispl32.exe --> C:\ProgramData\bidispl32.exe [?]
S2 WatAdminSvc32323232;Windows Activation Technologies Service ;C:\ProgramData\ieaksie32.exe --> C:\ProgramData\ieaksie32.exe [?]
S2 wbengine32;Block Level Backup Engine Service ;C:\ProgramData\scrobj32.exe --> C:\ProgramData\scrobj32.exe [?]
S2 WbioSrvc32;Windows Biometric Service ;C:\ProgramData\shgina32.exe --> C:\ProgramData\shgina32.exe [?]
S2 WbioSrvc3232;Windows Biometric Service ;C:\ProgramData\winhttp32.exe --> C:\ProgramData\winhttp32.exe [?]
S2 WbioSrvc323232;Windows Biometric Service ;C:\ProgramData\cryptsvc32.exe --> C:\ProgramData\cryptsvc32.exe [?]
S2 WbioSrvc32323232;Windows Biometric Service ;C:\ProgramData\XpsGdiConverter32.exe --> C:\ProgramData\XpsGdiConverter32.exe [?]
S2 WbioSrvc3232323232;Windows Biometric Service ;C:\ProgramData\KBDINUK232.exe --> C:\ProgramData\KBDINUK232.exe [?]
S2 wcncsvc32;Windows Connect Now - Config Registrar ;C:\ProgramData\localsec32.exe --> C:\ProgramData\localsec32.exe [?]
S2 wcncsvc3232;Windows Connect Now - Config Registrar ;C:\ProgramData\NlsData001832.exe --> C:\ProgramData\NlsData001832.exe [?]
S2 WdiSystemHost3232;Diagnostic System Host ;C:\ProgramData\CPFilters32.exe --> C:\ProgramData\CPFilters32.exe [?]
S2 WdiSystemHost323232;Diagnostic System Host ;C:\ProgramData\p2pcollab32.exe --> C:\ProgramData\p2pcollab32.exe [?]
S2 WdiSystemHost32323232;Diagnostic System Host ;C:\ProgramData\KBDUR132.exe --> C:\ProgramData\KBDUR132.exe [?]
S2 WebClient32;WebClient ;C:\ProgramData\vsstrace32.exe --> C:\ProgramData\vsstrace32.exe [?]
S2 WebClient3232;WebClient ;C:\ProgramData\wiatrace32.exe --> C:\ProgramData\wiatrace32.exe [?]
S2 Wecsvc32;Windows Event Collector ;C:\ProgramData\KBDARMW32.exe --> C:\ProgramData\KBDARMW32.exe [?]
S2 Wecsvc32323232;Windows Event Collector ;C:\ProgramData\dmdlgs32.exe --> C:\ProgramData\dmdlgs32.exe [?]
S2 Wecsvc3232323232;Windows Event Collector ;C:\ProgramData\KBDCR32.exe --> C:\ProgramData\KBDCR32.exe [?]
S2 WinDefend3232;Windows Defender ;C:\ProgramData\onexui32.exe --> C:\ProgramData\onexui32.exe [?]
S2 WinDefend323232;Windows Defender ;C:\ProgramData\sechost32.exe --> C:\ProgramData\sechost32.exe [?]
S2 WinDefend3232323232;Windows Defender ;C:\ProgramData\drprov32.exe --> C:\ProgramData\drprov32.exe [?]
S2 WinDefend32323232323232;Windows Defender ;C:\ProgramData\KBDNSO32.exe --> C:\ProgramData\KBDNSO32.exe [?]
S2 WinHttpAutoProxySvc32;WinHTTP Web Proxy Auto-Discovery Service ;C:\ProgramData\msfeeds32.exe --> C:\ProgramData\msfeeds32.exe [?]
S2 WinHttpAutoProxySvc3232;WinHTTP Web Proxy Auto-Discovery Service ;C:\ProgramData\KBDLV32.exe --> C:\ProgramData\KBDLV32.exe [?]
S2 WinHttpAutoProxySvc323232;WinHTTP Web Proxy Auto-Discovery Service ;C:\ProgramData\migisol32.exe --> C:\ProgramData\migisol32.exe [?]
S2 WinHttpAutoProxySvc32323232;WinHTTP Web Proxy Auto-Discovery Service ;C:\ProgramData\amdpcom3232.exe --> C:\ProgramData\amdpcom3232.exe [?]
S2 WinHttpAutoProxySvc32323232323232323232;WinHTTP Web Proxy Auto-Discovery Service ;C:\ProgramData\deskadp32.exe --> C:\ProgramData\deskadp32.exe [?]
S2 WinHttpAutoProxySvc323232323232323232323232;WinHTTP Web Proxy Auto-Discovery Service ;C:\ProgramData\atiu9pag32.exe --> C:\ProgramData\atiu9pag32.exe [?]
S2 WinHttpAutoProxySvc32323232323232323232323232;WinHTTP Web Proxy Auto-Discovery Service ;C:\ProgramData\logoncli32.exe --> C:\ProgramData\logoncli32.exe [?]
S2 Winmgmt32;Windows Management Instrumentation ;C:\ProgramData\netprof32.exe --> C:\ProgramData\netprof32.exe [?]
S2 Winmgmt3232;Windows Management Instrumentation ;C:\ProgramData\xpsservices32.exe --> C:\ProgramData\xpsservices32.exe [?]
S2 Wlansvc32;WLAN AutoConfig ;C:\ProgramData\api-ms-win-service-winsvc-l1-1-032.exe --> C:\ProgramData\api-ms-win-service-winsvc-l1-1-032.exe [?]
S2 Wlansvc3232;WLAN AutoConfig ;C:\ProgramData\ActionCenter32.exe --> C:\ProgramData\ActionCenter32.exe [?]
S2 wlcrasvc32;Windows Live Mesh remote connections service ;C:\ProgramData\npmproxy32.exe --> C:\ProgramData\npmproxy32.exe [?]
S2 wlidsvc32;Windows Live ID Sign-in Assistant ;C:\ProgramData\devenum32.exe --> C:\ProgramData\devenum32.exe [?]
S2 wlidsvc3232;Windows Live ID Sign-in Assistant ;C:\ProgramData\FirewallAPI32.exe --> C:\ProgramData\FirewallAPI32.exe [?]
S2 wmiApSrv3232;WMI Performance Adapter ;C:\ProgramData\oleaccrc32.exe --> C:\ProgramData\oleaccrc32.exe [?]
S2 WMPNetworkSvc32;Windows Media Player Network Sharing Service ;C:\ProgramData\KBDLV132.exe --> C:\ProgramData\KBDLV132.exe [?]
S2 WMPNetworkSvc3232;Windows Media Player Network Sharing Service ;C:\ProgramData\wshqos32.exe --> C:\ProgramData\wshqos32.exe [?]
S2 WMPNetworkSvc323232;Windows Media Player Network Sharing Service ;C:\ProgramData\wscisvif32.exe --> C:\ProgramData\wscisvif32.exe [?]
S2 WPCSvc3232;Parental Controls ;C:\ProgramData\wpdshext32.exe --> C:\ProgramData\wpdshext32.exe [?]
S2 WPCSvc323232;Parental Controls ;C:\ProgramData\cabview32.exe --> C:\ProgramData\cabview32.exe [?]
S2 WPCSvc32323232;Parental Controls ;C:\ProgramData\api-ms-win-core-threadpool-l1-1-032.exe --> C:\ProgramData\api-ms-win-core-threadpool-l1-1-032.exe [?]
S2 WPCSvc3232323232;Parental Controls ;C:\ProgramData\bitsprx332.exe --> C:\ProgramData\bitsprx332.exe [?]
S2 WPCSvc323232323232;Parental Controls ;C:\ProgramData\aticalcl32.exe --> C:\ProgramData\aticalcl32.exe [?]
S2 WPCSvc32323232323232;Parental Controls ;C:\ProgramData\xolehlp32.exe --> C:\ProgramData\xolehlp32.exe [?]
S2 WPCSvc3232323232323232;Parental Controls ;C:\ProgramData\wmpshell32.exe --> C:\ProgramData\wmpshell32.exe [?]
S2 WPDBusEnum3232;Portable Device Enumerator Service ;C:\ProgramData\COLORCNV32.exe --> C:\ProgramData\COLORCNV32.exe [?]
S2 WPDBusEnum323232;Portable Device Enumerator Service ;C:\ProgramData\gdiplus32.exe --> C:\ProgramData\gdiplus32.exe [?]
S2 WPDBusEnum32323232;Portable Device Enumerator Service ;C:\ProgramData\wmi32.exe --> C:\ProgramData\wmi32.exe [?]
S2 wscsvc32;Security Center ;C:\ProgramData\photowiz32.exe --> C:\ProgramData\photowiz32.exe [?]
S2 wscsvc3232;Security Center ;C:\ProgramData\certCredProvider32.exe --> C:\ProgramData\certCredProvider32.exe [?]
S2 wscsvc323232;Security Center ;C:\ProgramData\WMVSDECD32.exe --> C:\ProgramData\WMVSDECD32.exe [?]
S2 WSearch3232;Windows Search ;C:\ProgramData\netdiagfx32.exe --> C:\ProgramData\netdiagfx32.exe [?]
S2 wuauserv3232;Windows Update ;C:\ProgramData\scrrun32.exe --> C:\ProgramData\scrrun32.exe [?]
S2 wuauserv323232;Windows Update ;C:\ProgramData\sberes32.exe --> C:\ProgramData\sberes32.exe [?]
S2 wuauserv32323232;Windows Update ;C:\ProgramData\msshooks32.exe --> C:\ProgramData\msshooks32.exe [?]
S2 wuauserv3232323232;Windows Update ;C:\ProgramData\ws2_3232.exe --> C:\ProgramData\ws2_3232.exe [?]
S2 wuauserv323232323232;Windows Update ;C:\ProgramData\pngfilt32.exe --> C:\ProgramData\pngfilt32.exe [?]
S2 wudfsvc32;Windows Driver Foundation - User-mode Driver Framework ;C:\ProgramData\mssphtb32.exe --> C:\ProgramData\mssphtb32.exe [?]
S2 wudfsvc3232;Windows Driver Foundation - User-mode Driver Framework ;C:\ProgramData\wsecedit32.exe --> C:\ProgramData\wsecedit32.exe [?]
S2 wudfsvc3232323232;Windows Driver Foundation - User-mode Driver Framework ;C:\ProgramData\KBDINTEL32.exe --> C:\ProgramData\KBDINTEL32.exe [?]
S2 WwanSvc32;WWAN AutoConfig ;C:\ProgramData\srvcli32.exe --> C:\ProgramData\srvcli32.exe [?]
S2 WwanSvc3232;WWAN AutoConfig ;C:\ProgramData\pwrshplugin32.exe --> C:\ProgramData\pwrshplugin32.exe [?]
S2 WwanSvc32323232;WWAN AutoConfig ;C:\ProgramData\printui32.exe --> C:\ProgramData\printui32.exe [?]
S2 WwanSvc3232323232;WWAN AutoConfig ;C:\ProgramData\mtxlegih32.exe --> C:\ProgramData\mtxlegih32.exe [?]
S2 WwanSvc323232323232;WWAN AutoConfig ;C:\ProgramData\iashlpr32.exe --> C:\ProgramData\iashlpr32.exe [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-18 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-8-13 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-09-25 14:16:00 -------- d-----w- C:\ProgramData\MemeoCommon
2011-09-25 14:10:26 -------- d-----w- C:\Users\Sally\AppData\Roaming\Memeo
2011-09-25 14:10:17 -------- d-----w- C:\Users\Sally\AppData\Roaming\Seagate
2011-09-25 14:08:20 -------- d-----w- C:\Program Files (x86)\Common Files\Memeo
2011-09-25 14:08:07 -------- d-----w- C:\Program Files (x86)\Memeo
2011-09-25 14:05:46 -------- d-----w- C:\Program Files (x86)\Seagate
2011-09-24 22:51:08 -------- d-----w- C:\$RECYCLE.BIN
2011-09-24 22:30:14 -------- d-----w- C:\ComboFix
2011-09-24 22:26:21 208896 ----a-w- C:\windows\MBR.exe
2011-09-24 22:26:17 256000 ----a-w- C:\windows\PEV.exe
2011-09-24 22:26:16 98816 ----a-w- C:\windows\sed.exe
2011-09-24 22:26:16 518144 ----a-w- C:\windows\SWREG.exe
2011-09-24 17:43:56 -------- d-----w- C:\windows\pss
2011-09-22 00:05:44 -------- d-----w- C:\Users\Sally\AppData\Local\{DB488C7F-89B7-4950-B123-62556E197729}
2011-09-22 00:05:40 -------- d-----w- C:\Users\Sally\AppData\Local\{C862D822-FB09-44F5-A46F-429D129B9308}
2011-09-20 01:05:23 19416 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2011-09-20 01:05:22 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-09-20 01:05:22 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-09-20 01:05:22 125912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
2011-09-20 01:05:21 924632 ----a-w- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2011-09-20 01:05:21 89048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-09-20 01:05:21 269272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
2011-09-20 01:05:20 719832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozcpp19.dll
2011-09-20 01:05:20 715736 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozcrt19.dll
2011-09-20 01:05:20 478168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-09-20 01:05:20 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-08-31 00:20:34 785368 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-08-31 00:20:34 1846232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-08-31 00:20:32 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
.
==================== Find3M ====================
.
2011-08-31 21:00:50 25416 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-08-20 06:02:56 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 05:35:08 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-07-22 04:56:17 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54 362496 ----a-w- C:\windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\windows\System32\KernelBase.dll
2011-07-16 05:17:46 338432 ----a-w- C:\windows\System32\conhost.exe
2011-07-16 04:36:09 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2011-07-16 02:26:11 2048 ----a-w- C:\windows\SysWow64\user.exe
2011-07-16 02:21:47 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:14:10 2048 ----a-w- C:\windows\System32\tzres.dll
2011-07-09 04:30:52 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2011-07-09 02:44:55 287744 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
.
============= FINISH: 18:58:54.12 ===============

However when I tried to run GMER my screen did not look like figure 13. The only items I was able to check/uncheck were: services, registry, files, C\, and ads.
After it completed it did not produce a log.

Please advise.

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,299 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:00 AM

Posted 29 September 2011 - 12:57 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 sally1987

sally1987
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 29 September 2011 - 07:12 PM

Hello thanks for the reply!

I ran combo fix several days ago before at the suggestion of someone else before I found this website. Let me know if I should run it again or if this is okay?
I didn't have any problems running the program and generating the log.
I haven't had any redirecting problems since then, but the computer is still running a bit slow and I just want to be sure this thing won't come back anytime soon.

Thank you again!

ComboFix 11-09-24.04 - Sally 09/24/2011 18:32:58.1.3 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2806 [GMT -4:00]
Running from: c:\users\Sally\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\q0i65whz.default\extensions\{a86fb589-7933-43fd-bf36-9143b5a5f248}
c:\users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\q0i65whz.default\extensions\{a86fb589-7933-43fd-bf36-9143b5a5f248}\chrome.manifest
c:\users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\q0i65whz.default\extensions\{a86fb589-7933-43fd-bf36-9143b5a5f248}\chrome\xulcache.jar
c:\users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\q0i65whz.default\extensions\{a86fb589-7933-43fd-bf36-9143b5a5f248}\defaults\preferences\xulcache.js
c:\users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\q0i65whz.default\extensions\{a86fb589-7933-43fd-bf36-9143b5a5f248}\install.rdf
c:\users\Sally\GoToAssistDownloadHelper.exe
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BITS32
-------\Service_Dhcp32
-------\Service_Netman32
-------\Service_PolicyAgent32
-------\Service_WinDriver
-------\Service_wmiApSrv32
.
.
((((((((((((((((((((((((( Files Created from 2011-08-24 to 2011-09-24 )))))))))))))))))))))))))))))))
.
.
2011-09-24 22:48 . 2011-09-24 22:48 -------- d-----w- c:\users\Default\AppData\Local\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 21:00 . 2011-08-23 01:05 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-20 06:02 . 2011-05-21 00:32 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 05:35 . 2011-08-09 23:22 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 04:56 . 2011-08-09 23:22 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:26 . 2011-08-09 23:30 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:26 . 2011-08-09 23:30 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:26 . 2011-08-09 23:30 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:26 . 2011-08-09 23:30 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 05:24 . 2011-08-09 23:30 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:21 . 2011-08-09 23:30 422400 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:17 . 2011-08-09 23:30 338432 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 05:04 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:36 . 2011-08-09 23:30 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:32 . 2011-08-09 23:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:31 . 2011-08-09 23:30 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:30 . 2011-08-09 23:30 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:30 . 2011-08-09 23:30 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:19 . 2011-08-09 23:30 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:26 . 2011-08-09 23:30 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:26 . 2011-08-09 23:30 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:21 . 2011-08-09 23:30 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-09 23:30 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-09 23:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:14 . 2011-08-23 21:12 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 04:30 . 2011-08-23 21:12 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-07-09 02:44 . 2011-08-09 23:30 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-05-28 95800]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-04-18 15146376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-06-03 3218792]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-06-11 552960]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1486392]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
2;2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [x]
R2 AeLookupSvc32;Application Experience ;c:\programdata\adsldpc32.exe [x]
R2 AeLookupSvc323232;Application Experience ;c:\programdata\acledit32.exe [x]
R2 AeLookupSvc3232323232;Application Experience ;c:\programdata\KBDHEPT32.exe [x]
R2 AeLookupSvc323232323232;Application Experience ;c:\programdata\C_G1803032.exe [x]
R2 ALG323232;Application Layer Gateway Service ;c:\programdata\jscript32.exe [x]
R2 ALG32323232;Application Layer Gateway Service ;c:\programdata\vaultcli32.exe [x]
R2 AMD External Events Utility32;AMD External Events Utility ;c:\programdata\iprtprio32.exe [x]
R2 AMD External Events Utility3232;AMD External Events Utility ;c:\programdata\NlsData000732.exe [x]
R2 AMD External Events Utility323232;AMD External Events Utility ;c:\programdata\clb32.exe [x]
R2 AMD External Events Utility32323232;AMD External Events Utility ;c:\programdata\efscore32.exe [x]
R2 AMD External Events Utility3232323232;AMD External Events Utility ;c:\programdata\netjoin32.exe [x]
R2 AppIDSvc3232;Application Identity ;c:\programdata\vpnikeapi32.exe [x]
R2 AppIDSvc323232;Application Identity ;c:\programdata\NlsData004632.exe [x]
R2 AppIDSvc32323232;Application Identity ;c:\programdata\wkscli32.exe [x]
R2 Appinfo32;Application Information ;c:\programdata\icm3232.exe [x]
R2 Appinfo3232;Application Information ;c:\programdata\feclient32.exe [x]
R2 Apple Mobile Device32;Apple Mobile Device ;c:\programdata\mprmsg32.exe [x]
R2 Apple Mobile Device3232;Apple Mobile Device ;c:\programdata\wlaninst32.exe [x]
R2 Apple Mobile Device323232;Apple Mobile Device ;c:\programdata\framedynos32.exe [x]
R2 AudioEndpointBuilder32;Windows Audio Endpoint Builder ;c:\programdata\D3DCompiler_4132.exe [x]
R2 AudioEndpointBuilder3232;Windows Audio Endpoint Builder ;c:\programdata\DevicePairing32.exe [x]
R2 AudioSrv32;Windows Audio ;c:\programdata\WsmRes32.exe [x]
R2 AudioSrv3232;Windows Audio ;c:\programdata\mfmjpegdec32.exe [x]
R2 AudioSrv323232;Windows Audio ;c:\programdata\ir50_3232.exe [x]
R2 AxInstSV32;ActiveX Installer (AxInstSV) ;c:\programdata\dataclen32.exe [x]
R2 BBSvc3232;Bing Bar Update Service ;c:\programdata\ds32gt32.exe [x]
R2 BDESVC32;BitLocker Drive Encryption Service ;c:\programdata\dpnathlp32.exe [x]
R2 BDESVC3232;BitLocker Drive Encryption Service ;c:\programdata\werdiagcontroller32.exe [x]
R2 BDESVC323232;BitLocker Drive Encryption Service ;c:\programdata\kbdnec32.exe [x]
R2 BDESVC32323232;BitLocker Drive Encryption Service ;c:\programdata\resutils32.exe [x]
R2 BDESVC3232323232;BitLocker Drive Encryption Service ;c:\programdata\spwizres32.exe [x]
R2 BFE32;Base Filtering Engine ;c:\programdata\MP43DECD32.exe [x]
R2 BFE3232;Base Filtering Engine ;c:\programdata\SyncInfrastructureps32.exe [x]
R2 BFE32323232;Base Filtering Engine ;c:\programdata\webcheck32.exe [x]
R2 BFE3232323232;Base Filtering Engine ;c:\programdata\NlsData081a32.exe [x]
R2 Bonjour Service32;Bonjour Service ;c:\windows\system32\iprop32.exe [x]
R2 Bonjour Service3232;Bonjour Service ;c:\programdata\dimsjob32.exe [x]
R2 Bonjour Service323232;Bonjour Service ;c:\programdata\api-ms-win-core-xstate-l1-1-032.exe [x]
R2 Bonjour Service32323232;Bonjour Service ;c:\programdata\XpsPrint32.exe [x]
R2 Bonjour Service3232323232;Bonjour Service ;c:\programdata\wecapi32.exe [x]
R2 Bonjour Service323232323232;Bonjour Service ;c:\programdata\KBDAZEL32.exe [x]
R2 Browser3232;Computer Browser ;c:\programdata\appidapi32.exe [x]
R2 Browser323232;Computer Browser ;c:\programdata\api-ms-win-core-errorhandling-l1-1-032.exe [x]
R2 bthserv32;Bluetooth Support Service ;c:\programdata\KBDSF32.exe [x]
R2 bthserv3232;Bluetooth Support Service ;c:\programdata\wuwebv32.exe [x]
R2 bthserv323232;Bluetooth Support Service ;c:\programdata\nlmsprep32.exe [x]
R2 bthserv32323232;Bluetooth Support Service ;c:\programdata\InkEd32.exe [x]
R2 CertPropSvc32;Certificate Propagation ;c:\programdata\httpapi32.exe [x]
R2 CertPropSvc3232;Certificate Propagation ;c:\programdata\dmintf32.exe [x]
R2 CertPropSvc32323232;Certificate Propagation ;c:\programdata\BWUnpairElevated32.exe [x]
R2 clr_optimization_v2.0.50727_32323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\programdata\jdns_sd32.exe [x]
R2 clr_optimization_v2.0.50727_3232323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\programdata\comdlg3232.exe [x]
R2 clr_optimization_v2.0.50727_323232323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\programdata\rtffilt32.exe [x]
R2 clr_optimization_v2.0.50727_32323232323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\programdata\wdigest32.exe [x]
R2 clr_optimization_v2.0.50727_3232323232323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\programdata\UIRibbon32.exe [x]
R2 clr_optimization_v2.0.50727_6432;Microsoft .NET Framework NGEN v2.0.50727_X64 ;c:\programdata\msidntld32.exe [x]
R2 clr_optimization_v2.0.50727_643232;Microsoft .NET Framework NGEN v2.0.50727_X64 ;c:\programdata\WsmAuto32.exe [x]
R2 clr_optimization_v2.0.50727_64323232;Microsoft .NET Framework NGEN v2.0.50727_X64 ;c:\programdata\wsmplpxy32.exe [x]
R2 clr_optimization_v2.0.50727_6432323232;Microsoft .NET Framework NGEN v2.0.50727_X64 ;c:\programdata\XAudio2_532.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_323232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;c:\programdata\OnLineIDCpl32.exe [x]
R2 clr_optimization_v4.0.30319_32323232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;c:\programdata\userenv32.exe [x]
R2 clr_optimization_v4.0.30319_3232323232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;c:\programdata\QCLIPROV32.exe [x]
R2 clr_optimization_v4.0.30319_323232323232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;c:\programdata\fdWCN32.exe [x]
R2 clr_optimization_v4.0.30319_6432;Microsoft .NET Framework NGEN v4.0.30319_X64 ;c:\programdata\avicap3232.exe [x]
R2 COMSysApp32;COM+ System Application ;c:\programdata\MP4SDECD32.exe [x]
R2 CryptSvc32;Cryptographic Services ;c:\programdata\KBDINORI32.exe [x]
R2 cvhsvc32;Client Virtualization Handler ;c:\programdata\htui32.exe [x]
R2 cvhsvc3232;Client Virtualization Handler ;c:\programdata\eqossnap32.exe [x]
R2 cvhsvc323232;Client Virtualization Handler ;c:\programdata\aticfx3232.exe [x]
R2 DcomLaunch3232;DCOM Server Process Launcher ;c:\programdata\cmipnpinstall32.exe [x]
R2 DcomLaunch323232;DCOM Server Process Launcher ;c:\programdata\KBDMAC32.exe [x]
R2 DcomLaunch32323232;DCOM Server Process Launcher ;c:\programdata\winsockhc32.exe [x]
R2 DcomLaunch3232323232;DCOM Server Process Launcher ;c:\programdata\iologmsg32.exe [x]
R2 defragsvc32;Disk Defragmenter ;c:\programdata\scansetting32.exe [x]
R2 defragsvc323232;Disk Defragmenter ;c:\programdata\LAPRXY32.exe [x]
R2 Dhcp3232;DHCP Client ;c:\programdata\traffic32.exe [x]
R2 Dnscache32;DNS Client ;c:\programdata\perfts32.exe [x]
R2 Dnscache3232;DNS Client ;c:\programdata\odbcint32.exe [x]
R2 Dnscache323232;DNS Client ;c:\programdata\WMPEncEn32.exe [x]
R2 DPS32;Diagnostic Policy Service ;c:\programdata\SessEnv32.exe [x]
R2 DPS3232;Diagnostic Policy Service ;c:\programdata\sxs32.exe [x]
R2 DPS32323232;Diagnostic Policy Service ;c:\programdata\shimgvw32.exe [x]
R2 EapHost32;Extensible Authentication Protocol ;c:\programdata\verifier32.exe [x]
R2 EapHost32323232;Extensible Authentication Protocol ;c:\programdata\d3d10level932.exe [x]
R2 EapHost3232323232;Extensible Authentication Protocol ;c:\programdata\ntmarta32.exe [x]
R2 EFS32;Encrypting File System (EFS) ;c:\programdata\licmgr1032.exe [x]
R2 EFS3232;Encrypting File System (EFS) ;c:\programdata\nshipsec32.exe [x]
R2 EFS323232;Encrypting File System (EFS) ;c:\programdata\encapi32.exe [x]
R2 ehSched32;Windows Media Center Scheduler Service ;c:\programdata\winnsi32.exe [x]
R2 eventlog32;Windows Event Log ;c:\programdata\qwave32.exe [x]
R2 eventlog3232;Windows Event Log ;c:\programdata\ole2disp32.exe [x]
R2 eventlog323232;Windows Event Log ;c:\programdata\wmpsrcwp32.exe [x]
R2 eventlog32323232;Windows Event Log ;c:\programdata\FirewallControlPanel32.exe [x]
R2 eventlog3232323232;Windows Event Log ;c:\programdata\AuthFWWizFwk32.exe [x]
R2 eventlog323232323232;Windows Event Log ;c:\programdata\msvcrt4032.exe [x]
R2 eventlog32323232323232;Windows Event Log ;c:\programdata\KBDTAT32.exe [x]
R2 eventlog3232323232323232;Windows Event Log ;c:\programdata\RPCNDFP32.exe [x]
R2 EventSystem32;COM+ Event System ;c:\programdata\mscoree32.exe [x]
R2 EventSystem3232;COM+ Event System ;c:\programdata\msvcp7132.exe [x]
R2 Fax32;Fax ;c:\programdata\mapistub32.exe [x]
R2 Fax3232;Fax ;c:\programdata\kbdnec9532.exe [x]
R2 Fax323232;Fax ;c:\programdata\pstorec32.exe [x]
R2 Fax32323232;Fax ;c:\programdata\bitsprx432.exe [x]
R2 fdPHost32;Function Discovery Provider Host ;c:\programdata\rpcnsh32.exe [x]
R2 fdPHost3232;Function Discovery Provider Host ;c:\programdata\DeviceMetadataParsers32.exe [x]
R2 fdPHost323232;Function Discovery Provider Host ;c:\programdata\NlsLexicons081632.exe [x]
R2 fdPHost323232323232;Function Discovery Provider Host ;c:\programdata\eventcls32.exe [x]
R2 fdPHost32323232323232;Function Discovery Provider Host ;c:\programdata\xwizards32.exe [x]
R2 FDResPub3232;Function Discovery Resource Publication ;c:\programdata\StorageContextHandler32.exe [x]
R2 FDResPub323232;Function Discovery Resource Publication ;c:\programdata\KBDKHMR32.exe [x]
R2 FDResPub32323232;Function Discovery Resource Publication ;c:\programdata\dsuiext32.exe [x]
R2 FDResPub3232323232;Function Discovery Resource Publication ;c:\programdata\NlsData004a32.exe [x]
R2 FontCache3.0.0.032;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\shsetup32.exe [x]
R2 FontCache3.0.0.032323232;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\mciwave32.exe [x]
R2 FontCache3.0.0.03232323232;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\dot3ui32.exe [x]
R2 FontCache32;Windows Font Cache Service ;c:\programdata\KBDTUF32.exe [x]
R2 FontCache3232;Windows Font Cache Service ;c:\programdata\msaatext32.exe [x]
R2 fsssvc32;Windows Live Family Safety Service ;c:\programdata\NlsLexicons001332.exe [x]
R2 fsssvc3232;Windows Live Family Safety Service ;c:\programdata\rasdiag32.exe [x]
R2 fsssvc323232;Windows Live Family Safety Service ;c:\programdata\kbd101b32.exe [x]
R2 GameConsoleService32323232;GameConsoleService ;c:\programdata\uxlib32.exe [x]
R2 gpsvc3232;Group Policy Client ;c:\programdata\tapi332.exe [x]
R2 gpsvc32323232;Group Policy Client ;c:\programdata\FWPUCLNT32.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 136176]
R2 gupdate32;Google Update Service (gupdate) ;c:\programdata\KBDTIPRC32.exe [x]
R2 gupdate3232;Google Update Service (gupdate) ;c:\programdata\L2SecHC32.exe [x]
R2 gupdate323232;Google Update Service (gupdate) ;c:\programdata\DeviceDisplayStatusManager32.exe [x]
R2 gupdate32323232;Google Update Service (gupdate) ;c:\programdata\dmime32.exe [x]
R2 gupdate323232323232;Google Update Service (gupdate) ;c:\programdata\iasads32.exe [x]
R2 gupdate323232323232323232;Google Update Service (gupdate) ;c:\programdata\PresentationHostProxy32.exe [x]
R2 gupdate32323232323232323232;Google Update Service (gupdate) ;c:\programdata\themecpl32.exe [x]
R2 gupdatem32;Google Update Service (gupdatem) ;c:\programdata\NlsData000c32.exe [x]
R2 gupdatem3232;Google Update Service (gupdatem) ;c:\programdata\msvcp6032.exe [x]
R2 gupdatem323232;Google Update Service (gupdatem) ;c:\programdata\rsaenh32.exe [x]
R2 hidserv32;Human Interface Device Access ;c:\programdata\GEARAspi32.exe [x]
R2 hidserv3232;Human Interface Device Access ;c:\programdata\rdprefdrvapi32.exe [x]
R2 hidserv323232;Human Interface Device Access ;c:\programdata\NlsData001a32.exe [x]
R2 hidserv32323232;Human Interface Device Access ;c:\programdata\rastls32.exe [x]
R2 hidserv323232323232;Human Interface Device Access ;c:\programdata\UIRibbonRes32.exe [x]
R2 hidserv3232323232323232;Human Interface Device Access ;c:\programdata\FXSXP3232.exe [x]
R2 hidserv323232323232323232;Human Interface Device Access ;c:\programdata\BOOTVID32.exe [x]
R2 hkmsvc32;Health Key and Certificate Management ;c:\programdata\secproc_ssp32.exe [x]
R2 HomeGroupListener32;HomeGroup Listener ;c:\programdata\mswsock32.exe [x]
R2 HomeGroupListener3232;HomeGroup Listener ;c:\programdata\nlsbres32.exe [x]
R2 HomeGroupProvider32323232;HomeGroup Provider ;c:\programdata\qdvd32.exe [x]
R2 HomeGroupProvider3232323232;HomeGroup Provider ;c:\programdata\eappgnui32.exe [x]
R2 hpqcxs083232;hpqcxs08 ;c:\programdata\btpanui32.exe [x]
R2 hpqcxs08323232;hpqcxs08 ;c:\programdata\wmpmde32.exe [x]
R2 hpqddsvc32;HP CUE DeviceDiscovery Service ;c:\programdata\NlsLexicons004732.exe [x]
R2 hpqddsvc32323232;HP CUE DeviceDiscovery Service ;c:\programdata\AudioSes32.exe [x]
R2 hpqddsvc3232323232;HP CUE DeviceDiscovery Service ;c:\programdata\msxml432.exe [x]
R2 hpqddsvc323232323232;HP CUE DeviceDiscovery Service ;c:\programdata\comsvcs32.exe [x]
R2 hpqddsvc32323232323232;HP CUE DeviceDiscovery Service ;c:\programdata\winusb32.exe [x]
R2 hpqddsvc3232323232323232;HP CUE DeviceDiscovery Service ;c:\programdata\upnphost32.exe [x]
R2 idsvc32;Windows CardSpace ;c:\programdata\api-ms-win-core-processthreads-l1-1-032.exe [x]
R2 idsvc3232;Windows CardSpace ;c:\programdata\vbscript32.exe [x]
R2 IKEEXT32;IKE and AuthIP IPsec Keying Modules ;c:\programdata\d3d1132.exe [x]
R2 IKEEXT3232;IKE and AuthIP IPsec Keying Modules ;c:\programdata\KBDHELA232.exe [x]
R2 IKEEXT323232;IKE and AuthIP IPsec Keying Modules ;c:\programdata\cmutil32.exe [x]
R2 IKEEXT32323232;IKE and AuthIP IPsec Keying Modules ;c:\programdata\mspatcha32.exe [x]
R2 IKEEXT3232323232;IKE and AuthIP IPsec Keying Modules ;c:\programdata\SndVolSSO32.exe [x]
R2 IKEEXT323232323232;IKE and AuthIP IPsec Keying Modules ;c:\programdata\KBDYCL32.exe [x]
R2 IKEEXT32323232323232;IKE and AuthIP IPsec Keying Modules ;c:\programdata\NlsLexicons002a32.exe [x]
R2 IPBusEnum32;PnP-X IP Bus Enumerator ;c:\programdata\gdi3232.exe [x]
R2 iphlpsvc32;IP Helper ;c:\programdata\amstream32.exe [x]
R2 iphlpsvc3232;IP Helper ;c:\programdata\NlsLexicons004932.exe [x]
R2 iPod Service32;iPod Service ;c:\programdata\msdtcuiu32.exe [x]
R2 iPod Service323232;iPod Service ;c:\programdata\iassdo32.exe [x]
R2 iPod Service32323232;iPod Service ;c:\programdata\mfdvdec32.exe [x]
R2 KeyIso32;CNG Key Isolation ;c:\programdata\wlgpclnt32.exe [x]
R2 KeyIso3232;CNG Key Isolation ;c:\programdata\NlsLexicons002032.exe [x]
R2 KtmRm32;KtmRm for Distributed Transaction Coordinator ;c:\programdata\WfHC32.exe [x]
R2 KtmRm3232;KtmRm for Distributed Transaction Coordinator ;c:\programdata\netutils32.exe [x]
R2 KtmRm3232323232;KtmRm for Distributed Transaction Coordinator ;c:\programdata\KBDFA32.exe [x]
R2 LanmanServer32;Server ;c:\programdata\hid32.exe [x]
R2 LanmanWorkstation32;Workstation ;c:\programdata\KBDAL32.exe [x]
R2 LanmanWorkstation3232;Workstation ;c:\programdata\wshrm32.exe [x]
R2 LanmanWorkstation323232;Workstation ;c:\programdata\dhcpcmonitor32.exe [x]
R2 LanmanWorkstation32323232;Workstation ;c:\programdata\wlanapi32.exe [x]
R2 LanmanWorkstation3232323232;Workstation ;c:\programdata\iertutil32.exe [x]
R2 lltdsvc32;Link-Layer Topology Discovery Mapper ;c:\programdata\WLanConn32.exe [x]
R2 lltdsvc3232323232;Link-Layer Topology Discovery Mapper ;c:\programdata\sdiageng32.exe [x]
R2 lmhosts323232;TCP/IP NetBIOS Helper ;c:\programdata\rasser32.exe [x]
R2 lmhosts32323232;TCP/IP NetBIOS Helper ;c:\programdata\SynCtrl32.exe [x]
R2 lmhosts3232323232;TCP/IP NetBIOS Helper ;c:\programdata\atiuxpag32.exe [x]
R2 lmhosts323232323232;TCP/IP NetBIOS Helper ;c:\programdata\msxml4r32.exe [x]
R2 MBAMService3232;MBAMService ;c:\programdata\KBDJPN32.exe [x]
R2 McAfee SiteAdvisor Service32;McAfee SiteAdvisor Service ;c:\programdata\osbaseln32.exe [x]
R2 McAfee SiteAdvisor Service3232;McAfee SiteAdvisor Service ;c:\programdata\KBDCAN32.exe [x]
R2 McComponentHostService32;McAfee Security Scan Component Host Service ;c:\programdata\tdh32.exe [x]
R2 McComponentHostService3232;McAfee Security Scan Component Host Service ;c:\programdata\modemui32.exe [x]
R2 McComponentHostService323232;McAfee Security Scan Component Host Service ;c:\programdata\adtschema32.exe [x]
R2 McMPFSvc32;McAfee Personal Firewall Service ;c:\programdata\api-ms-win-security-lsalookup-l1-1-032.exe [x]
R2 McMPFSvc323232;McAfee Personal Firewall Service ;c:\programdata\NlsData081632.exe [x]
R2 McMPFSvc3232323232;McAfee Personal Firewall Service ;c:\programdata\P2P32.exe [x]
R2 McMPFSvc32323232323232;McAfee Personal Firewall Service ;c:\programdata\NlsData004b32.exe [x]
R2 McMPFSvc3232323232323232;McAfee Personal Firewall Service ;c:\programdata\iprtrmgr32.exe [x]
R2 mcmscsvc32;McAfee Services ;c:\programdata\MP3DMOD32.exe [x]
R2 mcmscsvc323232;McAfee Services ;c:\programdata\BioCredProv32.exe [x]
R2 McNaiAnn32;McAfee VirusScan Announcer ;c:\programdata\perfdisk32.exe [x]
R2 McNaiAnn3232;McAfee VirusScan Announcer ;c:\programdata\CHxReadingStringIME32.exe [x]
R2 McNaiAnn323232;McAfee VirusScan Announcer ;c:\programdata\RASMM32.exe [x]
R2 McNASvc32;McAfee Network Agent ;c:\programdata\keyiso32.exe [x]
R2 McNASvc3232;McAfee Network Agent ;c:\programdata\dmsynth32.exe [x]
R2 McODS32;McAfee Scanner ;c:\programdata\cryptxml32.exe [x]
R2 McODS3232;McAfee Scanner ;c:\programdata\KBDRU32.exe [x]
R2 McODS323232;McAfee Scanner ;c:\programdata\WinFax32.exe [x]
R2 McODS32323232;McAfee Scanner ;c:\programdata\WINSRPC32.exe [x]
R2 McODS3232323232;McAfee Scanner ;c:\programdata\SyncHostps32.exe [x]
R2 McProxy32;McAfee Proxy Service ;c:\programdata\esentprf32.exe [x]
R2 McProxy3232;McAfee Proxy Service ;c:\programdata\muifontsetup32.exe [x]
R2 McProxy323232;McAfee Proxy Service ;c:\programdata\SPInf32.exe [x]
R2 McProxy32323232;McAfee Proxy Service ;c:\programdata\hnetmon32.exe [x]
R2 McShield3232;McShield ;c:\programdata\msctfui32.exe [x]
R2 McShield323232;McShield ;c:\programdata\dpnlobby32.exe [x]
R2 Mcx2Svc323232;Media Center Extender Service ;c:\programdata\d3dx10_4232.exe [x]
R2 Mcx2Svc32323232;Media Center Extender Service ;c:\programdata\UIAnimation32.exe [x]
R2 mfefire32;McAfee Firewall Core Service ;c:\programdata\Faultrep32.exe [x]
R2 mfevtp323232;McAfee Validation Trust Protection Service ;c:\programdata\KBDUSA32.exe [x]
R2 mfevtp32323232;McAfee Validation Trust Protection Service ;c:\programdata\CertPolEng32.exe [x]
R2 mfevtp3232323232;McAfee Validation Trust Protection Service ;c:\programdata\msshavmsg32.exe [x]
R2 MMCSS3232;Multimedia Class Scheduler ;c:\programdata\wshext32.exe [x]
R2 MMCSS323232;Multimedia Class Scheduler ;c:\programdata\api-ms-win-core-processenvironment-l1-1-032.exe [x]
R2 MpsSvc32;Windows Firewall ;c:\programdata\iscsidsc32.exe [x]
R2 MpsSvc3232;Windows Firewall ;c:\programdata\dsound32.exe [x]
R2 MpsSvc323232;Windows Firewall ;c:\programdata\vds_ps32.exe [x]
R2 MpsSvc32323232;Windows Firewall ;c:\programdata\werui32.exe [x]
R2 MSDTC32;Distributed Transaction Coordinator ;c:\programdata\mfAACEnc32.exe [x]
R2 MSiSCSI32;Microsoft iSCSI Initiator Service ;c:\programdata\KBDGAE32.exe [x]
R2 MSiSCSI3232;Microsoft iSCSI Initiator Service ;c:\programdata\ole3232.exe [x]
R2 MSiSCSI323232;Microsoft iSCSI Initiator Service ;c:\programdata\Oemdspif32.exe [x]
R2 msiserver32;Windows Installer ;c:\programdata\WcnEapAuthProxy32.exe [x]
R2 msiserver3232;Windows Installer ;c:\programdata\Syncreg32.exe [x]
R2 napagent32;Network Access Protection Agent ;c:\programdata\KBDINBE132.exe [x]
R2 napagent3232;Network Access Protection Agent ;c:\programdata\msrepl4032.exe [x]
R2 napagent32323232;Network Access Protection Agent ;c:\programdata\fontext32.exe [x]
R2 napagent3232323232;Network Access Protection Agent ;c:\programdata\FXSAPI32.exe [x]
R2 Net Driver HPZ123232;Net Driver HPZ12 ;c:\programdata\rasman32.exe [x]
R2 Netlogon32;Netlogon ;c:\programdata\mssph32.exe [x]
R2 Netman3232;Network Connections ;c:\programdata\pla32.exe [x]
R2 Netman323232;Network Connections ;c:\programdata\KBDTH332.exe [x]
R2 Netman32323232;Network Connections ;c:\programdata\KBDBHC32.exe [x]
R2 netprofm32;Network List Service ;c:\programdata\KBDINASA32.exe [x]
R2 netprofm3232;Network List Service ;c:\programdata\KBDKYR32.exe [x]
R2 NetTcpPortSharing32;Net.Tcp Port Sharing Service ;c:\programdata\mprapi32.exe [x]
R2 NetTcpPortSharing3232;Net.Tcp Port Sharing Service ;c:\programdata\KBDSG32.exe [x]
R2 NetTcpPortSharing323232;Net.Tcp Port Sharing Service ;c:\programdata\MSAC3ENC32.exe [x]
R2 NetTcpPortSharing32323232;Net.Tcp Port Sharing Service ;c:\programdata\vdsbas32.exe [x]
R2 NetTcpPortSharing3232323232;Net.Tcp Port Sharing Service ;c:\programdata\drmv2clt32.exe [x]
R2 NetTcpPortSharing323232323232;Net.Tcp Port Sharing Service ;c:\programdata\netshell32.exe [x]
R2 NlaSvc32;Network Location Awareness ;c:\programdata\dxmasf32.exe [x]
R2 NlaSvc3232;Network Location Awareness ;c:\programdata\DxpTaskSync32.exe [x]
R2 NlaSvc323232;Network Location Awareness ;c:\programdata\msltus4032.exe [x]
R2 Norton PC Checkup Application Launcher32;Toshiba Laptop Checkup Application Launcher ;c:\programdata\sti32.exe [x]
R2 Norton PC Checkup Application Launcher3232;Toshiba Laptop Checkup Application Launcher ;c:\programdata\sqlceqp3032.exe [x]
R2 nsi32;Network Store Interface Service ;c:\programdata\shfolder32.exe [x]
R2 nsi3232;Network Store Interface Service ;c:\programdata\PresentationCFFRasterizerNative_v030032.exe [x]
R2 nsi323232;Network Store Interface Service ;c:\programdata\wmdrmsdk32.exe [x]
R2 ose32;Office Source Engine ;c:\programdata\ulib32.exe [x]
R2 ose3232;Office Source Engine ;c:\programdata\shunimpl32.exe [x]
R2 ose323232;Office Source Engine ;c:\programdata\ureg32.exe [x]
R2 ose32323232;Office Source Engine ;c:\programdata\WindowsCodecsExt32.exe [x]
R2 ose3232323232;Office Source Engine ;c:\programdata\advapi3232.exe [x]
R2 ose323232323232;Office Source Engine ;c:\programdata\tapiui32.exe [x]
R2 ose32323232323232;Office Source Engine ;c:\programdata\qasf32.exe [x]
R2 osppsvc32;Office Software Protection Platform ;c:\programdata\NlsLexicons000d32.exe [x]
R2 osppsvc3232;Office Software Protection Platform ;c:\programdata\dtsh32.exe [x]
R2 osppsvc323232;Office Software Protection Platform ;c:\programdata\glmf3232.exe [x]
R2 p2pimsvc3232;Peer Networking Identity Manager ;c:\programdata\mf321632.exe [x]
R2 p2pimsvc323232;Peer Networking Identity Manager ;c:\programdata\KernelBase32.exe [x]
R2 p2psvc32;Peer Networking Grouping ;c:\programdata\regapi32.exe [x]
R2 p2psvc3232;Peer Networking Grouping ;c:\programdata\NAPHLPR32.exe [x]
R2 p2psvc323232;Peer Networking Grouping ;c:\programdata\KBDTH232.exe [x]
R2 PcaSvc32323232;Program Compatibility Assistant Service ;c:\programdata\napipsec32.exe [x]
R2 PcaSvc3232323232;Program Compatibility Assistant Service ;c:\programdata\expsrv32.exe [x]
R2 PCCUJobMgr32;Common Client Job Manager Service ;c:\programdata\dnsapi32.exe [x]
R2 PCCUJobMgr3232;Common Client Job Manager Service ;c:\programdata\msdrm32.exe [x]
R2 PCCUJobMgr323232;Common Client Job Manager Service ;c:\programdata\qmgrprxy32.exe [x]
R2 PCCUJobMgr32323232;Common Client Job Manager Service ;c:\programdata\iTVData32.exe [x]
R2 PCCUJobMgr3232323232;Common Client Job Manager Service ;c:\programdata\vbajet3232.exe [x]
R2 PerfHost32;Performance Counter DLL Host ;c:\programdata\msxml332.exe [x]
R2 PerfHost3232;Performance Counter DLL Host ;c:\programdata\imapi232.exe [x]
R2 PerfHost323232;Performance Counter DLL Host ;c:\programdata\dskquota32.exe [x]
R2 pla32;Performance Logs & Alerts ;c:\programdata\MSMPEG2ENC32.exe [x]
R2 pla3232;Performance Logs & Alerts ;c:\programdata\NlsLexicons000132.exe [x]
R2 pla323232;Performance Logs & Alerts ;c:\programdata\msftedit32.exe [x]
R2 pla3232323232;Performance Logs & Alerts ;c:\programdata\NlsData001132.exe [x]
R2 pla323232323232;Performance Logs & Alerts ;c:\programdata\linkinfo32.exe [x]
R2 pla32323232323232;Performance Logs & Alerts ;c:\programdata\dciman3232.exe [x]
R2 PlugPlay32;Plug and Play ;c:\programdata\DevicePairingProxy32.exe [x]
R2 PlugPlay323232;Plug and Play ;c:\programdata\shsvcs32.exe [x]
R2 Pml Driver HPZ123232;Pml Driver HPZ12 ;c:\programdata\cryptsp32.exe [x]
R2 Pml Driver HPZ12323232;Pml Driver HPZ12 ;c:\programdata\netlogon32.exe [x]
R2 Pml Driver HPZ1232323232;Pml Driver HPZ12 ;c:\programdata\ncobjapi32.exe [x]
R2 Pml Driver HPZ123232323232;Pml Driver HPZ12 ;c:\programdata\gpedit32.exe [x]
R2 Pml Driver HPZ12323232323232;Pml Driver HPZ12 ;c:\programdata\d3dxof32.exe [x]
R2 Pml Driver HPZ1232323232323232;Pml Driver HPZ12 ;c:\programdata\scksp32.exe [x]
R2 PNRPsvc32;Peer Name Resolution Protocol ;c:\programdata\nlaapi32.exe [x]
R2 PNRPsvc3232;Peer Name Resolution Protocol ;c:\programdata\vdsdyn32.exe [x]
R2 PNRPsvc323232;Peer Name Resolution Protocol ;c:\programdata\powrprof32.exe [x]
R2 PolicyAgent3232;IPsec Policy Agent ;c:\programdata\SortServer2003Compat32.exe [x]
R2 PolicyAgent32323232;IPsec Policy Agent ;c:\programdata\EAPQEC32.exe [x]
R2 PolicyAgent3232323232;IPsec Policy Agent ;c:\programdata\dssenh32.exe [x]
R2 Power3232;Power ;c:\programdata\mfplat32.exe [x]
R2 Power323232;Power ;c:\programdata\ir41_qc32.exe [x]
R2 ProfSvc32;User Profile Service ;c:\programdata\NlsLexicons001932.exe [x]
R2 ProtectedStorage32;Protected Storage ;c:\programdata\SensApi32.exe [x]
R2 QWAVE32;Quality Windows Audio Video Experience ;c:\programdata\fontsub32.exe [x]
R2 QWAVE3232;Quality Windows Audio Video Experience ;c:\programdata\ifsutil32.exe [x]
R2 QWAVE323232;Quality Windows Audio Video Experience ;c:\programdata\uudf32.exe [x]
R2 QWAVE32323232;Quality Windows Audio Video Experience ;c:\programdata\KBDFR32.exe [x]
R2 QWAVE3232323232;Quality Windows Audio Video Experience ;c:\programdata\msoeacct32.exe [x]
R2 QWAVE323232323232;Quality Windows Audio Video Experience ;c:\programdata\msasn132.exe [x]
R2 RasAuto32;Remote Access Auto Connection Manager ;c:\programdata\EncDec32.exe [x]
R2 RasAuto3232;Remote Access Auto Connection Manager ;c:\programdata\rasmxs32.exe [x]
R2 RasAuto323232;Remote Access Auto Connection Manager ;c:\programdata\elslad32.exe [x]
R2 RasMan32;Remote Access Connection Manager ;c:\programdata\d3d10_1core32.exe [x]
R2 RemoteAccess323232;Routing and Remote Access ;c:\programdata\els32.exe [x]
R2 RemoteAccess32323232;Routing and Remote Access ;c:\programdata\miguiresource32.exe [x]
R2 RemoteAccess3232323232;Routing and Remote Access ;c:\programdata\dmrc32.exe [x]
R2 RemoteRegistry3232;Remote Registry ;c:\programdata\inetmib132.exe [x]
R2 RemoteRegistry323232;Remote Registry ;c:\programdata\avifil3232.exe [x]
R2 RemoteRegistry32323232;Remote Registry ;c:\programdata\clbcatq32.exe [x]
R2 RemoteRegistry3232323232;Remote Registry ;c:\programdata\dinput32.exe [x]
R2 RemoteRegistry323232323232;Remote Registry ;c:\programdata\Nlsdl32.exe [x]
R2 RpcEptMapper32;RPC Endpoint Mapper ;c:\programdata\msjtes4032.exe [x]
R2 RpcEptMapper3232;RPC Endpoint Mapper ;c:\programdata\UIAutomationCore32.exe [x]
R2 RpcLocator3232;Remote Procedure Call (RPC) Locator ;c:\programdata\Apphlpdm32.exe [x]
R2 RpcLocator323232;Remote Procedure Call (RPC) Locator ;c:\programdata\ir50_qc32.exe [x]
R2 RpcSs3232;Remote Procedure Call (RPC) ;c:\programdata\capisp32.exe [x]
R2 RpcSs323232;Remote Procedure Call (RPC) ;c:\programdata\api-ms-win-core-memory-l1-1-032.exe [x]
R2 SamSs32;Security Accounts Manager ;c:\programdata\scecli32.exe [x]
R2 SamSs3232;Security Accounts Manager ;c:\programdata\imageres32.exe [x]
R2 SamSs32323232;Security Accounts Manager ;c:\programdata\scesrv32.exe [x]
R2 SCardSvr32;Smart Card ;c:\programdata\dsprop32.exe [x]
R2 SCardSvr3232;Smart Card ;c:\programdata\mtxoci32.exe [x]
R2 SDRSVC3232;Windows Backup ;c:\programdata\KBDBGPH132.exe [x]
R2 SDRSVC323232;Windows Backup ;c:\programdata\bitsprx232.exe [x]
R2 SeaPort32;SeaPort ;c:\programdata\api-ms-win-core-fibers-l1-1-032.exe [x]
R2 SeaPort3232;SeaPort ;c:\programdata\umdmxfrm32.exe [x]
R2 seclogon32;Secondary Logon ;c:\programdata\dmdskres232.exe [x]
R2 seclogon3232;Secondary Logon ;c:\programdata\tapiperf32.exe [x]
R2 seclogon32323232;Secondary Logon ;c:\programdata\rdpcore32.exe [x]
R2 seclogon3232323232;Secondary Logon ;c:\programdata\inetcomm32.exe [x]
R2 seclogon323232323232;Secondary Logon ;c:\programdata\ufat32.exe [x]
R2 SENS32;System Event Notification Service ;c:\programdata\thawbrkr32.exe [x]
R2 SENS323232;System Event Notification Service ;c:\programdata\AltTab32.exe [x]
R2 SENS32323232;System Event Notification Service ;c:\programdata\samlib32.exe [x]
R2 SensrSvc3232;Adaptive Brightness ;c:\programdata\KBDPO32.exe [x]
R2 SessionEnv32;Remote Desktop Configuration ;c:\programdata\atiglpxx32.exe [x]
R2 SessionEnv3232;Remote Desktop Configuration ;c:\programdata\elsTrans32.exe [x]
R2 SessionEnv323232;Remote Desktop Configuration ;c:\programdata\NlsData000d32.exe [x]
R2 SharedAccess3232;Internet Connection Sharing (ICS) ;c:\programdata\NlsData002032.exe [x]
R2 SharedAccess323232;Internet Connection Sharing (ICS) ;c:\programdata\NlsLexicons003932.exe [x]
R2 SharedAccess32323232;Internet Connection Sharing (ICS) ;c:\programdata\Wpc32.exe [x]
R2 SharedAccess3232323232;Internet Connection Sharing (ICS) ;c:\programdata\NAPMONTR32.exe [x]
R2 SNMPTRAP32;SNMP Trap ;c:\programdata\DDACLSys32.exe [x]
R2 SNMPTRAP3232;SNMP Trap ;c:\programdata\TRAPI32.exe [x]
R2 SNMPTRAP323232;SNMP Trap ;c:\programdata\sirenacm32.exe [x]
R2 SNMPTRAP3232323232;SNMP Trap ;c:\programdata\pots32.exe [x]
R2 Spooler32;Print Spooler ;c:\programdata\fdBth32.exe [x]
R2 Spooler3232;Print Spooler ;c:\programdata\fdBthProxy32.exe [x]
R2 Spooler323232;Print Spooler ;c:\programdata\dhcpcsvc632.exe [x]
R2 sppsvc32;Software Protection ;c:\programdata\w32topl32.exe [x]
R2 sppsvc3232;Software Protection ;c:\programdata\KBDUKX32.exe [x]
R2 sppsvc323232;Software Protection ;c:\programdata\msscp32.exe [x]
R2 sppuinotify32;SPP Notification Service ;c:\programdata\KBDA132.exe [x]
R2 SstpSvc32;Secure Socket Tunneling Protocol Service ;c:\programdata\KBDUSR32.exe [x]
R2 SstpSvc3232;Secure Socket Tunneling Protocol Service ;c:\programdata\mydocs32.exe [x]
R2 SstpSvc323232;Secure Socket Tunneling Protocol Service ;c:\programdata\aticalrt32.exe [x]
R2 stisvc32;Windows Image Acquisition (WIA) ;c:\programdata\C_IS202232.exe [x]
R2 stisvc3232323232;Windows Image Acquisition (WIA) ;c:\programdata\KBDWOL32.exe [x]
R2 stisvc323232323232;Windows Image Acquisition (WIA) ;c:\programdata\eapphost32.exe [x]
R2 stisvc32323232323232;Windows Image Acquisition (WIA) ;c:\programdata\cnvfat32.exe [x]
R2 stisvc32323232323232323232;Windows Image Acquisition (WIA) ;c:\programdata\SynTPCOM32.exe [x]
R2 swprv32;Microsoft Software Shadow Copy Provider ;c:\programdata\DDOIProxy32.exe [x]
R2 swprv3232;Microsoft Software Shadow Copy Provider ;c:\programdata\RegCtrl32.exe [x]
R2 swprv323232;Microsoft Software Shadow Copy Provider ;c:\programdata\objsel32.exe [x]
R2 SysMain32;Superfetch ;c:\programdata\filemgmt32.exe [x]
R2 SysMain3232;Superfetch ;c:\programdata\atidxx3232.exe [x]
R2 TabletInputService32;Tablet PC Input Service ;c:\programdata\xwtpdui32.exe [x]
R2 TabletInputService3232;Tablet PC Input Service ;c:\programdata\gameux32.exe [x]
R2 TabletInputService323232;Tablet PC Input Service ;c:\programdata\DevicePairingHandler32.exe [x]
R2 TapiSrv32;Telephony ;c:\programdata\mfc4232.exe [x]
R2 TapiSrv32323232;Telephony ;c:\programdata\propsys32.exe [x]
R2 TapiSrv3232323232;Telephony ;c:\programdata\mswmdm32.exe [x]
R2 TapiSrv32323232323232;Telephony ;c:\programdata\odbccr3232.exe [x]
R2 TapiSrv3232323232323232;Telephony ;c:\programdata\racpldlg32.exe [x]
R2 TapiSrv323232323232323232;Telephony ;c:\programdata\msexcl4032.exe [x]
R2 TapiSrv32323232323232323232;Telephony ;c:\programdata\NlsLexicons001132.exe [x]
R2 TBS3232323232;TPM Base Services ;c:\programdata\dot3gpclnt32.exe [x]
R2 TBS323232323232;TPM Base Services ;c:\programdata\MMDevAPI32.exe [x]
R2 TermService32;Remote Desktop Services ;c:\programdata\XPSSHHDR32.exe [x]
R2 TermService3232;Remote Desktop Services ;c:\programdata\mgmtapi32.exe [x]
R2 Themes32;Themes ;c:\programdata\WebClnt32.exe [x]
R2 THREADORDER32;Thread Ordering Server ;c:\programdata\authui32.exe [x]
R2 THREADORDER323232;Thread Ordering Server ;c:\programdata\NlsLexicons002632.exe [x]
R2 TMachInfo32;TMachInfo ;c:\programdata\prnntfy32.exe [x]
R2 TMachInfo3232;TMachInfo ;c:\programdata\msdadiag32.exe [x]
R2 TMachInfo323232;TMachInfo ;c:\programdata\sspicli32.exe [x]
R2 TODDSrv32;TOSHIBA Optical Disc Drive Service ;c:\programdata\prflbmsg32.exe [x]
R2 TODDSrv3232;TOSHIBA Optical Disc Drive Service ;c:\programdata\iyuv_3232.exe [x]
R2 TODDSrv323232;TOSHIBA Optical Disc Drive Service ;c:\programdata\NlsData001332.exe [x]
R2 TODDSrv32323232;TOSHIBA Optical Disc Drive Service ;c:\programdata\dimsroam32.exe [x]
R2 TosCoSrv32;TOSHIBA Power Saver ;c:\programdata\WinSATAPI32.exe [x]
R2 TosCoSrv323232;TOSHIBA Power Saver ;c:\programdata\ntlanui232.exe [x]
R2 TosCoSrv32323232;TOSHIBA Power Saver ;c:\programdata\provthrd32.exe [x]
R2 TosCoSrv3232323232;TOSHIBA Power Saver ;c:\programdata\PortableDeviceClassExtension32.exe [x]
R2 TosCoSrv323232323232;TOSHIBA Power Saver ;c:\programdata\comuid32.exe [x]
R2 TOSHIBA eco Utility Service323232;TOSHIBA eco Utility Service ;c:\programdata\whhelper32.exe [x]
R2 TOSHIBA HDD SSD Alert Service32;TOSHIBA HDD SSD Alert Service ;c:\programdata\msports32.exe [x]
R2 TOSHIBA HDD SSD Alert Service3232;TOSHIBA HDD SSD Alert Service ;c:\programdata\radarrs32.exe [x]
R2 TOSHIBA HDD SSD Alert Service323232;TOSHIBA HDD SSD Alert Service ;c:\programdata\dot3gpui32.exe [x]
R2 TOSHIBA HDD SSD Alert Service32323232;TOSHIBA HDD SSD Alert Service ;c:\programdata\stobject32.exe [x]
R2 TOSHIBA HDD SSD Alert Service3232323232;TOSHIBA HDD SSD Alert Service ;c:\programdata\KBDIR32.exe [x]
R2 TPCHSrv32;TPCH Service ;c:\programdata\iasacct32.exe [x]
R2 TrkWks32;Distributed Link Tracking Client ;c:\programdata\RESAMPLEDMO32.exe [x]
R2 TrkWks3232;Distributed Link Tracking Client ;c:\programdata\iscsium32.exe [x]
R2 TrkWks323232;Distributed Link Tracking Client ;c:\programdata\dbnetlib32.exe [x]
R2 TrkWks32323232;Distributed Link Tracking Client ;c:\programdata\WinSyncMetastore32.exe [x]
R2 TrustedInstaller32;Windows Modules Installer ;c:\programdata\wscinterop32.exe [x]
R2 TrustedInstaller323232;Windows Modules Installer ;c:\programdata\mmcshext32.exe [x]
R2 TrustedInstaller32323232;Windows Modules Installer ;c:\programdata\secproc32.exe [x]
R2 UI0Detect32;Interactive Services Detection ;c:\programdata\WMVCORE32.exe [x]
R2 UI0Detect3232;Interactive Services Detection ;c:\programdata\xmlfilter32.exe [x]
R2 UI0Detect323232;Interactive Services Detection ;c:\programdata\sendmail32.exe [x]
R2 UI0Detect32323232;Interactive Services Detection ;c:\programdata\mfvdsp32.exe [x]
R2 upnphost32;UPnP Device Host ;c:\programdata\wlansec32.exe [x]
R2 UxSms32;Desktop Window Manager Session Manager ;c:\programdata\AzSqlExt32.exe [x]
R2 UxSms3232;Desktop Window Manager Session Manager ;c:\programdata\MsRdpWebAccess32.exe [x]
R2 VaultSvc323232;Credential Manager ;c:\programdata\cmifw32.exe [x]
R2 vds32;Virtual Disk ;c:\programdata\deskperf32.exe [x]
R2 W32Time32;Windows Time ;c:\programdata\IPHLPAPI32.exe [x]
R2 WatAdminSvc32;Windows Activation Technologies Service ;c:\programdata\dxtmsft32.exe [x]
R2 WatAdminSvc3232;Windows Activation Technologies Service ;c:\programdata\bidispl32.exe [x]
R2 WatAdminSvc32323232;Windows Activation Technologies Service ;c:\programdata\ieaksie32.exe [x]
R2 wbengine32;Block Level Backup Engine Service ;c:\programdata\scrobj32.exe [x]
R2 WbioSrvc32;Windows Biometric Service ;c:\programdata\shgina32.exe [x]
R2 WbioSrvc3232;Windows Biometric Service ;c:\programdata\winhttp32.exe [x]
R2 WbioSrvc323232;Windows Biometric Service ;c:\programdata\cryptsvc32.exe [x]
R2 WbioSrvc32323232;Windows Biometric Service ;c:\programdata\XpsGdiConverter32.exe [x]
R2 WbioSrvc3232323232;Windows Biometric Service ;c:\programdata\KBDINUK232.exe [x]
R2 wcncsvc32;Windows Connect Now - Config Registrar ;c:\programdata\localsec32.exe [x]
R2 wcncsvc3232;Windows Connect Now - Config Registrar ;c:\programdata\NlsData001832.exe [x]
R2 WdiSystemHost3232;Diagnostic System Host ;c:\programdata\CPFilters32.exe [x]
R2 WdiSystemHost323232;Diagnostic System Host ;c:\programdata\p2pcollab32.exe [x]
R2 WdiSystemHost32323232;Diagnostic System Host ;c:\programdata\KBDUR132.exe [x]
R2 WebClient32;WebClient ;c:\programdata\vsstrace32.exe [x]
R2 WebClient3232;WebClient ;c:\programdata\wiatrace32.exe [x]
R2 Wecsvc32;Windows Event Collector ;c:\programdata\KBDARMW32.exe [x]
R2 Wecsvc32323232;Windows Event Collector ;c:\programdata\dmdlgs32.exe [x]
R2 Wecsvc3232323232;Windows Event Collector ;c:\programdata\KBDCR32.exe [x]
R2 WinDefend3232;Windows Defender ;c:\programdata\onexui32.exe [x]
R2 WinDefend323232;Windows Defender ;c:\programdata\sechost32.exe [x]
R2 WinDefend3232323232;Windows Defender ;c:\programdata\drprov32.exe [x]
R2 WinDefend32323232323232;Windows Defender ;c:\programdata\KBDNSO32.exe [x]
R2 WinHttpAutoProxySvc32;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\msfeeds32.exe [x]
R2 WinHttpAutoProxySvc3232;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\KBDLV32.exe [x]
R2 WinHttpAutoProxySvc323232;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\migisol32.exe [x]
R2 WinHttpAutoProxySvc32323232;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\amdpcom3232.exe [x]
R2 WinHttpAutoProxySvc32323232323232323232;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\deskadp32.exe [x]
R2 WinHttpAutoProxySvc323232323232323232323232;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\atiu9pag32.exe [x]
R2 WinHttpAutoProxySvc32323232323232323232323232;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\logoncli32.exe [x]
R2 Winmgmt32;Windows Management Instrumentation ;c:\programdata\netprof32.exe [x]
R2 Winmgmt3232;Windows Management Instrumentation ;c:\programdata\xpsservices32.exe [x]
R2 Wlansvc32;WLAN AutoConfig ;c:\programdata\api-ms-win-service-winsvc-l1-1-032.exe [x]
R2 Wlansvc3232;WLAN AutoConfig ;c:\programdata\ActionCenter32.exe [x]
R2 wlcrasvc32;Windows Live Mesh remote connections service ;c:\programdata\npmproxy32.exe [x]
R2 wlidsvc32;Windows Live ID Sign-in Assistant ;c:\programdata\devenum32.exe [x]
R2 wlidsvc3232;Windows Live ID Sign-in Assistant ;c:\programdata\FirewallAPI32.exe [x]
R2 wmiApSrv3232;WMI Performance Adapter ;c:\programdata\oleaccrc32.exe [x]
R2 WMPNetworkSvc32;Windows Media Player Network Sharing Service ;c:\programdata\KBDLV132.exe [x]
R2 WMPNetworkSvc3232;Windows Media Player Network Sharing Service ;c:\programdata\wshqos32.exe [x]
R2 WMPNetworkSvc323232;Windows Media Player Network Sharing Service ;c:\programdata\wscisvif32.exe [x]
R2 WPCSvc3232;Parental Controls ;c:\programdata\wpdshext32.exe [x]
R2 WPCSvc323232;Parental Controls ;c:\programdata\cabview32.exe [x]
R2 WPCSvc32323232;Parental Controls ;c:\programdata\api-ms-win-core-threadpool-l1-1-032.exe [x]
R2 WPCSvc3232323232;Parental Controls ;c:\programdata\bitsprx332.exe [x]
R2 WPCSvc323232323232;Parental Controls ;c:\programdata\aticalcl32.exe [x]
R2 WPCSvc32323232323232;Parental Controls ;c:\programdata\xolehlp32.exe [x]
R2 WPCSvc3232323232323232;Parental Controls ;c:\programdata\wmpshell32.exe [x]
R2 WPDBusEnum3232;Portable Device Enumerator Service ;c:\programdata\COLORCNV32.exe [x]
R2 WPDBusEnum323232;Portable Device Enumerator Service ;c:\programdata\gdiplus32.exe [x]
R2 WPDBusEnum32323232;Portable Device Enumerator Service ;c:\programdata\wmi32.exe [x]
R2 wscsvc32;Security Center ;c:\programdata\photowiz32.exe [x]
R2 wscsvc3232;Security Center ;c:\programdata\certCredProvider32.exe [x]
R2 wscsvc323232;Security Center ;c:\programdata\WMVSDECD32.exe [x]
R2 WSearch3232;Windows Search ;c:\programdata\netdiagfx32.exe [x]
R2 wuauserv3232;Windows Update ;c:\programdata\scrrun32.exe [x]
R2 wuauserv323232;Windows Update ;c:\programdata\sberes32.exe [x]
R2 wuauserv32323232;Windows Update ;c:\programdata\msshooks32.exe [x]
R2 wuauserv3232323232;Windows Update ;c:\programdata\ws2_3232.exe [x]
R2 wuauserv323232323232;Windows Update ;c:\programdata\pngfilt32.exe [x]
R2 wudfsvc32;Windows Driver Foundation - User-mode Driver Framework ;c:\programdata\mssphtb32.exe [x]
R2 wudfsvc3232;Windows Driver Foundation - User-mode Driver Framework ;c:\programdata\wsecedit32.exe [x]
R2 wudfsvc3232323232;Windows Driver Foundation - User-mode Driver Framework ;c:\programdata\KBDINTEL32.exe [x]
R2 WwanSvc32;WWAN AutoConfig ;c:\programdata\srvcli32.exe [x]
R2 WwanSvc3232;WWAN AutoConfig ;c:\programdata\pwrshplugin32.exe [x]
R2 WwanSvc32323232;WWAN AutoConfig ;c:\programdata\printui32.exe [x]
R2 WwanSvc3232323232;WWAN AutoConfig ;c:\programdata\mtxlegih32.exe [x]
R2 WwanSvc323232323232;WWAN AutoConfig ;c:\programdata\iashlpr32.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2011-08-10 102608]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 01:28]
.
2011-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 01:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF12585.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\q0i65whz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-741467842-3624285276-3951911184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-741467842-3624285276-3951911184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2011-09-24 18:59:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-24 22:59
.
Pre-Run: 333,068,873,728 bytes free
Post-Run: 334,166,855,680 bytes free
.
- - End Of File - - 1010AD991F35388CFD01171CF6623224

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,299 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:00 AM

Posted 29 September 2011 - 09:05 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Driver::
Driver::
AeLookupSvc32
AeLookupSvc323232
AeLookupSvc3232323232
AeLookupSvc323232323232
ALG323232
ALG32323232
AMD External Events Utility32
AMD External Events Utility3232
AMD External Events Utility323232
AMD External Events Utility32323232
AMD External Events Utility3232323232
AppIDSvc3232
AppIDSvc323232
AppIDSvc32323232
Appinfo32
Appinfo3232
Apple Mobile Device32
Apple Mobile Device3232
Apple Mobile Device323232
AudioEndpointBuilder32
AudioEndpointBuilder3232
AudioSrv32
AudioSrv3232
AudioSrv323232
AxInstSV32
BBSvc3232
BDESVC32
BDESVC3232
BDESVC323232
BDESVC32323232
BDESVC3232323232
BFE32
BFE3232
BFE32323232
BFE3232323232
Bonjour Service32
Bonjour Service3232
Bonjour Service323232
Bonjour Service32323232
Bonjour Service3232323232
Bonjour Service323232323232
Browser3232
Browser323232
bthserv32
bthserv3232
bthserv323232
bthserv32323232
CertPropSvc32
CertPropSvc3232
CertPropSvc32323232
clr_optimization_v2.0.50727_32323232
clr_optimization_v2.0.50727_3232323232
clr_optimization_v2.0.50727_323232323232
clr_optimization_v2.0.50727_32323232323232
clr_optimization_v2.0.50727_3232323232323232
clr_optimization_v2.0.50727_6432
clr_optimization_v2.0.50727_643232
clr_optimization_v2.0.50727_64323232
clr_optimization_v2.0.50727_6432323232
clr_optimization_v4.0.30319_32
clr_optimization_v4.0.30319_323232
clr_optimization_v4.0.30319_32323232
clr_optimization_v4.0.30319_3232323232
clr_optimization_v4.0.30319_323232323232
clr_optimization_v4.0.30319_6432
COMSysApp32
CryptSvc32
cvhsvc32
cvhsvc3232
cvhsvc323232
DcomLaunch3232
DcomLaunch323232
DcomLaunch32323232
DcomLaunch3232323232
defragsvc32
defragsvc323232
Dhcp3232
Dnscache32
Dnscache3232
Dnscache323232
DPS32
DPS3232
DPS32323232
EapHost32
EapHost32323232
EapHost3232323232
EFS32
EFS3232
EFS323232
ehSched32
eventlog32
eventlog3232
eventlog323232
eventlog32323232
eventlog3232323232
eventlog323232323232
eventlog32323232323232
eventlog3232323232323232
EventSystem32
EventSystem3232
Fax32
Fax3232
Fax323232
Fax32323232
fdPHost32
fdPHost3232
fdPHost323232
fdPHost323232323232
fdPHost32323232323232
FDResPub3232
FDResPub323232
FDResPub32323232
FDResPub3232323232
FontCache3.0.0.032
FontCache3.0.0.032323232
FontCache3.0.0.03232323232
FontCache32
FontCache3232
fsssvc32
fsssvc3232
fsssvc323232
GameConsoleService32323232
gpsvc3232
gpsvc32323232
gupdate
gupdate32
gupdate3232
gupdate323232
gupdate32323232
gupdate323232323232
gupdate323232323232323232
gupdate32323232323232323232
gupdatem32
gupdatem3232
gupdatem323232
hidserv32
hidserv3232
hidserv323232
hidserv32323232
hidserv323232323232
hidserv3232323232323232
hidserv323232323232323232
hkmsvc32
HomeGroupListener32
HomeGroupListener3232
HomeGroupProvider32323232
HomeGroupProvider3232323232
hpqcxs083232
hpqcxs08323232
hpqddsvc32
hpqddsvc32323232
hpqddsvc3232323232
hpqddsvc323232323232
hpqddsvc32323232323232
hpqddsvc3232323232323232
idsvc32
idsvc3232
IKEEXT32
IKEEXT3232
IKEEXT323232
IKEEXT32323232
IKEEXT3232323232
IKEEXT323232323232
IKEEXT32323232323232
IPBusEnum32
iphlpsvc32
iphlpsvc3232
iPod Service32
iPod Service323232
iPod Service32323232
KeyIso32
KeyIso3232
KtmRm32
KtmRm3232
KtmRm3232323232
LanmanServer32
LanmanWorkstation32
LanmanWorkstation3232
LanmanWorkstation323232
LanmanWorkstation32323232
LanmanWorkstation3232323232
lltdsvc32
lltdsvc3232323232
lmhosts323232
lmhosts32323232
lmhosts3232323232
lmhosts323232323232
MBAMService3232
McAfee SiteAdvisor Service32
McAfee SiteAdvisor Service3232
McComponentHostService32
McComponentHostService3232
McComponentHostService323232
McMPFSvc32
McMPFSvc323232
McMPFSvc3232323232
McMPFSvc32323232323232
McMPFSvc3232323232323232
mcmscsvc32
mcmscsvc323232
McNaiAnn32
McNaiAnn3232
McNaiAnn323232
McNASvc32
McNASvc3232
McODS32
McODS3232
McODS323232
McODS32323232
McODS3232323232
McProxy32
McProxy3232
McProxy323232
McProxy32323232
McShield3232
McShield323232
Mcx2Svc323232
Mcx2Svc32323232
mfefire32
mfevtp323232
mfevtp32323232
mfevtp3232323232
MMCSS3232
MMCSS323232
MpsSvc32
MpsSvc3232
MpsSvc323232
MpsSvc32323232
MSDTC32
MSiSCSI32
MSiSCSI3232
MSiSCSI323232
msiserver32
msiserver3232
napagent32
napagent3232
napagent32323232
napagent3232323232
Net Driver HPZ123232
Netlogon32
Netman3232
Netman323232
Netman32323232
netprofm32
netprofm3232
NetTcpPortSharing32
NetTcpPortSharing3232
NetTcpPortSharing323232
NetTcpPortSharing32323232
NetTcpPortSharing3232323232
NetTcpPortSharing323232323232
NlaSvc32
NlaSvc3232
NlaSvc323232
Norton PC Checkup Application Launcher32
Norton PC Checkup Application Launcher3232
nsi32
nsi3232
nsi323232
ose32
ose3232
ose323232
ose32323232
ose3232323232
ose323232323232
ose32323232323232
osppsvc32
osppsvc3232
osppsvc323232
p2pimsvc3232
p2pimsvc323232
p2psvc32
p2psvc3232
p2psvc323232
PcaSvc32323232
PcaSvc3232323232
PCCUJobMgr32
PCCUJobMgr3232
PCCUJobMgr323232
PCCUJobMgr32323232
PCCUJobMgr3232323232
PerfHost32
PerfHost3232
PerfHost323232
pla32
pla3232
pla323232
pla3232323232
pla323232323232
pla32323232323232
PlugPlay32
PlugPlay323232
Pml Driver HPZ123232
Pml Driver HPZ12323232
Pml Driver HPZ1232323232
Pml Driver HPZ123232323232
Pml Driver HPZ12323232323232
Pml Driver HPZ1232323232323232
PNRPsvc32
PNRPsvc3232
PNRPsvc323232
PolicyAgent3232
PolicyAgent32323232
PolicyAgent3232323232
Power3232
Power323232
ProfSvc32
ProtectedStorage32
QWAVE32
QWAVE3232
QWAVE323232
QWAVE32323232
QWAVE3232323232
QWAVE323232323232
RasAuto32
RasAuto3232
RasAuto323232
RasMan32
RemoteAccess323232
RemoteAccess32323232
RemoteAccess3232323232
RemoteRegistry3232
RemoteRegistry323232
RemoteRegistry32323232
RemoteRegistry3232323232
RemoteRegistry323232323232
RpcEptMapper32
RpcEptMapper3232
RpcLocator3232
RpcLocator323232
RpcSs3232
RpcSs323232
SamSs32
SamSs3232
SamSs32323232
SCardSvr32
SCardSvr3232
SDRSVC3232
SDRSVC323232
SeaPort32
SeaPort3232
seclogon32
seclogon3232
seclogon32323232
seclogon3232323232
seclogon323232323232
SENS32
SENS323232
SENS32323232
SensrSvc3232
SessionEnv32
SessionEnv3232
SessionEnv323232
SharedAccess3232
SharedAccess323232
SharedAccess32323232
SharedAccess3232323232
SNMPTRAP32
SNMPTRAP3232
SNMPTRAP323232
SNMPTRAP3232323232
Spooler32
Spooler3232
Spooler323232
sppsvc32
sppsvc3232
sppsvc323232
sppuinotify32
SstpSvc32
SstpSvc3232
SstpSvc323232
stisvc32
stisvc3232323232
stisvc323232323232
stisvc32323232323232
stisvc32323232323232323232
swprv32
swprv3232
swprv323232
SysMain32
SysMain3232
TabletInputService32
TabletInputService3232
TabletInputService323232
TapiSrv32
TapiSrv32323232
TapiSrv3232323232
TapiSrv32323232323232
TapiSrv3232323232323232
TapiSrv323232323232323232
TapiSrv32323232323232323232
TBS3232323232
TBS323232323232
TermService32
TermService3232
Themes32
THREADORDER32
THREADORDER323232
TMachInfo32
TMachInfo3232
TMachInfo323232
TODDSrv32
TODDSrv3232
TODDSrv323232
TODDSrv32323232
TosCoSrv32
TosCoSrv323232
TosCoSrv32323232
TosCoSrv3232323232
TosCoSrv323232323232
TOSHIBA eco Utility Service323232
TOSHIBA HDD SSD Alert Service32
TOSHIBA HDD SSD Alert Service3232
TOSHIBA HDD SSD Alert Service323232
TOSHIBA HDD SSD Alert Service32323232
TOSHIBA HDD SSD Alert Service3232323232
TPCHSrv32
TrkWks32
TrkWks3232
TrkWks323232
TrkWks32323232
TrustedInstaller32
TrustedInstaller323232
TrustedInstaller32323232
UI0Detect32
UI0Detect3232
UI0Detect323232
UI0Detect32323232
upnphost32
UxSms32
UxSms3232
VaultSvc323232
vds32
W32Time32
WatAdminSvc32
WatAdminSvc3232
WatAdminSvc32323232
wbengine32
WbioSrvc32
WbioSrvc3232
WbioSrvc323232
WbioSrvc32323232
WbioSrvc3232323232
wcncsvc32
wcncsvc3232
WdiSystemHost3232
WdiSystemHost323232
WdiSystemHost32323232
WebClient32
WebClient3232
Wecsvc32
Wecsvc32323232
Wecsvc3232323232
WinDefend3232
WinDefend323232
WinDefend3232323232
WinDefend32323232323232
WinHttpAutoProxySvc32
WinHttpAutoProxySvc3232
WinHttpAutoProxySvc323232
WinHttpAutoProxySvc32323232
WinHttpAutoProxySvc32323232323232323232
WinHttpAutoProxySvc323232323232323232323232
WinHttpAutoProxySvc32323232323232323232323232
Winmgmt32
Winmgmt3232
Wlansvc32
Wlansvc3232
wlcrasvc32
wlidsvc32
wlidsvc3232
wmiApSrv3232
WMPNetworkSvc32
WMPNetworkSvc3232
WMPNetworkSvc323232
WPCSvc3232
WPCSvc323232
WPCSvc32323232
WPCSvc3232323232
WPCSvc323232323232
WPCSvc32323232323232
WPCSvc3232323232323232
WPDBusEnum3232
WPDBusEnum323232
WPDBusEnum32323232
wscsvc32
wscsvc3232
wscsvc323232
WSearch3232
wuauserv3232
wuauserv323232
wuauserv32323232
wuauserv3232323232
wuauserv323232323232
wudfsvc32
wudfsvc3232
wudfsvc3232323232
WwanSvc32
WwanSvc3232
WwanSvc32323232
WwanSvc3232323232
WwanSvc323232323232


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 sally1987

sally1987
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 01 October 2011 - 07:12 PM

Hello,

I ran Combofix again.
I didn't have any problems running the program.
Things seem to be good with the computer.

ComboFix 11-10-01.03 - Sally 10/01/2011 19:34:04.2.3 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2469 [GMT -4:00]
Running from: c:\users\Sally\Desktop\ComboFix.exe
Command switches used :: c:\users\Sally\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AeLookupSvc32
-------\Service_AeLookupSvc323232
-------\Service_AeLookupSvc3232323232
-------\Service_AeLookupSvc323232323232
-------\Service_ALG323232
-------\Service_ALG32323232
-------\Service_AMD External Events Utility32
-------\Service_AMD External Events Utility3232
-------\Service_AMD External Events Utility323232
-------\Service_AMD External Events Utility32323232
-------\Service_AMD External Events Utility3232323232
-------\Service_AppIDSvc3232
-------\Service_AppIDSvc323232
-------\Service_AppIDSvc32323232
-------\Service_Appinfo32
-------\Service_Appinfo3232
-------\Service_Apple Mobile Device32
-------\Service_Apple Mobile Device3232
-------\Service_Apple Mobile Device323232
-------\Service_AudioEndpointBuilder32
-------\Service_AudioEndpointBuilder3232
-------\Service_AudioSrv32
-------\Service_AudioSrv3232
-------\Service_AudioSrv323232
-------\Service_AxInstSV32
-------\Service_BBSvc3232
-------\Service_BDESVC32
-------\Service_BDESVC3232
-------\Service_BDESVC323232
-------\Service_BDESVC32323232
-------\Service_BDESVC3232323232
-------\Service_BFE32
-------\Service_BFE3232
-------\Service_BFE32323232
-------\Service_BFE3232323232
-------\Service_Bonjour Service32
-------\Service_Bonjour Service3232
-------\Service_Bonjour Service323232
-------\Service_Bonjour Service32323232
-------\Service_Bonjour Service3232323232
-------\Service_Bonjour Service323232323232
-------\Service_Browser3232
-------\Service_Browser323232
-------\Service_bthserv32
-------\Service_bthserv3232
-------\Service_bthserv323232
-------\Service_bthserv32323232
-------\Service_CertPropSvc32
-------\Service_CertPropSvc3232
-------\Service_CertPropSvc32323232
-------\Service_clr_optimization_v2.0.50727_32323232
-------\Service_clr_optimization_v2.0.50727_3232323232
-------\Service_clr_optimization_v2.0.50727_323232323232
-------\Service_clr_optimization_v2.0.50727_32323232323232
-------\Service_clr_optimization_v2.0.50727_3232323232323232
-------\Service_clr_optimization_v2.0.50727_6432
-------\Service_clr_optimization_v2.0.50727_643232
-------\Service_clr_optimization_v2.0.50727_64323232
-------\Service_clr_optimization_v2.0.50727_6432323232
-------\Service_clr_optimization_v4.0.30319_32
-------\Service_clr_optimization_v4.0.30319_323232
-------\Service_clr_optimization_v4.0.30319_32323232
-------\Service_clr_optimization_v4.0.30319_3232323232
-------\Service_clr_optimization_v4.0.30319_323232323232
-------\Service_clr_optimization_v4.0.30319_6432
-------\Service_COMSysApp32
-------\Service_CryptSvc32
-------\Service_cvhsvc32
-------\Service_cvhsvc3232
-------\Service_cvhsvc323232
-------\Service_DcomLaunch3232
-------\Service_DcomLaunch323232
-------\Service_DcomLaunch32323232
-------\Service_DcomLaunch3232323232
-------\Service_defragsvc32
-------\Service_defragsvc323232
-------\Service_Dhcp3232
-------\Service_Dnscache32
-------\Service_Dnscache3232
-------\Service_Dnscache323232
-------\Service_DPS32
-------\Service_DPS3232
-------\Service_DPS32323232
-------\Service_EapHost32
-------\Service_EapHost32323232
-------\Service_EapHost3232323232
-------\Service_EFS32
-------\Service_EFS3232
-------\Service_EFS323232
-------\Service_ehSched32
-------\Service_eventlog32
-------\Service_eventlog3232
-------\Service_eventlog323232
-------\Service_eventlog32323232
-------\Service_eventlog3232323232
-------\Service_eventlog323232323232
-------\Service_eventlog32323232323232
-------\Service_eventlog3232323232323232
-------\Service_EventSystem32
-------\Service_EventSystem3232
-------\Service_Fax32
-------\Service_Fax3232
-------\Service_Fax323232
-------\Service_Fax32323232
-------\Service_fdPHost32
-------\Service_fdPHost3232
-------\Service_fdPHost323232
-------\Service_fdPHost323232323232
-------\Service_fdPHost32323232323232
-------\Service_FDResPub3232
-------\Service_FDResPub323232
-------\Service_FDResPub32323232
-------\Service_FDResPub3232323232
-------\Service_FontCache3.0.0.032
-------\Service_FontCache3.0.0.032323232
-------\Service_FontCache3.0.0.03232323232
-------\Service_FontCache32
-------\Service_FontCache3232
-------\Service_fsssvc32
-------\Service_fsssvc3232
-------\Service_fsssvc323232
-------\Service_GameConsoleService32323232
-------\Service_gpsvc3232
-------\Service_gpsvc32323232
-------\Service_gupdate
-------\Service_gupdate32
-------\Service_gupdate3232
-------\Service_gupdate323232
-------\Service_gupdate32323232
-------\Service_gupdate323232323232
-------\Service_gupdate323232323232323232
-------\Service_gupdate32323232323232323232
-------\Service_gupdatem32
-------\Service_gupdatem3232
-------\Service_gupdatem323232
-------\Service_hidserv32
-------\Service_hidserv3232
-------\Service_hidserv323232
-------\Service_hidserv32323232
-------\Service_hidserv323232323232
-------\Service_hidserv3232323232323232
-------\Service_hidserv323232323232323232
-------\Service_hkmsvc32
-------\Service_HomeGroupListener32
-------\Service_HomeGroupListener3232
-------\Service_HomeGroupProvider32323232
-------\Service_HomeGroupProvider3232323232
-------\Service_hpqcxs083232
-------\Service_hpqcxs08323232
-------\Service_hpqddsvc32
-------\Service_hpqddsvc32323232
-------\Service_hpqddsvc3232323232
-------\Service_hpqddsvc323232323232
-------\Service_hpqddsvc32323232323232
-------\Service_hpqddsvc3232323232323232
-------\Service_idsvc32
-------\Service_idsvc3232
-------\Service_IKEEXT32
-------\Service_IKEEXT3232
-------\Service_IKEEXT323232
-------\Service_IKEEXT32323232
-------\Service_IKEEXT3232323232
-------\Service_IKEEXT323232323232
-------\Service_IKEEXT32323232323232
-------\Service_IPBusEnum32
-------\Service_iphlpsvc32
-------\Service_iphlpsvc3232
-------\Service_iPod Service32
-------\Service_iPod Service323232
-------\Service_iPod Service32323232
-------\Service_KeyIso32
-------\Service_KeyIso3232
-------\Service_KtmRm32
-------\Service_KtmRm3232
-------\Service_KtmRm3232323232
-------\Service_LanmanServer32
-------\Service_LanmanWorkstation32
-------\Service_LanmanWorkstation3232
-------\Service_LanmanWorkstation323232
-------\Service_LanmanWorkstation32323232
-------\Service_LanmanWorkstation3232323232
-------\Service_lltdsvc32
-------\Service_lltdsvc3232323232
-------\Service_lmhosts323232
-------\Service_lmhosts32323232
-------\Service_lmhosts3232323232
-------\Service_lmhosts323232323232
-------\Service_MBAMService3232
-------\Service_McAfee SiteAdvisor Service32
-------\Service_McAfee SiteAdvisor Service3232
-------\Service_McComponentHostService32
-------\Service_McComponentHostService3232
-------\Service_McComponentHostService323232
-------\Service_McMPFSvc32
-------\Service_McMPFSvc323232
-------\Service_McMPFSvc3232323232
-------\Service_McMPFSvc32323232323232
-------\Service_McMPFSvc3232323232323232
-------\Service_mcmscsvc32
-------\Service_mcmscsvc323232
-------\Service_McNaiAnn32
-------\Service_McNaiAnn3232
-------\Service_McNaiAnn323232
-------\Service_McNASvc32
-------\Service_McNASvc3232
-------\Service_McODS32
-------\Service_McODS3232
-------\Service_McODS323232
-------\Service_McODS32323232
-------\Service_McODS3232323232
-------\Service_McProxy32
-------\Service_McProxy3232
-------\Service_McProxy323232
-------\Service_McProxy32323232
-------\Service_McShield3232
-------\Service_McShield323232
-------\Service_Mcx2Svc323232
-------\Service_Mcx2Svc32323232
-------\Service_mfefire32
-------\Service_mfevtp323232
-------\Service_mfevtp32323232
-------\Service_mfevtp3232323232
-------\Service_MMCSS3232
-------\Service_MMCSS323232
-------\Service_MpsSvc32
-------\Service_MpsSvc3232
-------\Service_MpsSvc323232
-------\Service_MpsSvc32323232
-------\Service_MSDTC32
-------\Service_MSiSCSI32
-------\Service_MSiSCSI3232
-------\Service_MSiSCSI323232
-------\Service_msiserver32
-------\Service_msiserver3232
-------\Service_napagent32
-------\Service_napagent3232
-------\Service_napagent32323232
-------\Service_napagent3232323232
-------\Service_Net Driver HPZ123232
-------\Service_Netlogon32
-------\Service_Netman3232
-------\Service_Netman323232
-------\Service_Netman32323232
-------\Service_netprofm32
-------\Service_netprofm3232
-------\Service_NetTcpPortSharing32
-------\Service_NetTcpPortSharing3232
-------\Service_NetTcpPortSharing323232
-------\Service_NetTcpPortSharing32323232
-------\Service_NetTcpPortSharing3232323232
-------\Service_NetTcpPortSharing323232323232
-------\Service_NlaSvc32
-------\Service_NlaSvc3232
-------\Service_NlaSvc323232
-------\Service_Norton PC Checkup Application Launcher32
-------\Service_Norton PC Checkup Application Launcher3232
-------\Service_nsi32
-------\Service_nsi3232
-------\Service_nsi323232
-------\Service_ose32
-------\Service_ose3232
-------\Service_ose323232
-------\Service_ose32323232
-------\Service_ose3232323232
-------\Service_ose323232323232
-------\Service_ose32323232323232
-------\Service_osppsvc32
-------\Service_osppsvc3232
-------\Service_osppsvc323232
-------\Service_p2pimsvc3232
-------\Service_p2pimsvc323232
-------\Service_p2psvc32
-------\Service_p2psvc3232
-------\Service_p2psvc323232
-------\Service_PcaSvc32323232
-------\Service_PcaSvc3232323232
-------\Service_PCCUJobMgr32
-------\Service_PCCUJobMgr3232
-------\Service_PCCUJobMgr323232
-------\Service_PCCUJobMgr32323232
-------\Service_PCCUJobMgr3232323232
-------\Service_PerfHost32
-------\Service_PerfHost3232
-------\Service_PerfHost323232
-------\Service_pla32
-------\Service_pla3232
-------\Service_pla323232
-------\Service_pla3232323232
-------\Service_pla323232323232
-------\Service_pla32323232323232
-------\Service_PlugPlay32
-------\Service_PlugPlay323232
-------\Service_Pml Driver HPZ123232
-------\Service_Pml Driver HPZ12323232
-------\Service_Pml Driver HPZ1232323232
-------\Service_Pml Driver HPZ123232323232
-------\Service_Pml Driver HPZ12323232323232
-------\Service_Pml Driver HPZ1232323232323232
-------\Service_PNRPsvc32
-------\Service_PNRPsvc3232
-------\Service_PNRPsvc323232
-------\Service_PolicyAgent3232
-------\Service_PolicyAgent32323232
-------\Service_PolicyAgent3232323232
-------\Service_Power3232
-------\Service_Power323232
-------\Service_ProfSvc32
-------\Service_ProtectedStorage32
-------\Service_QWAVE32
-------\Service_QWAVE3232
-------\Service_QWAVE323232
-------\Service_QWAVE32323232
-------\Service_QWAVE3232323232
-------\Service_QWAVE323232323232
-------\Service_RasAuto32
-------\Service_RasAuto3232
-------\Service_RasAuto323232
-------\Service_RasMan32
-------\Service_RemoteAccess323232
-------\Service_RemoteAccess32323232
-------\Service_RemoteAccess3232323232
-------\Service_RemoteRegistry3232
-------\Service_RemoteRegistry323232
-------\Service_RemoteRegistry32323232
-------\Service_RemoteRegistry3232323232
-------\Service_RemoteRegistry323232323232
-------\Service_RpcEptMapper32
-------\Service_RpcEptMapper3232
-------\Service_RpcLocator3232
-------\Service_RpcLocator323232
-------\Service_RpcSs3232
-------\Service_RpcSs323232
-------\Service_SamSs32
-------\Service_SamSs3232
-------\Service_SamSs32323232
-------\Service_SCardSvr32
-------\Service_SCardSvr3232
-------\Service_SDRSVC3232
-------\Service_SDRSVC323232
-------\Service_SeaPort32
-------\Service_SeaPort3232
-------\Service_seclogon32
-------\Service_seclogon3232
-------\Service_seclogon32323232
-------\Service_seclogon3232323232
-------\Service_seclogon323232323232
-------\Service_SENS32
-------\Service_SENS323232
-------\Service_SENS32323232
-------\Service_SensrSvc3232
-------\Service_SessionEnv32
-------\Service_SessionEnv3232
-------\Service_SessionEnv323232
-------\Service_SharedAccess3232
-------\Service_SharedAccess323232
-------\Service_SharedAccess32323232
-------\Service_SharedAccess3232323232
-------\Service_SNMPTRAP32
-------\Service_SNMPTRAP3232
-------\Service_SNMPTRAP323232
-------\Service_SNMPTRAP3232323232
-------\Service_Spooler32
-------\Service_Spooler3232
-------\Service_Spooler323232
-------\Service_sppsvc32
-------\Service_sppsvc3232
-------\Service_sppsvc323232
-------\Service_sppuinotify32
-------\Service_SstpSvc32
-------\Service_SstpSvc3232
-------\Service_SstpSvc323232
-------\Service_stisvc32
-------\Service_stisvc3232323232
-------\Service_stisvc323232323232
-------\Service_stisvc32323232323232
-------\Service_stisvc32323232323232323232
-------\Service_swprv32
-------\Service_swprv3232
-------\Service_swprv323232
-------\Service_SysMain32
-------\Service_SysMain3232
-------\Service_TabletInputService32
-------\Service_TabletInputService3232
-------\Service_TabletInputService323232
-------\Service_TapiSrv32
-------\Service_TapiSrv32323232
-------\Service_TapiSrv3232323232
-------\Service_TapiSrv32323232323232
-------\Service_TapiSrv3232323232323232
-------\Service_TapiSrv323232323232323232
-------\Service_TapiSrv32323232323232323232
-------\Service_TBS3232323232
-------\Service_TBS323232323232
-------\Service_TermService32
-------\Service_TermService3232
-------\Service_Themes32
-------\Service_THREADORDER32
-------\Service_THREADORDER323232
-------\Service_TMachInfo32
-------\Service_TMachInfo3232
-------\Service_TMachInfo323232
-------\Service_TODDSrv32
-------\Service_TODDSrv3232
-------\Service_TODDSrv323232
-------\Service_TODDSrv32323232
-------\Service_TosCoSrv32
-------\Service_TosCoSrv323232
-------\Service_TosCoSrv32323232
-------\Service_TosCoSrv3232323232
-------\Service_TosCoSrv323232323232
-------\Service_TOSHIBA eco Utility Service323232
-------\Service_TOSHIBA HDD SSD Alert Service32
-------\Service_TOSHIBA HDD SSD Alert Service3232
-------\Service_TOSHIBA HDD SSD Alert Service323232
-------\Service_TOSHIBA HDD SSD Alert Service32323232
-------\Service_TOSHIBA HDD SSD Alert Service3232323232
-------\Service_TPCHSrv32
-------\Service_TrkWks32
-------\Service_TrkWks3232
-------\Service_TrkWks323232
-------\Service_TrkWks32323232
-------\Service_TrustedInstaller32
-------\Service_TrustedInstaller323232
-------\Service_TrustedInstaller32323232
-------\Service_UI0Detect32
-------\Service_UI0Detect3232
-------\Service_UI0Detect323232
-------\Service_UI0Detect32323232
-------\Service_upnphost32
-------\Service_UxSms32
-------\Service_UxSms3232
-------\Service_VaultSvc323232
-------\Service_vds32
-------\Service_W32Time32
-------\Service_WatAdminSvc32
-------\Service_WatAdminSvc3232
-------\Service_WatAdminSvc32323232
-------\Service_wbengine32
-------\Service_WbioSrvc32
-------\Service_WbioSrvc3232
-------\Service_WbioSrvc323232
-------\Service_WbioSrvc32323232
-------\Service_WbioSrvc3232323232
-------\Service_wcncsvc32
-------\Service_wcncsvc3232
-------\Service_WdiSystemHost3232
-------\Service_WdiSystemHost323232
-------\Service_WdiSystemHost32323232
-------\Service_WebClient32
-------\Service_WebClient3232
-------\Service_Wecsvc32
-------\Service_Wecsvc32323232
-------\Service_Wecsvc3232323232
-------\Service_WinDefend3232
-------\Service_WinDefend323232
-------\Service_WinDefend3232323232
-------\Service_WinDefend32323232323232
-------\Service_WinHttpAutoProxySvc32
-------\Service_WinHttpAutoProxySvc3232
-------\Service_WinHttpAutoProxySvc323232
-------\Service_WinHttpAutoProxySvc32323232
-------\Service_WinHttpAutoProxySvc32323232323232323232
-------\Service_WinHttpAutoProxySvc323232323232323232323232
-------\Service_WinHttpAutoProxySvc32323232323232323232323232
-------\Service_Winmgmt32
-------\Service_Winmgmt3232
-------\Service_Wlansvc32
-------\Service_Wlansvc3232
-------\Service_wlcrasvc32
-------\Service_wlidsvc32
-------\Service_wlidsvc3232
-------\Service_wmiApSrv3232
-------\Service_WMPNetworkSvc32
-------\Service_WMPNetworkSvc3232
-------\Service_WMPNetworkSvc323232
-------\Service_WPCSvc3232
-------\Service_WPCSvc323232
-------\Service_WPCSvc32323232
-------\Service_WPCSvc3232323232
-------\Service_WPCSvc323232323232
-------\Service_WPCSvc32323232323232
-------\Service_WPCSvc3232323232323232
-------\Service_WPDBusEnum3232
-------\Service_WPDBusEnum323232
-------\Service_WPDBusEnum32323232
-------\Service_wscsvc32
-------\Service_wscsvc3232
-------\Service_wscsvc323232
-------\Service_WSearch3232
-------\Service_wuauserv3232
-------\Service_wuauserv323232
-------\Service_wuauserv32323232
-------\Service_wuauserv3232323232
-------\Service_wuauserv323232323232
-------\Service_wudfsvc32
-------\Service_wudfsvc3232
-------\Service_wudfsvc3232323232
-------\Service_WwanSvc32
-------\Service_WwanSvc3232
-------\Service_WwanSvc32323232
-------\Service_WwanSvc3232323232
-------\Service_WwanSvc323232323232
.
.
((((((((((((((((((((((((( Files Created from 2011-09-01 to 2011-10-01 )))))))))))))))))))))))))))))))
.
.
2011-10-01 23:50 . 2011-10-01 23:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-01 23:50 . 2011-10-01 23:50 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-09-25 14:16 . 2011-09-25 14:16 -------- d-----w- c:\programdata\MemeoCommon
2011-09-25 14:10 . 2011-09-25 14:12 -------- d-----w- c:\users\Sally\AppData\Roaming\Memeo
2011-09-25 14:10 . 2011-09-25 14:10 -------- d-----w- c:\users\Sally\AppData\Roaming\Seagate
2011-09-25 14:08 . 2011-09-25 14:09 -------- d-----w- c:\program files (x86)\Common Files\Memeo
2011-09-25 14:08 . 2011-09-25 14:09 -------- d-----w- c:\program files (x86)\Memeo
2011-09-25 14:05 . 2011-09-25 14:07 -------- d-----w- c:\program files (x86)\Seagate
2011-09-25 14:03 . 2011-09-25 14:03 -------- d-----w- c:\users\Sally\AppData\Roaming\Leadertech
2011-09-20 01:05 . 2011-10-01 23:23 19416 ----a-w- c:\program files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2011-09-20 01:05 . 2011-10-01 23:23 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-09-20 01:05 . 2011-10-01 23:23 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-09-20 01:05 . 2011-10-01 23:23 125912 ----a-w- c:\program files (x86)\Mozilla Firefox\crashreporter.exe
2011-09-20 01:05 . 2011-10-01 23:23 924632 ----a-w- c:\program files (x86)\Mozilla Firefox\firefox.exe
2011-09-20 01:05 . 2011-10-01 23:23 269272 ----a-w- c:\program files (x86)\Mozilla Firefox\freebl3.dll
2011-09-20 01:05 . 2011-10-01 23:23 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-09-20 01:05 . 2011-10-01 23:23 719832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozcpp19.dll
2011-09-20 01:05 . 2011-10-01 23:23 478168 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-09-20 01:05 . 2011-10-01 23:23 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-09-20 01:05 . 2011-10-01 23:23 715736 ----a-w- c:\program files (x86)\Mozilla Firefox\mozcrt19.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 21:00 . 2011-08-23 01:05 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-20 06:02 . 2011-05-21 00:32 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 05:35 . 2011-08-09 23:22 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 04:56 . 2011-08-09 23:22 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:26 . 2011-08-09 23:30 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:26 . 2011-08-09 23:30 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:26 . 2011-08-09 23:30 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:26 . 2011-08-09 23:30 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 05:24 . 2011-08-09 23:30 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:21 . 2011-08-09 23:30 422400 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:17 . 2011-08-09 23:30 338432 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 05:04 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:36 . 2011-08-09 23:30 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:32 . 2011-08-09 23:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:31 . 2011-08-09 23:30 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:30 . 2011-08-09 23:30 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:30 . 2011-08-09 23:30 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:19 . 2011-08-09 23:30 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:26 . 2011-08-09 23:30 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:26 . 2011-08-09 23:30 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:21 . 2011-08-09 23:30 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-09 23:30 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-09 23:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21 . 2011-08-09 23:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:14 . 2011-08-23 21:12 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 04:30 . 2011-08-23 21:12 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-07-09 02:44 . 2011-08-09 23:30 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-24_22.51.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-25 01:00 . 2011-10-01 23:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-25 01:00 . 2011-09-24 22:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-25 01:00 . 2011-10-01 23:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-11-25 01:00 . 2011-09-24 22:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-24 23:39 . 2011-09-24 23:39 10240 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\ed59e15a2a29d02c59dc383215cc85fc\System.Xml.Serialization.ni.dll
+ 2011-09-24 23:39 . 2011-09-24 23:39 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\1a9bcef8abe20b3c0d53c535d680350f\System.Windows.Presentation.ni.dll
+ 2011-09-24 23:38 . 2011-09-24 23:38 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\0ee56d53077b281408cbf186e80ab175\System.Web.ApplicationServices.ni.dll
+ 2011-10-01 23:52 . 2011-10-01 23:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-09-24 22:50 . 2011-09-24 22:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-01 23:52 . 2011-10-01 23:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-24 22:50 . 2011-09-24 22:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2011-10-01 23:51 230148 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-09-24 22:49 230148 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-12-18 01:35 . 2011-09-24 22:49 688876 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-741467842-3624285276-3951911184-1000-8192.dat
+ 2010-12-18 01:35 . 2011-10-01 23:51 688876 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-741467842-3624285276-3951911184-1000-8192.dat
+ 2011-09-24 23:39 . 2011-09-24 23:39 336896 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\d3536aadcda3bf1628fd5cb912f0d4df\WindowsFormsIntegration.ni.dll
+ 2011-09-24 23:39 . 2011-09-24 23:39 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\cd62d82bb2e0ebe93c68c701a281d204\UIAutomationClient.ni.dll
+ 2011-09-24 23:38 . 2011-09-24 23:38 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\41a328f3f1e01dd6d6c45ec27dfb8d12\System.ServiceProcess.ni.dll
+ 2011-09-24 23:38 . 2011-09-24 23:38 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\8a3044d7b76d748396c01aec083a1b01\System.ServiceModel.Routing.ni.dll
+ 2011-09-24 23:38 . 2011-09-24 23:38 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\4288f4e2ad790e4510344567c092ca68\System.ServiceModel.Channels.ni.dll
+ 2006-12-02 11:09 . 2006-12-02 11:09 2818048 c:\windows\Installer\3472275.msi
+ 2011-09-24 23:39 . 2011-09-24 23:39 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\d14a6bf514550fdc219f580348599c58\UIAutomationClientsideProviders.ni.dll
+ 2011-09-24 23:39 . 2011-09-24 23:39 5627904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\b346685f479e27aadce1793789333bfb\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-09-24 23:38 . 2011-09-24 23:38 2236416 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\4ee71342f3eadce770c5b227e0e72015\System.Web.Services.ni.dll
+ 2011-09-24 23:38 . 2011-09-24 23:38 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\7211feffc35222c34e5d6b9e97f1c009\System.Speech.ni.dll
+ 2011-09-24 23:38 . 2011-09-24 23:38 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\e449cb587c51f7bec5fcff8964844151\System.ServiceModel.Activities.ni.dll
+ 2011-09-24 23:38 . 2011-09-24 23:38 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\5af78d8b92c4a0b7f90dd99a8742c565\System.ServiceModel.Discovery.ni.dll
+ 2011-09-24 23:37 . 2011-09-24 23:37 24551936 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\48ed28e415c976c7adfb2c5ceeaeedb2\System.ServiceModel.ni.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-05-28 95800]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-04-18 15146376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-06-03 3218792]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-06-11 552960]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1486392]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416]
"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]
"Memeo Send"="c:\program files (x86)\Memeo\Memeo Send\MemeoLauncher.exe" [2009-11-05 236816]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
2;2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2011-06-08 123320]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2011-08-10 102608]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-23 25824]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 01:28]
.
2011-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 01:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF1214.3XE" [2009-07-14 344576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\q0i65whz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-741467842-3624285276-3951911184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-741467842-3624285276-3951911184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2011-10-01 20:01:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-02 00:01
ComboFix2.txt 2011-09-24 22:59
.
Pre-Run: 334,131,036,160 bytes free
Post-Run: 333,864,660,992 bytes free
.
- - End Of File - - 5F6FE68DACA94E661670BB88348CACD1

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,299 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:00 AM

Posted 01 October 2011 - 08:32 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.3

and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]
Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 sally1987

sally1987
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 02 October 2011 - 06:27 PM

1.
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7849

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/2/2011 6:54:55 PM
mbam-log-2011-10-02 (18-54-55).txt

Scan type: Quick scan
Objects scanned: 197556
Time elapsed: 3 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



2.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:05:18 PM, on 10/2/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files (x86)\Memeo\Memeo Send\MemeoSend.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110516232525.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
O4 - HKLM\..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
O4 - HKLM\..\Run: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent
O4 - HKLM\..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14597 bytes

3.I had to run Hijack this as an administrator, but no other problems.

4. Computer seems fine. Seems like its' running a little faster than before.

I looked to see what P2P programs I could uninstall, but I wasn't sure what to remove. Will the programs be removed by Hijack this?

Thank you!!!!

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,299 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:00 AM

Posted 03 October 2011 - 12:33 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded startup entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
      O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
      O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
      O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
      O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brakets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]



If you have any problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 sally1987

sally1987
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 04 October 2011 - 05:57 AM

C:\Qoobox\Quarantine\C\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\q0i65whz.default\extensions\{a86fb589-7933-43fd-bf36-9143b5a5f248}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\q0i65whz.default\extensions\{a86fb589-7933-43fd-bf36-9143b5a5f248}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Users\Sally\AppData\Local\Google\Chrome\User Data\Default\Default\koopcfnpnljpambkogmcncngpkffmkdg\contentscript.js Win32/TrojanDownloader.Tracur.F trojan

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,299 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:00 AM

Posted 04 October 2011 - 11:18 AM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Users\Sally\AppData\Local\Google\Chrome\User Data\Default\Default\koopcfnpnljpambkogmcncngpkffmkdg\contentscript.js"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 sally1987

sally1987
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 04 October 2011 - 06:00 PM

Thank you for all your help!

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,299 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:00 AM

Posted 04 October 2011 - 09:26 PM

you are most welcome


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,299 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:00 AM

Posted 07 October 2011 - 12:27 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users